LinkedIn phishing emails: How to spot and avoid them

What is a LinkedIn phishing email?

A LinkedIn phishing email is a fraudulent email message designed to look like an official LinkedIn notification. These emails usually contain a link to a website that looks like a LinkedIn login page, but is actually a phishing site.

If you enter your LinkedIn login details on this site, they’ll go to the scammer that created it. They can use your login information to compromise your account and even impersonate you online. Many phishing sites also contain automatic malware downloads, which can damage your system and steal even more of your data. 

LinkedIn phishing emails are just one type of phishing attack. Phishing is a broad category of social engineering attacks in which the scammer pretends to be a trusted contact, then exploits that trust to steal your sensitive data. 

Why is LinkedIn a target for phishing?

There are a few reasons why LinkedIn is such a popular target for phishing attacks and other forms of social engineering. Here’s what’s causing this alarming trend:

• LinkedIn has a huge user base of over 1 billion members, which gives scammers a huge pool of people to target. 
• Since LinkedIn is a professional networking site, there’s an inherent trust between users that doesn’t exist on other social networking platforms. LinkedIn users expect to receive messages from people they don’t know, such as recruiters and potential business partners. Because of this, they may be less vigilant when responding to messages. 
• LinkedIn frequently sends emails to its users. The platform sends out updates about connection requests, job alerts, and profile views, so users often get multiple emails each day. This makes fake emails much harder for users to spot. 
• LinkedIn profiles contain extensive information about each user’s job history, education, and skill sets. Many users also make their profiles public so recruiters can find them. Scammers use this information to craft highly targeted messages that are more likely to trick users. 

Common types of LinkedIn phishing emails

LinkedIn scammers are often very creative when developing phishing emails, and if you’re not paying close attention, you might miss them. Here are some of the most common types of LinkedIn phishing messages. 

Fake connection requests

Many scammers send emails that look like LinkedIn connection request notifications. They’ll prompt you to click a button to view the notification on LinkedIn, then take you to a fake login page where they’ll steal your credentials. 

These emails and websites might look legitimate at first glance, as they use LinkedIn’s logo, colors, fonts, and other brand elements. However, if you look at the sender’s address, it won’t be from @linkedin.com, and the URL on the login page will be a non-LinkedIn domain. Additionally, the description of the user’s profile may seem generic and even contain fake images. 

Some scammers will also create fake profiles on LinkedIn to run more complex types of phishing scams. They’ll send you a real connection request on LinkedIn, and once you accept, they’ll send you messages asking you to send them money or share your personal information. 

Fake job offers

Another one of the most common LinkedIn scams is a fake job offer. The scammer will email you claiming to be a recruiter and offer you a high-paying remote job. 

These offers are usually too good to be true: the jobs have high salaries, flexible working hours, and don’t require prior experience or specialized skills. The message will ask you to click a link, which takes you to a form asking you to enter personal information. This could include your address, bank account information, or even your Social Security number, putting you at risk of identity theft. 

Many of these scams will ask you to pay a fee for an initial “background check”. They might also ask you to buy a new work laptop from a specific site, then offer to send you the money later via a check. When you get the check, it bounces, leaving you responsible for the cost of the device. Legitimate job offers will almost never require you to spend money upfront. 

In these messages, scammers will use a sense of urgency to get you to act quickly. For example, they might say you only have 12 hours to accept the offer. If you get one of these messages, don’t panic or take the bait. 

Account verification scams

Account verification scams are very common on LinkedIn, as scammers can set them up with minimal effort. The scammer will send you an email saying that your LinkedIn account has been suspended or needs to be verified. They might also ask you to reset your password. 

The email will contain a link to a fake LinkedIn login and verification page. If you enter your credentials, the scammer will use that information to compromise your LinkedIn account. 

With these scams, the hacker will often use spoofing techniques to disguise their real email address. However, when you click the link in the email, you’ll be taken to a website that does not have a LinkedIn domain. 

It’s important to note that LinkedIn will usually not ask you to reset your password randomly or require you to provide identity verification via email. If you get a message from LinkedIn asking for sensitive personal information, check to make sure it’s not a scam before proceeding. 

InMail phishing messages

Not all LinkedIn phishing scams happen via email. Many scammers also use InMail, LinkedIn’s in-app messaging system. 

To do this, the scammer will either create an account with a fake name and identity or compromise the account of an existing user. Then, they’ll send messages to their connections with phishing links. 

These social media scams often involve scammers posing as recruiters or potential business partners. They contain links to Google Docs or shared files with malicious content, and often ask for sensitive personal information. Since many legitimate recruiters use LinkedIn to find job candidates, it can be difficult for users to tell whether these messages are real or fake. 

How to spot a fake LinkedIn email

Here are some tell-tale signs of a LinkedIn email scam and how to differentiate them from legitimate LinkedIn emails. 

Check the sender’s email address

LinkedIn phishing emails will come from an address that doesn’t use an official linkedin.com domain. Many scammers will use lookalike domains, such as @linkediln.com or @linkedincontact.net, hoping that you won’t notice that the domain isn’t legitimate. In some cases, scammers won’t even try to disguise their email address, so it will come from a random domain. 

