As reported by Bleeping Computer, scammers are currently flooding LinkedIn posts with fake "reply" comments designed to impersonate the platform and trick users into visiting malicious external links. These deceptive messages warn users of bogus policy violations, aiming to exploit trust in LinkedIn's branding.The phishing campaign involves bot-like profiles creating comments that falsely claim users have violated LinkedIn's policies and that their accounts are temporarily restricted. These comments often mimic LinkedIn's official branding and, in some instances, utilize the lnkd.in URL shortener to mask the true destination of the phishing links. The fake comments urge users to click a link to resolve the supposed issue. Upon clicking, users are directed to a series of phishing sites, such as very1929412.netlify[.]app, which then prompt them to "verify their identity" on another domain, very128918[.]site, where their credentials are harvested. The fake comments are being posted from imposter company pages, often using variations of the LinkedIn name.LinkedIn has confirmed awareness of the campaign and is actively working to address it, emphasizing that they do not communicate policy violations via public comments. This incident highlights the growing sophistication of phishing attacks, where scammers leverage legitimate platform features and branding to deceive users. It serves as a critical reminder for all users to remain vigilant, scrutinize unexpected messages, and avoid clicking on suspicious links, especially those urging immediate action or account verification.Source: Bleeping Computer
