Phishing Scammers Are Posting Fake “Account Restricted” Comments on LinkedIn: What to Do Fast

Phishing Scammers Are Posting Fake “Account Restricted” Comments on LinkedIn: What to Do Fast
Image Credit: LPS1 via Wikimedia under CC

Gibraltar:  Thursday, 29 January 2026 – 07:00 CET

Phishing Scammers Are Posting Fake “Account Restricted” Comments on LinkedIn: What to Do Fast
By: Iain Fraser – Cybersecurity Journalist
Published in Collaboration with SECURUS Communications
Google Indexed AIO  on: 290126 at 09:05 CET
SMECyberInsights.co.uk | First for SME Cybersecurity News
#SMECyberInsights #SMECybersecurity #SMECyberInsights #SME #CyberSafe #CyberSecurity #Cybersecurity #ManagedSecurity #MFA #Phishing #LinkedIn #LinkedInSecurity #Phishing #AccountTakeover



A fresh LinkedIn phishing pattern is doing the rounds: scammers post comments claiming your account is “restricted” (or will be), then push a link to “appeal” or “verify”. It’s effective because it hijacks the natural panic response—especially for founders, sales teams, recruiters, and anyone whose pipeline depends on LinkedIn visibility.

Why this matters

LinkedIn isn’t “just social” for SMEs. For many, it’s a core business channel—lead generation, hiring, partnerships, brand trust—so an account takeover can quickly turn into reputational damage, fraud attempts, or wider compromise.

Key SME risks if someone clicks:

* Credential theft leading to LinkedIn account takeover
* Reputation damage if attackers message your contacts or post scams under your name
* Secondary compromise if passwords are reused on email, CRM, or Microsoft/Google accounts
* Fraud attempts targeting customers/suppliers via trusted direct messages

What’s happening (authoritative insight)

Reporting indicates fake profiles are posting “account restricted” comments with links designed to look official or urgent. The goal is to drive victims off-platform to a phishing page and capture credentials (and sometimes additional verification details).

This pattern has also been widely discussed by security practitioners sharing examples and warning signs, reinforcing that it’s active “in the wild” on LinkedIn feeds right now.

How the scam works (step-by-step)

This is the typical flow attackers are aiming for:

1. A scam comment appears under your post (or a popular post), claiming your account is restricted / will be disabled.

2. The comment includes a link to “resolve,” “appeal,” or “verify.”

3. The link leads to a lookalike page (or an odd redirect chain) that requests LinkedIn login details.

4. Once credentials are entered, attackers can take over the account and reuse it to spread more scams.

Red flags to train your team to spot

These scams often share consistent tells:

* The commenter is a new / low-credibility profile (thin history, odd name, mismatched photo)
* Urgency language: “final warning”, “restricted”, “verify now”
* The link is not a normal LinkedIn domain (or uses strange redirects/shorteners)
* The comment is posted publicly, not via official LinkedIn notifications channels
* The page asks for login info outside LinkedIn’s standard flows

What to do if you see it (safe, fast response)

If you see a fake “account restricted” comment:

* Do not click the link.

* Report the comment/profile in LinkedIn (Report → Scam/Fraud/Phishing).

* Delete/hide the comment from your post if you manage the page/profile.

* Warn colleagues (especially social admins, marketing, sales) with a screenshot so they recognise it.

If you clicked but didn’t enter credentials:

* Close the page.
* Run a quick malware scan (device hygiene).
* Stay alert for follow-on attempts (DMs, emails).

If you entered your LinkedIn password (treat as compromised):

* Change your LinkedIn password immediately

* Enable/verify 2FA on LinkedIn

* Log out of other sessions (security/session settings)

* If the password was reused anywhere else, change those accounts too first (email is the priority)

* Review recent activity: messages sent, ads activity, profile edits, connected apps

Phishing Scammers Are Posting Fake “Account Restricted” Comments on LinkedIn: What to Do Fast

Quick prevention checklist for UK SMEs (high impact, low hassle)

These controls reduce the chance a single click becomes a business incident:

* Mandate 2FA on LinkedIn for anyone with brand/admin access
* Use a password manager + unique passwords (prevents reuse fallout)
* Restrict Page admin roles to the minimum needed (least privilege)
* Add a simple internal rule: “LinkedIn will not restrict accounts via random public comments.”
* Run a 5-minute “spot the phish” drill using real screenshots from this campaign 

Looking forward

As more business happens in-platform (social selling, recruiting, DMs), attackers will keep abusing the same human triggers—urgency, authority, and fear of losing access. The practical defence is equal parts tech (2FA, unique passwords) and habit (pause, verify, report).

SECURUS Communications Ltd

Securus is a managed communications Operator, providing next-generation network infrastructure and value added services to Managed Hosting providers and the ‘cloud generation’​ of enterprises. Securus priority is to offer communication services that represent excellent value for money and are backed by exceptional levels of support.

Contact Securus
Securus Communications Ltd
Station Road, Landmark house, Hook, England RG27 9HA, GB
T: Enquiries:  | Service Desk: 03451 283458
Securus on LinkedIn | Securus on “X” | https://securuscomms.com