At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said these fake profiles are being used on “an industrial scale” to launch social engineering attacks.
“MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved,” BBC says. “The 10,000-plus figure includes staff in virtually every government department as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.”
LinkedIn is particularly useful for these types of campaigns because many users regularly connect with people they don’t know.
The UK’s Chief Security Officer Dominic Fortescue stated, “Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”
The UK’s Centre for the Protection of National Infrastructure (CPNI) has launched an initiative dubbed “Think Before You Link” to raise awareness of social engineering on LinkedIn. LinkedIn itself said it welcomed the government’s campaign.
“We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom,” LinkedIn said. “Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust. We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members.”
New-school security awareness training can help your employees recognize targeted social engineering attacks.
The BBC has the story.