The Potential for Malicious Ads on linkedin.com
LinkedIn's ad platform allows targeting users with ads linking to arbitrary URLs, yet no confirmed malvertising incidents have occurred. Possible reasons include the relatively high minimum cost per click ($2) and the effort required to build a reputable profile before submitting ads.
LinkedIn includes a platform that allows advertisers to display targeted ads to linkedin.com users. The advertiser can specify the URL of the advertised website. As the result, this presents an opportunity to direct linkedin.com visitors to malicious websites through LinkedIn ads.
However, I have not found any confirmed incidents where the LinkedIn website was used to host such malvertisements. Why not?
This might be because of a relatively high cost of setting up a LinkedIn campaign. Though the site allows advertisers to budget as little as $10 per day, the minimum cost per click is $2. That’s more than many other advertising venues would charge.
Another reason for scammers not distributing malicious ads through LinkedIn might be the effort it takes to build a reputable LinkedIn profile, which is necessary to submit the ad. Though this cost isn’t very high, it may be more effort than what’s involved in submitting ads to other venues.
Do these reasons make sense to you? Do you have a better explanation for the apparent lack of malvertising on linkedin.com, despite the site’s potential to distribute ads to the desired demographic?
This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are: