Account Takeover Scams on LinkedIn
LinkedIn accounts are compromised through phishing and credential stuffing, then used to conduct fraud against the victim's professional network.
Part of: Account Takeover Scams
Last reviewed: 1 June 2026
A compromised LinkedIn account is more valuable to a criminal than accounts on many other platforms. The professional network built over years carries implicit trust: when a hijacked account contacts a victim's colleagues with an investment pitch or a request for a favour, the professional relationship makes recipients more likely to comply before verifying.
LinkedIn account takeover typically originates with credential phishing, credential stuffing from leaked databases, or weak password reuse. Once an attacker has access, they mine the network for valuable contacts and begin posting fraudulent content or sending direct messages under the victim's identity.
How this scam works on LinkedIn
After taking over an account, a criminal may send connection requests to expand the professional network, then pivot to investment or romance fraud under the trusted identity. They may also post scam articles or job listings using the victim's professional credibility. Some attackers immediately change the account's recovery email and phone, locking the real owner out.
For high-value targets, attackers may access the account silently for weeks, reading messages and gathering intelligence about the victim's organisation before deploying the access.
Common red flags
- Notifications of LinkedIn account changes you did not make
- Colleagues report receiving unexpected messages from your account
- Unexpected password-reset request you did not initiate
- Login notifications from unrecognised locations or devices
- Inability to access your account despite correct credentials
How to protect yourself
- Enable two-step verification on LinkedIn immediately
- Use a unique, strong password for your LinkedIn account
- Regularly review your account's active sessions and remove unrecognised devices
- If your account is compromised, use LinkedIn's account-recovery process and notify your network
How to report it
- Report account compromise to LinkedIn via the help centre account-recovery process
- Notify your connections that your account may have been used to send fraudulent messages
- Report to your national cyber authority
Frequently asked questions
What should I do first if my LinkedIn account is taken over?
Use LinkedIn's account-recovery process immediately from a separate device. If you regain access, change your password, enable two-step verification, review active sessions, and post a public notice to your network warning about fraudulent messages sent from your account.