The Potential for Malicious Ads on

LinkedIn includes a platform that allows advertisers to display targeted ads to users. The advertiser can specify the URL of the advertised website. As the result, this presents an opportunity to direct visitors to malicious websites through LinkedIn ads.

However, I have not found any confirmed incidents where the LinkedIn website was used to host such malvertisements. Why not?

This might be because of a relatively high cost of setting up a LinkedIn campaign. Though the site allows advertisers to budget as little as $10 per day, the minimum cost per click is $2. That’s more than many other advertising venues would charge.

Another reason for scammers not distributing malicious ads through LinkedIn might be the effort it takes to build a reputable LinkedIn profile, which is necessary to submit the ad. Though this cost isn’t very high, it may be more effort than what’s involved in submitting ads to other venues.

Do these reasons make sense to you? Do you have a better explanation for the apparent lack of malvertising on, despite the site’s potential to distribute ads to the desired demographic?

This post is part of a series that explores LinkedIn scams, fraud and information security risks. The other posts are:

Lenny Zeltser


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more