The Potential for Malicious Ads on linkedin.com

LinkedIn includes a platform that allows advertisers to display targeted ads to linkedin.com users. The advertiser can specify the URL of the advertised website. As the result, this presents an opportunity to direct linkedin.com visitors to malicious websites through LinkedIn ads.

However, I have not found any confirmed incidents where the LinkedIn website was used to host such malvertisements. Why not?

This might be because of a relatively high cost of setting up a LinkedIn campaign. Though the site allows advertisers to budget as little as $10 per day, the minimum cost per click is $2. That’s more than many other advertising venues would charge.

Another reason for scammers not distributing malicious ads through LinkedIn might be the effort it takes to build a reputable LinkedIn profile, which is necessary to submit the ad. Though this cost isn’t very high, it may be more effort than what’s involved in submitting ads to other venues.

Do these reasons make sense to you? Do you have a better explanation for the apparent lack of malvertising on linkedin.com, despite the site’s potential to distribute ads to the desired demographic?

This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are:

Lenny Zeltser

Updated

About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more