HOW TO: How Lawyers Can Protect Themselves on LinkedIn from New Phishing đŁ Scams!
/
Fake LinkedIn warnings target lawyers!
LinkedIn has become an essential networking tool for lawyers, making it a highâvalue target for sophisticated phishing campaigns.âď¸ Recent scams use fake âpolicy violationâ comments that mimic LinkedInâs branding and even leverage the official lnkd.in URL shortener to trick users into clicking on malicious links. For legal professionals handling confidential client information, falling victim to one of these attacks can create both security and ethical problems.
First, understand how this specific scam works.đť Attackers create LinkedInâthemed profiles and company pages (for example, âLinked Veryâ) that use the LinkedIn logo and post âreplyâ comments on your content, claiming your account is âtemporarily restrictedâ for nonâcompliance with platform rules. The comment urges you to click a link to âverify your identity,â which leads to a phishing site that harvests your LinkedIn credentials. Some links use nonâLinkedIn domains, such as .app, or redirect through lnkd.in, making visual inspection harder.
To protect yourself, treat all public âpolicy violationâ comments as inherently suspect.đ LinkedIn has confirmed it does not communicate policy violations through public comments, so any such message should be considered a red flag. Instead of clicking, navigate directly to LinkedIn in your browser or app, check your notifications and security settings, and only interact with alerts that appear within your authenticated session. If the comment uses a shortened link, hover over it (on desktop) to preview the destination, or simply refuse to click and report it.
From an ethics standpoint, these scams directly implicate your duties under ABA Model Rules 1.1 and 1.6.âď¸ Comment 8 to Rule 1.1 stresses that competent representation includes understanding the benefits and risks associated with relevant technology. Failing to use basic safeguards on a platform where you communicate with clients and colleagues can fall short of that standard. Likewise, Rule 1.6 requires reasonable efforts to prevent unauthorized access to client information, which includes preventing account takeover that could expose your messages, contacts, or confidential discussions.
Practically, you should enable multiâfactor authentication (MFA) on LinkedIn, use a unique, strong password stored in a reputable password manager, and review active sessions regularly for unfamiliar devices or locations.đ If you suspect you clicked a malicious link, immediately change your LinkedIn password, revoke active sessions, enable or confirm MFA, and run updated antiâmalware on your device. Then notify your firmâs IT or security contact and consider whether any clientârelated disclosures are required under your jurisdictionâs ethics rules and breachânotification laws.
Finally, build a culture of security awareness in your practice.đĽ Brief colleagues and staff about this specific commentâreply scam, show screenshots, and explain that LinkedIn does not resolve âpolicy violationsâ via comment threads. Encourage a âpause before you clickâ mindset and make reporting easyâinternally to your IT team and externally to LinkedInâs abuse channels. Taking these steps not only protects your professional identity but also demonstrates the technological competence and confidentiality safeguards the ABA Model Rules expect from modern legal practitioners.
Public âpolicy violationsâ are a red flag!
From an ethics standpoint, these scams directly implicate your duties under ABA Model Rules 1.1 and 1.6.âď¸ Comment 8 to Rule 1.1 stresses that competent representation includes understanding the benefits and risks associated with relevant technology. Failing to use basic safeguards on a platform where you communicate with clients and colleagues can fall short of that standard. Likewise, Rule 1.6 requires reasonable efforts to prevent unauthorized access to client information, which includes preventing account takeover that could expose your messages, contacts, or confidential discussions.
Practically, you should enable multiâfactor authentication (MFA) on LinkedIn, use a unique, strong password stored in a reputable password manager, and review active sessions regularly for unfamiliar devices or locations.đ If you suspect you clicked a malicious link, immediately change your LinkedIn password, revoke active sessions, enable or confirm MFA, and run updated antiâmalware on your device. Then notify your firmâs IT or security contact and consider whether any clientârelated disclosures are required under your jurisdictionâs ethics rules and breachânotification laws.
Train your team to pause and report!
Finally, build a culture of security awareness in your practice.đĽ Brief colleagues and staff about this specific commentâreply scam, show screenshots, and explain that LinkedIn does not resolve âpolicy violationsâ via comment threads. Encourage a âpause before you clickâ mindset and make reporting easyâinternally to your IT team and externally to LinkedInâs abuse channels. Taking these steps not only protects your professional identity but also demonstrates the technological competence and confidentiality safeguards the ABA Model Rules expect from modern legal practitioners.
