Reports of a new LinkedIn phishing scam have emerged, stating that malicious actors are leaving comments on posts posing as the platform LinkedIn itself. These comments assert that the target’s account has been restricted due to policy violations and prompts them to click a link in order to submit an appeal. The scam comments are reportedly convincing, looking almost identical to legitimate comments from the platform.

“This phishing campaign illustrates how social engineering is evolving to blend seamlessly into trusted platforms,” says Shane Barney, Chief Information Security Officer at Keeper Security. “By posting fake policy violation notices directly in LinkedIn comment threads, attackers exploit users’ expectations about how platform moderation works. The use of LinkedIn-style language, impersonated company pages and even lnkd.in short links makes these messages appear legitimate at a glance.” 

Involvement of AI

Artificial intelligence (AI) could be a key component of the scheme’s effectiveness. 

“Although LinkedIn’s process for creating a company page, especially one that appears to be LinkedIn itself, was not previously easy to abuse at scale, the proper application of AI now makes it possible,” says Max Gannon, Cyber Intelligence Team Manager at Cofense. “When integrated with the contact methods used in this campaign, it could allow threat actors to quickly deploy large scale campaigns that spoof LinkedIn and abuse legitimate infrastructure.” 

Once the link is clicked, users are directed to a fraudulent, convincing verification page that harvests credentials. 

“What makes this especially effective is scale, AI-driven automation allows threat actors to flood comment sections faster than manual moderation can respond,” says Kern Smith, Senior Vice President of Global Solutions Engineering at Zimperium. 

This scheme shows that as AI accelerates and elevates phishing schemes and other cyber threats, organizations will need to evolve alongside them to stay secure. 

“As threat actors increasingly use AI and emerging automated methods, legitimate companies like LinkedIn will need stronger verification and validation controls to prevent abuse of their services and protect brand trust,” says Gannon. 

Widespread Implications

This phishing scam could hold greater implications than a singular, contained issue limited to LinkedIn’s platform. 

Chance Caldwell, Senior Director of the Phishing Defense Center at Cofense, explains, “This new LinkedIn phishing campaign highlights a troubling evolution in social engineering tactics, where attackers embed themselves directly into trusted digital spaces and exploit user trust by mimicking legitimate communications. By posting comments that appear to come from LinkedIn complete with official branding and even legitimate URL shorteners like lnkd.in, the threat actors are able to earn trust from users and divert them to malicious phishing activity.” 

Although this scheme targets LinkedIn, other platforms are not exempt from similar threats. Last year, YouTube faced a sophisticated phishing campaign in which Neal Mohan, CEO of YouTube, was replicated by a deepfake impersonation to target content creators with credential stealing schemes or malware installations. 

Caldwell notes, “This activity is not unique to LinkedIn and we will continue to see it across all social media platforms with the rise of AI allowing thousands of these fake comments able to be posted in a small amount of time. Facebook in particular is being used often to redirect users to phishing webpages. It will be up to the Social Media giants to continue advancing their comment/post monitoring to capture and remove as many of these malicious posts within a short amount of time before users interact with them. Individuals will also need to be aware of these tactics and only interact with posts that they can verify as legitimate.” 

What Risks Do Campaigns Like This Present? 

“The true danger of phishing schemes like this lies in their ability to grant attackers access to credentials, enabling them to masquerade as trusted insiders,” says Rex Booth, Chief Information Security Officer at SailPoint. “We’ve been waiting for this offensive disruption from AI for a while now. Attacks like this at scale and superhuman speed are the most obvious first step. Fortunately, this campaign still requires human intervention to execute. The scarier scenario is when adversary AI starts running rampant through your enterprise without the need for action by the victim.” 

The loss of an individual’s credentials isn’t the only thing at stake, in campaigns like these. In some instances, malicious actors can leverage their access to explore systems and expand influence. 

Booth explains, “Adversaries often begin by compromising low-privileged accounts, using them as a foothold to quietly observe systems, map out processes, and identify vulnerabilities. Over time, they escalate privileges or move laterally, positioning themselves to impersonate legitimate users, authorize fraudulent transactions, or disrupt operations. The real damage isn’t just in the initial breach. It’s in the silent, calculated exploitation of compromised identities that can go undetected for weeks or even months. Organizations must act now to close these gaps before attackers exploit them.” 

The Evolution of Phishing 

Phishing has been a go-to technique for malicious actors in recent years and is consistently evolving, with fresh tactics often emerging — such as QR code phishing (quishing). 

Additionally, social media has become an easy gateway for cybercriminals to exploit, whether by spoofing popular social platforms or leveraging memes for malicious activity. 

The recent LinkedIn campaign is yet another example of the advancement and sophistication modern phishing threats present, serving as a reminder that cyber threats never stay stagnant. 

“This campaign shows how phishing has evolved beyond email and into trusted social platforms,” Smith concludes.