MI5 has warned about spies luring people on LinkedIn.
According to MI5, at least 10,000 U.K. nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information, BBC reports.
To help deter further criminal activity, the Centre for the Protection of National Infrastructure (CPNI) has launched a new campaign. The effort – Think Before You Link – warns foreign spies are targeting those with access to sensitive information. The criminals who often pose as recruiters or talent agents will approach enticing opportunities, when their real intent is to gather as much information as possible from the target.
The consequences of engaging with these criminals can damage individual careers, as well as the interests of organizations, and the interests of U.K. national security, CPNI says.
The campaign asks government staff to focus on “the four Rs”:
- recognizing malicious profiles
- realizing the potential threat
- reporting suspicious profiles to a security manager
- removing the profiles
“LinkedIn pitches itself as the modern way to build your professional network. The value of that network comes down to the quality of connections rather than their quantity,” Oliver Tavakoli, CTO at Vectra says. “So when a stranger approaches you via LinkedIn, you should consider is just as skeptically as an approach by a stranger on your phone or by email. The mere fact that they have a connection to someone you know simply means they might have duped that individual into accepting a connection – so short of an introduction by that common contact, consider such 2nd level connections with as much suspicion as an unsolicited email arriving in your inbox.”
John Morgan, CEO at Confluera, explains that the latest focus on LinkedIn by attackers was inevitable. He adds, “Although the lack of user verification is well known, it is hard not to believe someone’s background when presented in a professional manner. The fact that the platform is widely used by professionals makes it a much more enticing target due to the large size of the reward. As with any other new threat vectors, organizations should educate their employees but also prepare for attackers to eventually gain access to the network, services, and data. It is up to the security analysts to then detect the attackers as they navigate throughout the network to find their ultimate prize.”