Phishing Attacks Often Utilize LinkedIn Messages for Malicious Purposes.

2025-11-18

A New Phishing Frontier: LinkedIn Messages

Cybercriminals are expanding their strategies, with a significant focus on LinkedIn as a new battleground for phishing attacks. Email and text remain popular methods, but LinkedIn messages are gaining traction due to the platform’s widespread use among professionals.

According to The Hacker News, LinkedIn has become an attractive target because many users—especially company executives—who access the site via corporate devices may not have the same level of security safeguards as those used for email. This gap in protection can make it easier for attackers to launch phishing campaigns through messages.

“Social media accounts, such as LinkedIn, are increasingly being leveraged by cybercriminals to target employees and executives,” noted Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “The lack of multi-factor authentication (MFA) on these platforms contributes to the risk. Consumers often trust communications through social media due to inherent trust in such channels.”

Infostealers: A Growing Threat

Infostealers, a sophisticated class of malware, pose a significant threat by extracting sensitive data from online sources at scale. These tools are believed to be responsible for billions of stolen credentials, often linked back to social media accounts.

“It’s surprisingly easy to hijack legitimate accounts,” stated Goldberg. “Over 60% of the credentials in infostealer logs can be traced to social media accounts that lack MFA—making them a credible launchpad for phishing attacks and other malicious activities.”

Expanding Attack Objectives

The primary targets of these LinkedIn campaigns are individuals, but the ultimate goal is often to infiltrate large organizations with extensive cloud infrastructure. Once initial access is obtained, cybercriminals can exploit this foothold to steal sensitive data or launch ransomware attacks.

Given the high costs associated with data breaches, organizations must develop comprehensive phishing training and defensive strategies that specifically address LinkedIn and other social media platforms.