LinkedIn phishing scam tries to fool you with fake document — what you need to know

(Image credit: Carl Court/Getty Images)

Security researcher JB Bowers has found that scammers are using LinkedIn to target users into giving up their passwords. 

The scheme tries to trick unsuspecting users into opening up a "LinkedIn Private Shared Document," after which they're asked to enter their login credentials on a fake LinkedIn page.

Suffice it to say, any users who receive an unsolicited message from an unknown contact via LinkedIn's internal messaging system should be cautious. This is especially true if users are asked to re-enter their login information.

For users who might have accidentally entered their login information, their LinkedIn contacts may begin seeing phishing messages as well. As for why criminals are targeting users on LinkedIn, it could be because frequent LinkedIn users have higher-than-average incomes and are considered higher value targets. Or it might be that because LinkedIn connects to other Microsoft services, such as Office 365, compromising a LinkedIn account could lead to more information theft. 

If you, or anyone you know, is receiving phishing emails from contacts on LinkedIn, let them know immediately. Have them change their password and use this guide to report a hacked account to LinkedIn.

How to protect yourself from phishing

Phishing, as the name implies, tries to bait users into giving up sensitive information. This could be in the form of emails promising a free iPad or, as in the case above, something more procedural. 

Don't assume that phishing attacks happen only on Gmail or large social media platforms. Schools and businesses are also targets of phishing attacks. Scammers are also becoming more sophisticated, and because LinkedIn tells them who you work with, they can send you a fake email that seems to come from your boss.

The best way to protect yourself from phishing is to learn how to spot it. Even if an email seems to come from someone you know, examine the message. If the email formatting or wording seems off, immediately become suspicious. If there's an attachment, scan it with one of the best antivirus programs.

Using one of the best password managers is also a good way to keep yourself secure. Try to avoid using the built-in password managers found in Chrome or Firefox, which are frequent malware targets — dedicated third-party ones tend to be more secure. And of course, never use the same password twice.

Plus: LastPass Free will force you to choose between mobile, desktop: What to know

Imad Khan

Imad is currently Senior Google and Internet Culture reporter for CNET, but until recently was News Editor at Tom's Guide. Hailing from Texas, Imad started his journalism career in 2013 and has amassed bylines with the New York Times, the Washington Post, ESPN, Wired and Men's Health Magazine, among others. Outside of work, you can find him sitting blankly in front of a Word document trying desperately to write the first pages of a new book.