Fake LinkedIn Connection or InMail
Attack Trigger
Professional networking context makes recipients lower their guard
What Attackers Want
LinkedIn credentials / professional network account takeover
How This Attack Works
Attackers send emails mimicking LinkedIn connection requests or InMail notifications. Clicking "Accept" or "View Message" leads to a fake LinkedIn login page that captures credentials, which are then used for BEC attacks or sold.
Red Flags to Watch For
- ✗Sender domain is not @linkedin.com
- ✗Link does not go to linkedin.com
- ✗Connection request is from someone you have never interacted with professionally
- ✗Message contains urgent language or an unusual external link
Known Malicious Domains
These domains have been associated with this attack. Never click links going to these addresses.
- linkedin-message-alert.comMALICIOUS
- linkedin-connection-request.netMALICIOUS
- inmail-linkedin-notify.comMALICIOUS
Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free