Phishing Scams on LinkedIn
How fraudsters use LinkedIn's professional context — fake job offers, connection requests, and InMail — to harvest credentials, deliver malware, and commit financial fraud.
Part of: Phishing
Last reviewed: 1 June 2026
LinkedIn users are more likely than on most platforms to click a link from a stranger, because professional networking involves exactly that. Scammers exploit this openness: a job offer, a request to review a document, or a message from a 'recruiter' can be a delivery vehicle for credential-harvesting pages or malware.
Because LinkedIn profiles contain rich professional data — employer, role, email patterns — phishing messages can be unusually well-tailored, referencing your actual employer, recent job activity, or listed skills.
How this scam works on LinkedIn
Typical attacks include a fake recruiter who sends a lucrative job description as a PDF or link — the file contains malware or the link leads to a Microsoft 365 lookalike login page. Another vector is a connection request followed by an InMail asking you to review a 'shared document' on a spoofed OneDrive or Google Drive page that requests your credentials.
Larger campaigns sometimes impersonate LinkedIn's own notification emails, telling you that your profile appeared in X searches this week and inviting you to click 'See who viewed your profile' — a link to a phishing form. Because LinkedIn email addresses often follow predictable formats, stolen credentials are then used for credential-stuffing attacks on corporate systems.
Common red flags
- Job offer that arrives unsolicited with a salary far above market rate
- Recruiter who asks you to download a file or click a link before any voice or video conversation
- Link that leads to a login page for Microsoft, Google, or LinkedIn but the URL is not the official domain
- Request to 'verify your identity' on a third-party form to proceed with an application
- Connection request from an account with a very new join date and minimal connections
How to protect yourself
- Enable two-factor authentication on your LinkedIn account
- Verify any recruiter's identity by looking up the company on its official website and calling HR
- Never download attachments from unknown connections without scanning them first
- Check the exact URL of any login page before entering credentials
- Review LinkedIn's 'Active status' on third-party apps you have connected
How to report it
- Report the profile or message inside LinkedIn using the '...' menu > Report
- If corporate credentials were compromised, alert your IT security team immediately
- Report to your national cybercrime agency with screenshots of the messages
Frequently asked questions
Why is LinkedIn used for phishing if it is a professional network?
The professional context lowers guard — people expect to receive links and attachments from recruiters and colleagues. Scammers also benefit from LinkedIn's rich profile data, which lets them personalise attacks in ways that feel credible.