5 Reasons Why Attackers Are Phishing Over LinkedIn
The Hacker News explains why phishing is booming on LinkedIn and other non-email channels. Attackers like LinkedIn because it bypasses email security, is cheap and scalable, enables convincing impersonation, and supports long-game social engineering with credible profiles and DMs. Metrics undercount the problem because most controls (and reporting) are email-centric. Recommended defences include monitoring non-email channels, employee training on social-network approaches, and stronger identity controls.
Beyond the inbox: why LinkedIn phishing is having a moment.
If your anti-phishing plan stops at the email gateway, attackers are already one step ahead. LinkedIn has become the new watering hole: polished profiles, credible job titles, and a friendly DM do what many emails can’t glide straight past your filters.
Why crooks love it
• Bypass the gatekeeper: Email security can’t scan LinkedIn DMs.
• Cheap and scalable: Spinning up accounts and seeding “professional” history costs pennies.
• Better pretexting: Real company pages and mutual connections add instant trust.
• Metrics miss it: Most phishing stats are harvested from email tools, so social DMs fly under the radar.
What this means for you
Treat social networks like external mail: monitor links clicked from corporate devices, coach staff to check sender identities, and watch for “opportunities” that quickly pivot to login pages, invoice changes, or document shares. Add MFA, device posture checks and least-privilege access so a stray credential doesn’t become a catastrophe.
The bottom line: phishing hasn’t vanished, it’s just changed venues. Put some bouncers on the door.