All news with #linkedin tag

Why Attackers Are Phishing Over LinkedIn in 2025: Risks

🔒 LinkedIn has emerged as a major vector for phishing, with a growing share of attacks moving off email and onto social and messaging platforms. Attackers exploit in‑app DMs, account takeovers, and AI automation to target executives and high‑value roles, often aiming to compromise SSO providers such as Microsoft Entra and Google Workspace. Because these messages bypass traditional email security and lack inbox quarantine tools, browser-based defenses and SSO/MFA hygiene are recommended to detect and block evasive campaigns. The article outlines five reasons this shift increases enterprise risk.

LinkedIn Phishing Targets Finance Executives With Fake Board

🔒 Hackers are exploiting LinkedIn direct messages to phish finance executives with messages claiming to invite recipients to an executive board and leading to credential-harvesting pages. Push Security says victims are redirected — including via a Google open redirect — to a Firebase-hosted 'LinkedIn Cloud Share' page that urges users to click a 'View with Microsoft' button. That flow then presents a Cloudflare Turnstile and a fake Microsoft sign-in used as an adversary-in-the-middle to capture credentials and session cookies; organizations should verify senders, avoid unsolicited links, and enforce MFA and conditional access.

LinkedIn to Use EU, UK and Other Profiles for AI Training

🔒 Microsoft-owned LinkedIn will begin using profile details, public posts and feed activity from users in the UK, EU, Switzerland, Canada and Hong Kong to train generative AI models and to support personalised ads across Microsoft starting 3 November 2025. Private messages are excluded. Users can opt out via Settings & Privacy > Data Privacy and toggle Data for Generative AI Improvement to Off. Organisations should update social media policies and remind staff to review their advertising and data-sharing settings.

LinkedIn Sues ProAPIs Over Use of 1M Fake Accounts

⚖️ LinkedIn has filed suit against Delaware-based ProAPIs Inc. and its founder, Rehmat Alam, alleging the company created more than one million fake accounts to scrape member data using a product called iScraper API. The complaint, filed in California, accuses ProAPIs of violating LinkedIn’s terms of service and of using invalid credit cards to obtain premium access. LinkedIn seeks a permanent injunction, deletion of scraped data, and payment of damages and attorney fees.