LinkedIn Scams: 10 Ways You Could Be at Risk on the Platform

‍How To Tell If Someone Is Scamming You on LinkedIn

LinkedIn has over 900 million users — but hardworking professionals and job seekers aren’t the only ones profiting from the platform [*].

Among the brands most likely to be spoofed for phishing scams, LinkedIn was at the top of the list in the first quarter of 2022 [*]. Scammers are notorious for exploiting LinkedIn’s higher-income user base, and the social network is becoming a lucrative breeding ground for fraud. 

While there are several types of LinkedIn scams, most rely on a few jaded tactics. Some common warning signs include:

• Someone asking for help or personal information soon after making a successful connection request.
• Quick responses to direct messages irrespective of the time of day.
• Language that uses threats, urgency, or high-pressure tactics.
• Solicitations for untraceable money disbursements, such as through cryptocurrency, gift cards, wire transfers, or on apps like Zelle.
• Requests to move conversations from LinkedIn to apps like WhatsApp or Telegram.
• A brand new account with few connections and little engagement.
• Users who discourage you from talking to others about your conversations with them.
• Offers and business opportunities that seem too good to be true.
• Solicitations of funds used as fees to receive money.

{{show-toc}}

10 Common LinkedIn Scams To Know About This Year

1. Phishing scams
2. Catfishing and romance scams
3. Crypto investment scams
4. Employment scams
5. Work equipment scams
6. Tech support scams
7. Bogus connection requests
8. Account takeover scams
9. Outsourced lead generation services
10. Viruses and malware‍

1. Phishing scams

How the scam works: 

Phishing — a type of social engineering attack — dupes you into giving away sensitive personal information over email. 

Sometimes, these missives appear to be from LinkedIn and may feature generic subject lines or zealous threats to terminate your account. Some reported subject lines include [*]:

• You appeared in 4 searches this week
• You have 1 new message
• Account Suspended
• LinkedIn Profile Security Alert

These LinkedIn phishing emails may look like authentic messages and even point to a spoofed LinkedIn login page. But the page funnels any login credentials that you enter to a scammer and may sometimes automatically download malware or viruses onto your device.

Aimed to capitalize on unwary LinkedIn users, such phishing attacks have increased by 232% since February 2022 [*].

How to recognize the scam:

• Make sure the email address itself ends in @linkedin.com, even if the sender is displayed as “LinkedIn.” 
• Hover over links to see where they lead before clicking on them. And pay attention if your mail app flags the email as suspicious.

2. Catfishing and romance scams

How the scam works: 

Scammers create a fake account, typically of someone young and affable, and send connection requests to strangers. The fraudster pretends to be romantically interested and then solicits for money, login information, or other favors after building a personal relationship.

Usually, catfishers — the term used for someone using a fake profile — try to move the conversation off of LinkedIn. That way, they can still communicate with the victim even if their false account is flagged as spam and deleted from LinkedIn.

‍How to recognize the scam:

• Beware of connection requests from new accounts with few connections, posts, or comments.
• Watch out for anyone who asks personal or intimate questions (such as your age or marital status) on LinkedIn. 
• Don’t oblige by moving suspicious conversations to another messaging app, like WhatsApp or Telegram.

⛳️ Related: How To Avoid Google Chat Scams (9 Warning Signs) →

3. Crypto investment scams

How the scam works: 

Crypto scams dupe targets with cryptocurrency and investment cons by dangling the temptation of overnight profits. The suggestion may come from a new LinkedIn connection, or from an acquaintance whose account has been hacked.

The scammer will seem highly crypto-savvy and direct you to invest, but only on a specific site. Most often, this illegitimate website is a front that shows “earnings” that don’t exist. Any money invested goes straight to the scammer.

According to FBI special agent Sean Ragan, scammers use LinkedIn to cast a wide net and hope to ensnare unsuspecting victims who have hefty checks to spare.

How to recognize the scam:

• Unsolicited suggestions to invest in cryptocurrency or other sophisticated investment schemes.
• Anyone who demands that you use an obscure platform instead of a well-known crypto exchange.
• Promises of huge returns in a short amount of time.
• Any business that only accepts cryptocurrency as payment.

4. Employment scams

How the scam works: 

A scammer posts a fake job offer, perhaps even for a legitimate company. Once you apply, the fake recruiter asks you for personal data, such as your Social Security number (SSN), bank account information, or a credit report.

But there is no job — it’s a ruse to steal your identity or commit other kinds of fraud later on. Once accessing your information, the scammer may disappear or attempt a work equipment scam next (see below).

LinkedIn is becoming a common destination for unemployment and fake job scams — the second-most reported platform after Indeed.com, according to the Better Business Bureau (BBB) [*].

