Phishing

Phishing is a common tactic that cyber criminals use to try and steal your information and your money. You should always be on the lookout for fraudulent emails. Get tips on how to keep yourself safe.

What is Phishing?

Phishing is the practice of emailing likely members of a website (e.g., social networks, banks, games, etc.) with the goal of directing them to a legitimate-looking but fraudulent website to obtain usernames, passwords, financial information, and gain access to other sensitive data.

LinkedIn has joined the DMARC organization with other industry leaders like Facebook, Google, and PayPal, with the goal of fighting phishing and spam. To that end, and in accordance with DMARC standards, LinkedIn digitally signs all emails we send, which allows email providers to identify our legitimate emails and throw away the phishing and/or spam emails. While most major email providers such as Google, Yahoo!, Microsoft, and AOL adhere to DMARC standards, there are still a number that have yet to implement it.

We also work with many industry partners to rapidly identify websites and email campaigns that engage in phishing or spamming, so that we can remove them from the Internet. Sometimes we're able to do this within an hour of the email crossing our radar. These combined efforts should decrease the chances of you receiving a fraudulent LinkedIn phishing or spam email.

How can I report suspicious messages?

If you've received a suspicious email purporting to be from LinkedIn, don't click any of the links or open any attachments, and notify us via phishing@linkedin.com.

Attaching a copy of the suspicious message as well as including the email header information will help us greatly in our investigation.

What types of communications are sent through LinkedIn?

Before you can judge whether a message is legitimate, it's helpful to know about the different types of messages sent through and by LinkedIn:

  • Network updates & Activity notifications
  • LinkedIn Pulse
  • Group digest emails
  • Groups, jobs, and connections you may be interested in
  • Credit card expirations
  • Profile forward notifications
  • Announcements of new features and enhancements
  • Current promotions and research opportunities
  • Member-to-member messages
    • InMail messages
    • Invitations
    • OpenLink messages
    • Recommendation request from a connection

To change the frequency of these emails, or to opt out of these emails, you can visit your account's Privacy & Settings page:

  1. Go to your Privacy & Settings.
    • For security purposes, you may be prompted to sign in.
  2. Click the Communications tab near the bottom of the page, and then click the Set the frequency of emails link.
  3. Select the types of messages you'll receive and an email frequency option
  4. Click Save Changes.

In general, any legitimate member-to-member message sent from a genuine member of the site (whether you're connected or not) will appear in your LinkedIn inbox. You'll also receive a copy to the primary email address on your account.

How do I determine if a message is from LinkedIn?

It's important to note that all valid LinkedIn messages will contain a security footer:

In general, it's not a good practice to open any attachments or click any links in an email that seems suspicious, or is from a person or company you don't know. The following is a good list of indicators which should raise your suspicions that the email claiming to be from LinkedIn is not legitimate:

  • The message is telling you to open an email attachment or install a software update. LinkedIn will never ask you to do this.
  • The message contains bad spelling and grammar.
  • The message contains a threat of some kind. Example: your account will be deleted unless you act right away.

Before clicking on any links within an email message, it's a good idea to move your cursor over the links to see where they're actually directing you. In the case of an email from LinkedIn, if it's not directing you back to the LinkedIn website, then you can treat the message as a phishing attempt.

The email header is another solid indicator used to determine whether a message was really sent from LinkedIn. This email header will provide information on how the email reached you. If the originator of the message looks suspicious, then it's a good idea to treat the message as an attempted phishing and/or spam email, and delete it. Learn how to find and view email headers.

What if I've already clicked a bad link or attachment?

Some phishing messages have malicious attachments that contain malware or lead to virus-infected websites, which can be damaging to your computer. If you believe you've opened or clicked something that may be harmful, we highly recommend that you scan your computer using a current version of antivirus software.

How do I keep my LinkedIn account as safe as possible?

  • Visit our article Account Security and Privacy - Best Practices for important steps you can take to protect your account security and privacy.
  • If something doesn't feel right about a particular message, then something probably isn't. When in doubt, open a new browser window and go directly to Linkedin.com to check your Inbox and verify the connection request or message.
  • Enable HTTPS (secure browsing):
    1. Move your cursor over your name in the top right of your homepage and select Privacy & Settings.
      • For security purposes, you may be prompted to sign in.
    2. Click the Account tab near the bottom of the page, and then click Manage security settings.
    3. Check the box and click Save changes.