14.01.2026
2 min
343
A new phishing campaign has emerged on LinkedIn, where attackers post fraudulent comments directly under users’ posts, posing as automated moderation systems. The scheme aims to steal login credentials and is rapidly scaling through the use of AI-driven automation.
The attackers leave public comments pretending to be official LinkedIn notifications, warning users about alleged “policy violations” or “temporary account restrictions.” Victims are urged to appeal immediately by clicking a provided link.
The messages closely mimic legitimate LinkedIn communication by using:
official-sounding language,
familiar branding elements,
shortened lnkd.in URLs,
fake support profiles designed to appear authentic.
Clicking the link redirects users to a phishing page that closely resembles LinkedIn’s login interface, where entered credentials are harvested and used to hijack accounts.
Cybersecurity analysts note that the campaign is being scaled with the help of artificial intelligence. AI tools are used to:
generate large volumes of convincing comments,
tailor messages to specific targets,
evade platform moderation mechanisms.
Experts describe this campaign as part of a broader shift in social engineering, where attackers embed themselves directly into trusted platforms instead of relying solely on email-based phishing.
The LinkedIn comments phishing campaign highlights the growing sophistication of social engineering attacks. By combining AI, trusted infrastructure, and realistic impersonation, threat actors significantly increase their success rate. Users are advised to avoid clicking links in public comments and verify any security-related notifications through official platform channels only.