How to recognize the scam:

• Be suspicious of unsolicited  job pitches that seem too good to be true. If any offer piques your interest, verify that it’s a legitimate opening by looking on the company’s official website.
• When submitting a resume, only disclose publicly available information. Don’t share details like your phone number, address, or identification numbers.
• Beware of employers who do text-only interviews, especially on encrypted chat apps like WhatsApp or Telegram.
• Never buy a credit report to share with an employer. Any job that requests this is a scam.

⛳️ Related: How To Spot a LinkedIn Job Scam (11 Warning Signs) →

5. Work equipment scams

How the scam works: 

This scam unfolds after you apply for a seemingly legitimate job on LinkedIn and are accepted. The scammer then promises company-funded work equipment — typically electronics such as an iPhone, printer, or computer [*].

As a follow-up, they send you a check for the equipment and ask you to buy it from a verified “supplier” who might be a co-conspirator. When the check bounces, you’ll be liable for the money you sent.

How to recognize the scam:

• Any offer with unusually generous compensation should not suspend your disbelief. High hourly wages for remote tasks — like data entry or conducting surveys — are especially common scams.
• Interview processes that seem very easy or happen quickly are obvious red flags — for example, getting hired after a one-hour “interview” over text messages.
• Any employer that sends you upfront payments to buy work equipment.

6. Tech support scams

How the scam works: 

A scammer notifies you that there has been an issue with your LinkedIn account, via email, a LinkedIn message, or even over a phone call [*].

They may ask you to click on a link to enter personal information, or prompt you to unknowingly trigger a malware download. In some other cases, LinkedIn IT team imposters may even request payments for premium services to rectify a non-existent account issue.

How to recognize the scam:

• LinkedIn doesn’t have a customer support hotline; anyone who shares an official support number is a scammer.
• If you get an email from LinkedIn with a URL that takes you to a seemingly innocuous login page, abandon that session. Instead, log in to the official website yourself to check for notifications.
• LinkedIn does not charge for customer support, and will never ask for your password.

⛳️ Related: Do Scammers Have Remote Access To Your Computer? Do This →

7. Bogus connection requests

How the scam works: 

In this LinkedIn-themed scam, someone sends you a connection request — but the sender’s main goal isn’t to build their professional network. 

It’s to pitch a scam, ask you to share personal information, or make you an unwitting accomplice in some type of follow-on fraud [*].

‍How to recognize the scam:

• Scrutinize connection requests from people you don’t know personally as well as requests from people not connected to anyone you know.
• Examine the message for mangled grammar or signs that it may have been copied and pasted without any personalization.
• Connection requests that make aggressive offers or threats should also raise an alarm. A false sense of urgency is a core tenet in most scams.

⛳️ Related: Tax Identity Theft: How It Happens & How to Prevent It →

8. Account takeover scams

How the scam works: 

LinkedIn account takeovers happen when someone gains unlawful access to your account. This could occur through the use of leaked data or phishing tactics. 

Scammers then wield the victim’s perceived higher income status and influence to defraud others — most commonly through cryptocurrency scams. The scammer may also pose as the user to trick more victims into sharing account information. This allows the scammer to take over more accounts and repeat the cycle.

There’s a high chance that hackers have already harvested sufficient personal data to take over your account. A LinkedIn data leak from February 2023 touted data purportedly scraped from 500 million profiles [*]. 

While the leaked files did not contain deeply sensitive information such as credit card numbers, it may help create detailed profiles of potential new victims.

‍How to recognize the scam:

• Your LinkedIn login credentials don’t let you sign in, and you notice changes being made to your account.
• A connection starts posting or messaging, asking for urgent help or suggesting investment opportunities that seem overly lucrative.
• Someone asks you to send them a verification code that you receive from LinkedIn.

⛳️ Related: How To Avoid the Google Voice Verification Code Scam (2023) →

9. Outsourced lead generation services

How the scam works: 

Imagine that someone reaches out to you on LinkedIn pitching a service — perhaps software products. This exchange may seem completely normal, and the product might even be legitimate. But the profile isn’t.

A 2022 NPR report discovered that many companies create entirely false profiles, complete with made-up names, backgrounds, and even photorealistic AI-generated headshots [*]. 

"Our policies make it clear that every LinkedIn profile must represent a real person. We are constantly updating our technical defenses to better identify fake profiles and remove them from our community, as we have in this case." said a LinkedIn spokesperson.

‍How to recognize the scam:

• Outreach from an unknown person that moves directly into a sales pitch.
• A profile with only a few connections and little engagement.
• Someone who doesn’t appear anywhere on the official company website or can’t be verified anywhere else online.

