A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.’
A new phishing campaign is targeting professionals by exploiting fake LinkedIn notifications to hijack user accounts and steal sensitive data. According to recent findings from the Cofense Phishing Defense Center (PDC), attackers are leveraging spoofed domains such as “inedin.digital” to closely mimic legitimate LinkedIn communications and trick users into revealing their login credentials.
The campaign highlights how routine digital behaviors – like checking LinkedIn notifications – can become entry points for cyberattacks. By replicating the exact design and structure of genuine LinkedIn alerts, threat actors are successfully deceiving even cautious users, turning a simple click into a serious security breach.
The phishing attempt begins with an email that appears to be a standard LinkedIn notification. It typically informs the recipient of an urgent message from a potential business contact, creating a sense of immediacy that discourages careful scrutiny. Researchers note that these emails are nearly indistinguishable from legitimate ones, using identical branding elements such as fonts, logos, and color schemes.
However, closer inspection reveals red flags. The emails originate from suspicious domains like “khanieteam.com,” which was newly registered just days before the campaign was identified in March 2026. Such domains are a clear indicator of malicious intent, as legitimate platforms do not send notifications from newly created or unrelated addresses.
If recipients click on the embedded links, they are redirected to fraudulent login pages designed to look like LinkedIn. Domains such as “inedin.digital” are intentionally crafted to visually resemble the official platform, using familiar letter patterns to mislead users. This subtle manipulation increases the likelihood of users trusting the site and entering their credentials.
Security researchers emphasize that the effectiveness of the campaign lies in its psychological tactics. By combining urgency with familiarity, attackers exploit user trust and curiosity. Once login details are entered into the fake site, cybercriminals gain immediate access to the victim’s professional account, including personal data, connections, and potentially sensitive business communications.
Further analysis revealed that the malicious infrastructure supporting the campaign was recently established, with multiple IP addresses used to maintain operational continuity and avoid detection. This level of coordination indicates a well-planned and evolving phishing strategy.
Cybersecurity experts are urging users to remain vigilant by verifying sender email addresses, avoiding clicking on suspicious links, and checking URLs carefully before entering login credentials. Even highly convincing messages should be treated with caution, especially when they involve urgent requests or unexpected opportunities.
As phishing tactics continue to evolve, this campaign serves as a reminder that social engineering remains one of the most effective tools for cybercriminals. Organizations and individuals alike must prioritize awareness and adopt proactive security measures to protect against increasingly sophisticated threats.
Recommended Cyber Technology News :
- KELA Reports 200 Percent Rise in Cybercriminals Using AI
- Vim Flaw Enables Command Execution via Malicious Files
- Silver Fox Targets Japan with Tax Phishing Attacks
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
