MI5 Warns That Spies Are Using LinkedIn Lure Employees Into Sharing Organization Secrets

According to MI5, at least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.


The effort - Think Before You Link - warns foreign spies are targeting those with access to sensitive information.


Phishing and social engineering experts from Vectra and Confluera weighed-in on this latest warning from MI5.


Oliver Tavakoli, CTO at Vectra:

"LinkedIn pitches itself as the modern way to build your professional network. The value of that network comes down to the quality of connections rather than their quantity. So when a stranger approaches you via LinkedIn, you should consider is just as skeptically as an approach by a stranger on your phone or by email. The mere fact that they have a connection to someone you know simply means they might have duped that individual into accepting a connection – so short of an introduction by that common contact, consider such 2nd level connections with as much suspicion as an unsolicited email arriving in your inbox."

John Morgan, CEO at Confluera:

"Humans continue to be a weak link in any cyber and data security strategy. Attackers are more sophisticated today, but good old fashioned lying and social engineering continue to be effective as many people are driven by relationships and engagement. The use of social media or email to impersonate a customer, colleagues, or partners is nothing new. Despite the recent surge of attacks leveraging LinkedIn, that threat vector is also not new.

As with any other new threat vectors, organizations should educate their employees but also prepare for attackers to eventually gain access to the network, services, and data. It is up to the security analysts to then detect the attackers as they navigate throughout the network to find their ultimate prize."



###