10. Viruses and malware

How the scam works:

Fraudsters send you a link or file — often claiming it’s important to open for business reasons. In reality, they are downloading malware that can compromise your identity or infect your computer.

For example, ransomware is a type of malware that locks your files with encryption and will only be relinquished if you pay a ransom.

LinkedIn has a built-in link shortener that allows users to market through LinkedIn.com while promoting off-site resources. Such shortened URLs start with “https://www.linkedin.com/slink?code=” and end in a short alphanumeric variable. 

Security researcher Brian Krebs uncovered one such link, for example, that led to a spoofed Internal Revenue Service (IRS) website [*].

‍How to recognize the scam:

• Be wary of anyone who shares a link or file on LinkedIn, especially if they claim it’s important or urgent.
• A shortened link like bit.ly, tinyurl.com, or a LinkedIn redirect which contains “slink?code=” in the URL, can also mask malicious websites.

How To Spot Fake LinkedIn Profiles

Fake profiles tend to be the cornerstones in most scams, and they are ever-present on LinkedIn. Nearly 16 million accounts were blocked at registration by LinkedIn between January and June of 2022 [*]. If you get a suspicious connection request, look out for these red flags:

• The user is brand new to LinkedIn.
• They only have a few connections (under 100).
• The person isn’t connected to anyone you know.
• They don’t engage with other posts by using likes or comments.
• They don’t have detailed descriptions about their education or work experience.
• The profile contains a slew of spelling and grammatical errors.
• The person lacks endorsements from other LinkedIn users.
• The profile picture looks like a stock photo.

Scammers tend to use a generic picture online as their headshot. A reverse image search on Google Images can show you if the profile image has been repurposed from another listing or site.

For example, this user’s profile picture doesn’t match the rest of their information on LinkedIn.

And sure enough, Google Images shows that it’s a stock photo used around the web.

How To Avoid LinkedIn Phishing Scams

No list of scams is comprehensive, but taking these precautions can help you avoid many of the swindles listed above:

• Only accept invitations from people you know and trust, and do not click on links sent to you over LinkedIn messages. Be on alert if anyone insists on moving the conversation to another, more informal chat app like WhatsApp.
• If you receive a suspicious email purporting to be from LinkedIn, do not respond. Instead, log in to the official site to review your profile and flag the email via phishing@linkedin.com.
• Only pay attention to emails that end in “@linkedin.com” as similar looking variations of this domain could be fraudulent. For example, “linkedin-help@gmail.com” is not a company address.
• Beware of anyone who talks about personal information, investments, or offers promising short-term paybacks. If a connection solicits for unusual favors, thoroughly verify the person’s identity elsewhere (such as by phone).
• Create a strong, unique password for your LinkedIn account, set up two-factor authentication (2FA), and review your privacy settings. Aura’s password manager lets you create and store passwords for unlimited accounts across devices.
• Check all your active sessions to see the devices that are signed in to your account. To do this, navigate to linkedin.com/settings/sessions and sign out of any suspect sessions. Also change your password in such a case.
• Keep your LinkedIn contact information up to date. Working email addresses and phone numbers attached to your account ensure that you receive password reset messages on time. As an added precaution, add 2FA to your primary email address.

Were You Scammed on LinkedIn? Here’s What To Do

Follow all account-related instructions from above to safeguard your LinkedIn account. If you were duped into sharing personal information or making money transfers, consider reporting the scam.

Contact your bank to stop or revoke automatic withdrawals that may have been set up without your authorization. While an official report likely won’t be able to recover your losses (or a stolen identity), it provides the government with valuable information that can help protect you and others in the future.

First, take screenshots of the fraudulent profile and all conversations on and off of LinkedIn. Scammers can delete profiles and conversations, so screenshots can offer lasting evidence.

• File a report with the FBI’s Internet Crime Complaint Center (IC3). You’ll need to share your information, that of the perpetrator, and details about the fraud.
• If you have reason to believe that your identity might be at risk, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov.
• Finally, file a report with LinkedIn. Share specific details, including the LinkedIn URL of the scammer — and screenshots, if available. Also report the profile of the scammer. Go to their profile page, click the More button, and select Report/Block.

For added safety on all of your online accounts, consider signing up for Aura. You can trust Aura to monitor your bank accounts, credit cards, devices, SSN, and other sensitive data for signs of fraud. Aura’s top-rated fraud alerts are up to 250x faster than competitors.³ 

And should you become an unknowing victim of identity theft, Aura protects every adult member on your plan with $1,000,000 in insurance coverage for eligible losses due to identity theft. 

Take action against online scams with Aura. Sign up today to get 14 days free →