Phishing on LinkedIn: targeting job seekers

In recent years, LinkedIn has developed into the leading professional online network. It is estimated that there are now over 20 million members in German-speaking countries. And the trend is rising. The platform has also long since developed into a highly interesting - and profitable - area of application for cyber criminals. In 2025, LinkedIn was the second most abused brand by cybercriminals for fake landing pages.(1) The reason for the heavy use of LinkedIn is quickly explained: On the one hand, the platform offers attackers ideal conditions for quickly and cost-effectively accessing extensive and, above all, relevant information about potential victims. The employer, position in the company, professional career, vacation posts, family photos and much more can be found here. Another plus: many, if not most, members use LinkedIn as a career exchange. This means that many have a strong drive to respond to contact requests at an early stage, to present themselves and to start conversations. The best conditions for a successful social engineering, phishing or spear phishing attack.

Fake career offers as bait

The most common type of scam on LinkedIn: job scams. Cyber criminals pretend to be recruiters from a well-known company. Real company logos are emblazoned on their profile. Their CV appears credible - as do their photos. Their victims contact them unsolicited. Their offer: an attractive salary and flexible working conditions for a well-known company. To build trust, they involve their victims in credible chats about their professional qualifications.

There are now two ways in which the attack can continue: either they send their victims a link to a fake landing page, disguised as a company job portal, for example. They should then log in to this with one of their profiles, such as LinkedIn or Google. If the victims then enter their credentials on the fake landing page, which is actually a phishing website, their data is forwarded to the attackers. They then have access to the respective user accounts. The second option: victims are sent a link under the pretext that they should take a test as the last step in the application process or read the job description in detail. If they click on this link, they are redirected to one or more files that they are supposed to download and open.

Access to networks

These files then contain hidden malware - such as keyloggers or Trojans, which, once opened, infect the entire system unnoticed and spy on access data to company networks, or even RAT malware. In the worst case scenario, the attackers have gained access to their victims' entire network within a few moments. If they have also downloaded the malware from their business computer, the perpetrators can move laterally across the entire company network from the infected employee endpoint - for example, to gain administrator rights and steal sensitive company data or intellectual property.

Protective measures against cyber fraud on LinkedIn

In many places, LinkedIn is also and especially used for and during work. The dangers that can arise from such attacks - including for your own work colleagues - are high. A strict separation between private and professional social media use is difficult, if not impossible, to achieve. At the same time, in most companies, communication via social media, in contrast to communication via email, is not at all or at least not sufficiently secure. Members of LinkedIn can therefore only be advised to start with:

• Be careful when making new contacts - especially if it is you who has been contacted.
• Check the inquirer's LinkedIn profile for suspicious content (fake photos, spelling mistakes, incomplete information, low activity on LinkedIn, disproportionately low number of contacts).
• Stay on your guard when you receive messages from these contacts and interact with them. Do not disclose any personal data.
• Do not click on their links - neither if you receive them in a regular e-mail, nor if you receive them in a LinkedIn message.
• Report LinkedIn profiles that seem suspicious to you.

And: keep up to date with the cyber security situation in general - especially on LinkedIn. Train your cyber security awareness. The same applies to companies. They should provide their employees with education and training on current security incidents - such as the recently detected and still active LinkedIn attack campaign targeting executives. Security teams need to establish clear guidelines for data exchange that strictly prohibit sending and receiving files via chat services and motivate employees to report suspicious messages - and missteps - immediately. These and similar measures can reduce the risk in the long term.

Conclusion

Cyber criminals try to gain the trust of their victims with fake job offers via LinkedIn - and are often successful. After all, the technical defense measures used are generally limited to their own email inboxes, but not to social media chat histories. LinkedIn users can only be advised to remain vigilant here; and their employers should not put off training and education to raise security awareness.