Fake LinkedIn profiles can be used to trick you into sharing secrets

Hostile nation-state actors pose as recruiters or talent agents to gain trust and secrets

Fake LinkedIn profiles pose a risk to members who could be duped into sharing sensitive secrets on the popular Microsoft-owned professional networking platform, a BBC report says.

The UK’s MI5 security service said that over the past five years at least 10,000 UK nationals have been targeted by fake LinkedIn profiles connected to hostile nation-state actors, according to the BBC.

The report cited MI5 chief Ken McCallum, who said that this is happening on "an industrial scale."  

The MI5 warned that LinkedIn users who had accepted connection requests from fake profiles may have been tricked into sharing secrets, the report said.

Ticker Security Last Change Change %
MSFT MICROSOFT CORP. 417.00 +4.13 +1.00%

LINKEDIN SAYS SOME USER DATA SCRAPED AND POSTED FOR SALE

Typically, the fake profiles pose as recruiters or talent agents who will approach individuals with "enticing opportunities," according to the UK’s Centre for the Protection of National Infrastructure (CPNI) which is running a "Think Before You Link" campaign.

"We’d be grateful if you’d agree to be our keynote speaker at our prestigious conference," according to a video on the Think Before You Link page, which depicts a typical pitch made by a fake profile.

The pitch continues. "We can offer you an attractive fee and all expenses will be paid. Just accept my request and connect and I’ll tell you more." 

CPNI warns that by accepting the request you can become linked to malicious profiles run by hostile states or organized crime organizations and that you could possibly harm national security – depending on what your organization does and your role at the organization.

LinkedIn Logo (iStock)

And a further risk is, you could unintentionally associate your organization, your manager, and your colleagues, CPNI said.

On its "Creating trusted connections" page, LinkedIn says it welcomes the efforts of the CPNI and it removes fake accounts based on intelligence "from a variety of sources, including government agencies."

"Humans continue to be a weak link in any cyber and data security strategy … good old-fashioned lying and social engineering continue to be effective as many people are driven by relationships and engagement," John Morgan, CEO at Confluera, told FOX Business in a statement.

Though the most typical example is an attacker impersonating a trusted third party, "I’ve seen cases where attackers impersonate fellow employees in the same company," Morgan said.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

"The value of [LinkedIn] comes down to the quality of connections rather than their quantity," Oliver Tavakoli, CTO at Vectra, told FOX Business in a statement.

"So when a stranger approaches you via LinkedIn, you should consider it just as skeptically as an approach by a stranger on your phone or by email," Tavakoli said.

The CPNI says to report suspicious link requests to a cybersecurity manager and remove the profile so that your colleagues are no longer at risk.