AI supercharges LinkedIn phishing risks in Australia

TrendAI, Trend Micro's AI-driven business unit, has published research showing how attackers can turn public LinkedIn activity into targeting intelligence for phishing and similar attacks in under 30 minutes.

The work focuses on Australia, where TrendAI estimates more than half of the population uses LinkedIn. It describes the platform as the country's largest professional database and a growing source of information for cybercriminals.

The research argues that widely available AI tools have changed the speed and cost of reconnaissance. Attackers can now automate early-stage profiling that once took weeks or months of manual effort, including mapping leadership teams, inferring reporting lines, and analysing posts and images for personal details that can shape a lure.

OSINT shift

Open-source intelligence has long played a role in targeted cybercrime. TrendAI describes a shift from manual collection and analysis to automated workflows that turn public LinkedIn content into structured organisational intelligence.

LinkedIn posts, images, and metadata can be treated as machine-readable inputs and enriched, ranked, and converted into profiles with off-the-shelf tools. Researchers describe this as a change in the economics of targeting, with less reliance on specialist skills and greater emphasis on volume and motivation.

One key finding is that leadership teams can be profiled in under 30 minutes using widely available tools. Once profiling is complete, personalised emails and convincing phishing sites can be generated automatically.

Proof of concept

The research outlines a proof-of-concept system that automates the collection of public LinkedIn information, enriches it through contextual analysis, and generates material that could be used in spear-phishing campaigns.

The system uses public posts, images, and metadata to produce structured organisational intelligence and individual profiles. It can also infer personal interests from public activity and reflect those details in tailored messaging.

Researchers emphasise that the system does not rely on privileged access or a breach, and does not require insider knowledge. It uses publicly accessible information and widely available tools.

Security teams already treat public corporate information as a risk factor, but TrendAI frames the key development as practicality at scale. Automated data collection, multimodal analysis, and accessible AI tooling make reconnaissance faster and easier to repeat across many targets.

Employee footprint

A central theme is that an organisation's attack surface now extends to employees' public professional activity. Staff "digital footprints" can provide enough context for attackers to craft believable impersonations and lures, including leadership structures, work topics, event attendance, and other signals shared through routine posting.

Researchers argue this should change how defenders think about exposure. They recommend moving beyond awareness training alone and adopting a broader strategy that includes policy, education, and controls for a world where threat actors can observe staff activity externally.

The work began as an internal OSINT exercise to measure how quickly a realistic system could be built using modern AI-assisted development workflows. The team assessed whether automation could cover the collection, enrichment, and operational use of LinkedIn data to produce tailored targeting material.

They argue the result establishes a "new baseline" rather than a new technique-capability that would have been difficult to execute at speed only a few years ago.