You're scrolling through LinkedIn, checking responses to your latest post about the market update. Suddenly, you see a comment with the LinkedIn logo warning that your account has been "temporarily restricted" due to policy violations. It looks official. It even uses LinkedIn's own link shortener. Your heart skips a beat-losing access to your professional network could be devastating. You click the link to fix the problem. That's exactly what the scammers want.
Here's what makes this different from typical phishing: attackers aren't sending you private messages or emails. They're posting fake warnings directly in your comment sections, out in the open where everyone can see them. The comments come from accounts with names like "LinkedIn Very" that use LinkedIn's official logo and branding. Some even leverage LinkedIn's legitimate https://lnkd[.in] URL shortener to make their phishing links look authentic.
The attack works through AI-powered automation. Security researchers found that thousands of these bot accounts can flood LinkedIn with fake policy warnings in minutes. The comments claim you've violated the terms of service, your account is locked, and you need to click a link immediately to appeal the restriction.
When you click, you're sent to a convincing fake verification page-it looks identical to LinkedIn's real login screen. You enter your username and password, thinking you're appealing a restriction. Instead, you've just handed your credentials directly to the attackers. Once they have your login, they can access your account, view your network, impersonate you to colleagues and clients, or use your account to target others in your professional circle.
The irony? When LinkedIn's real support team responds to users reporting these fake comments, their legitimate response looks almost identical to the phishing attempt. That's how convincing this scam has become.
We trust what appears in familiar spaces. Comments on LinkedIn feel safer than suspicious emails because they're happening on a platform we use daily. The fake accounts exploit that trust by mimicking everything about LinkedIn's automated moderation messages-right down to the official branding and URL structure.
Here's the critical thing to understand: LinkedIn will never, ever communicate policy violations through public comments on your posts. Real account issues appear as full-screen banners when you log in, not as comment replies from bot accounts.
Takeaways:
- Always go direct: If you see any message claiming your account has problems, don't click the link. Open a new browser tab, type linkedin.com directly, and log in. If there's a real issue, you'll see a banner notification immediately
- Check the account posting: Hover over the profile making the claim. If it's a brand new account with a name like "LinkedIn Very" or "Linked In Support" instead of the actual LinkedIn company page, it's fake
- Verify URLs before clicking: Hover your mouse over any link first. If you see random characters like "very1929412.netlify.app" or anything that isn't linkedin.com, don't click it. LinkedIn's URL shortener can also be abused, so even lnkd.in links require caution
- Report suspicious comments: Use the three-dot menu to report any comment that looks like a fake policy warning. This helps LinkedIn take down the bot accounts faster
- Use two-factor authentication: Even if someone steals your password, they can't access your account without the second verification step. Enable this in Settings > Sign in & security
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------