Beyond the Inbox: Why LinkedIn Has Become the UK's Hottest Phishing Lure

Phishing attacks are evolving, and the UK business community must urgently broaden its defence beyond the email inbox. While most security metrics focus on email, up to 34% of phishing attacks now exploit non-email channels—and professional social media platform LinkedIn is fast becoming a key battleground. This is not a casual threat; attackers are launching sophisticated, high-impact spear-phishing campaigns, recently seen targeting executives in the financial services and technology sectors.

Why are cyber criminals flocking to LinkedIn to cast their malicious nets? The reasons are rooted in convenience, efficacy, and a critical visibility gap for corporate security teams.

Bypassing Traditional Corporate Security

LinkedIn Direct Messages (DMs) glide straight past the Secure Email Gateways (SEGs) that most UK organisations rely on. Employees access the platform on work devices, yet security teams have virtually no visibility into these communications. The message from an outsider lands directly on a work laptop or phone without any risk of email interception. Even if a phishing URL is reported, blocking it is a game of 'whack-a-mole' as attackers rapidly rotate domains, leaving user training as the main, and often insufficient, line of defence.

Cheap, Scalable Attacks with High Credibility

Setting up a legitimate-looking email domain is time-consuming. Conversely, leveraging a compromised LinkedIn profile is quick, cheap, and immediately credible. Crucially, the source data confirms that a high percentage of credentials found in infostealer logs are linked to social media accounts, often lacking Multi-Factor Authentication (MFA). By hijacking a trusted, legitimate account, attackers instantly inherit the existing network's trust, allowing AI-powered messages to be scaled for outreach with unprecedented authenticity.

Direct Access to High-Value Targets

LinkedIn is an open goldmine for reconnaissance. It allows attackers to effortlessly map out an organisation’s structure, identify key roles, and pinpoint individuals with the highest levels of access, such as senior finance or IT executives. There are no spam filters or administrative assistants to screen messages; a highly targeted spear-phishing message lands directly on the intended professional’s profile. Recent campaigns confirm this, with attackers impersonating investment funds to lure finance leaders into compromising their Microsoft Entra or Google Workspace credentials.

Users are More Susceptible to the Lure

The professional nature of LinkedIn creates an expectation of connecting and interacting with external contacts. An executive is often more inclined to open a professional-sounding LinkedIn DM than a generic, unsolicited email. When a phishing message comes from a seemingly trusted, hijacked contact—sometimes even a fellow employee—the success rate is significantly higher. With a compelling pretext, such as an "urgent board invitation" or a "document review," the social engineering is highly effective.

Businesses must recognise that a compromised LinkedIn account is a gateway to the corporate network. Shifting security focus to include social media, enforcing robust MFA on all connected work accounts, and providing targeted user training on sophisticated, non-email threats are no longer optional extras—they are essential defences.