Legitimate LinkedIn emails come from addresses like messages-noreply@linkedin.com, invitations@linkedin.com, notifications-noreply@linkedin.com, or security-noreply@linkedin.com. All legitimate LinkedIn emails will use the official @linkedin.com domain. 

Before you interact with or respond to a LinkedIn email, check the sender’s email address to make sure it’s legitimate. Scam emails will say they come from LinkedIn, but the email address will be fake. To inspect the sender’s email address in Gmail, Outlook, or other popular email clients, open the message and hover over the sender’s name. 

Look for grammar mistakes and urgency

Phishing emails often contain spelling and grammar errors or awkward phrasing. Legitimate LinkedIn emails are well-formatted, use correct spelling and grammar, and are written in a professional tone. If you notice a LinkedIn email is full of spelling or grammar mistakes, don’t engage with it, as it’s likely a scam. 

When writing phishing emails, scammers will also use bold, urgent language to elicit an emotional response and get you to act quickly without thinking things through. Common phishing email examples include language like “Your account will be suspended in 24 hours,” or “Immediate action required.” Avoid responding right away to any LinkedIn email, even if it seems urgent. Instead, check to make sure it’s legitimate first. 

Hover over links before clicking

Clicking on a link in a phishing message could take you to a dangerous website designed to steal your personal information and distribute malware. To avoid this, always check the links in an email message before clicking on them. 

To do this, hover over the link address or button, but don’t click on it. This will bring up a preview of the destination URL, and it’s one of the simplest strategies for phishing detection. If it’s legitimate, the link will send you to a site with a linkedin.com domain. If it’s a phishing message, it will send you to an unrelated or suspicious URL. 

You can also use a link checker to determine whether a site is safe to visit. Put the URL directly in the link checker and it will tell you whether it’s safe to visit or whether you should avoid it. 

Verify through the LinkedIn app directly

Many LinkedIn phishing emails will say that you have a new connection request, InMail message, or even a job offer waiting for you on the platform. If that’s the case, don’t click on the link in the email. 

Instead, open the LinkedIn app or visit the official website in your browser. Check your messages and notifications. If there’s not a matching notification on your LinkedIn account, the email was fake and you should ignore it. 

What to do if you receive a LinkedIn phishing email 

If you receive a LinkedIn phishing email, don’t click on any links or engage with the scammer. Instead, report the message to LinkedIn so they can take action. This can help prevent scammers from targeting other unsuspecting users. 

How do I report phishing to LinkedIn? 

To report phishing, forward the suspicious email to phishing@linkedin.com. Their team will take action to block the scammer from sending messages in the future. 

After you forward the email, move it to the spam folder in your inbox so you don’t accidentally click on it in the future. Some email clients also give you the option to report phishing and block future messages from the same sender. 

If you’ve just opened a phishing email, don’t panic. Just opening the email won’t put your account or personal information at risk. However, if you’ve already clicked on a link in the phishing email or entered sensitive information on a phishing site, change your LinkedIn password immediately. 

Then, enable two-factor authentication in your LinkedIn settings. This requires you to enter a one-time passcode sent to your phone or email every time you log into LinkedIn. This way, even if your password is compromised in the future, scammers still won’t be able to access your account. 

What happens if I click on a phishing email link?

If you’ve clicked on a phishing link, don’t panic just yet. You can take some steps to re-secure your account. 

Start by changing your LinkedIn password and enabling two-factor authentication on your account. If you use the same password for any other online accounts, change that password as well. Your new passwords should be strong passwords with a combination of uppercase and lowercase letters, numbers, and symbols that are difficult for hackers to guess. 

Then, scan your device for any malware downloads. This step is particularly important if you visited any phishing websites. Then, review your LinkedIn account and look for any unauthorized changes. If your account or device has been damaged, take steps to correct and re-secure them. 

If you clicked on a phishing link, it’s important to take action right away. If you wait even a day, the hacker could lock you out of your LinkedIn account and use it to scam even more people. They could also access even more of your personal information and use it for identity theft. 

After you’ve re-secured your accounts, continue to monitor your email and your bank account for any suspicious activity. If you have any financial information connected to your LinkedIn account, you may want to contact your bank and set up alerts to help you avoid identity theft. 

How to protect yourself from LinkedIn phishing 

LinkedIn phishing scams can be devastating, but there are steps you can take to protect yourself. Here’s how to stay safe. 

• Use strong, unique passwords on all of your accounts. It may be helpful to use a password manager to generate and store strong passwords. 
• Enable two-factor authentication on all of your accounts. This way, if your password is compromised, the hacker still won’t be able to get into your account. 
• Be wary of unsolicited connection requests. Check the user’s profile to make sure they’re a legitimate recruiter or business contact before accepting. 
• Use the SLAM method to assess whether an email is real or a phishing scam. SLAM stands for Sender, Links, Attachments, and Message. 
• Browse in LinkedIn private mode. When you browse using this mode, other users won’t be able to see any of your information when you view their profile. This makes you less visible to people you don’t know. 
• Use security software, such as NordVPN’s anti-phishing solution.