Phishing Scams on LinkedIn
How fraudsters use LinkedIn's professional context — fake job offers, connection requests, and InMail — to harvest credentials, deliver malware, and commit financial fraud.
Part of: Phishing
Last reviewed: 1 June 2026
LinkedIn users are more likely than on most platforms to click a link from a stranger, because professional networking involves exactly that. Scammers exploit this openness: a job offer, a request to review a document, or a message from a 'recruiter' can be a delivery vehicle for credential-harvesting pages or malware.
Because LinkedIn profiles contain rich professional data — employer, role, email patterns — phishing messages can be unusually well-tailored, referencing your actual employer, recent job activity, or listed skills.
How this scam works on LinkedIn
Typical attacks include a fake recruiter who sends a lucrative job description as a PDF or link — the file contains malware or the link leads to a Microsoft 365 lookalike login page. Another vector is a connection request followed by an InMail asking you to review a 'shared document' on a spoofed OneDrive or Google Drive page that requests your credentials.
Larger campaigns sometimes impersonate LinkedIn's own notification emails, telling you that your profile appeared in X searches this week and inviting you to click 'See who viewed your profile' — a link to a phishing form. Because LinkedIn email addresses often follow predictable formats, stolen credentials are then used for credential-stuffing attacks on corporate systems.
Common red flags
- Job offer that arrives unsolicited with a salary far above market rate
- Recruiter who asks you to download a file or click a link before any voice or video conversation
- Link that leads to a login page for Microsoft, Google, or LinkedIn but the URL is not the official domain
- Request to 'verify your identity' on a third-party form to proceed with an application
- Connection request from an account with a very new join date and minimal connections
How to protect yourself
- Enable two-factor authentication on your LinkedIn account
- Verify any recruiter's identity by looking up the company on its official website and calling HR
- Never download attachments from unknown connections without scanning them first
- Check the exact URL of any login page before entering credentials
- Review LinkedIn's 'Active status' on third-party apps you have connected
How to report it
- Report the profile or message inside LinkedIn using the '...' menu > Report
- If corporate credentials were compromised, alert your IT security team immediately
- Report to your national cybercrime agency with screenshots of the messages
Frequently asked questions
How do I tell a real LinkedIn job offer from a phishing attempt sent via InMail?
Legitimate recruiters typically have a consistent, verifiable employment history and connections at the company they claim to represent — check their profile for these signs, and independently verify the job opening exists on the actual company's careers page rather than only through the InMail message. Be especially cautious of offers requiring you to download an attachment or click a link to "complete an application."
I accepted a connection request and then got a link to a document — could that be malware?
Yes — unsolicited connection requests followed quickly by a link or file to open are a common LinkedIn phishing pattern, and the file or link may install malware or lead to a fake login page designed to steal your credentials. Don't open attachments or click links from new connections you can't independently verify, and scan any downloaded file before opening it if you're unsure.
What should I do if I think I gave my LinkedIn credentials to a fake login page?
Go directly to linkedin.com (typed manually) and change your password immediately, then check your account's active sessions and connected apps for anything unfamiliar. Enable two-factor authentication, and report the phishing message or profile to LinkedIn so it can be investigated.
Why is LinkedIn used for phishing if it is a professional network?
The professional context lowers guard — people expect to receive links and attachments from recruiters and colleagues. Scammers also benefit from LinkedIn's rich profile data, which lets them personalise attacks in ways that feel credible.