The Potential for Malicious Ads on

LinkedIn includes a platform that allows advertisers to display targeted ads to users. The advertiser can specify the URL of the advertised website. As the result, this presents an opportunity to direct visitors to malicious websites through LinkedIn ads.

However, I have not found any confirmed incidents where the LinkedIn website was used to host such malvertisements. Why not?

This might be because of a relatively high cost of setting up a LinkedIn campaign. Though the site allows advertisers to budget as little as $10 per day, the minimum cost per click is $2. That’s more than many other advertising venues would charge.

Another reason for scammers not distributing malicious ads through LinkedIn might be the effort it takes to build a reputable LinkedIn profile, which is necessary to submit the ad. Though this cost isn’t very high, it may be more effort than what’s involved in submitting ads to other venues.

Do these reasons make sense to you? Do you have a better explanation for the apparent lack of malvertising on, despite the site’s potential to distribute ads to the desired demographic?

This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are:

Lenny Zeltser


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more