Cybercriminals Use Job-Specific Social Media Platforms to Target UK Citizens With Fake Accounts

Social Media Platforms Target UK CitizensAt least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said these fake profiles are being used on “an industrial scale” to launch social engineering attacks.

“MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved,” BBC says. “The 10,000-plus figure includes staff in virtually every government department as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.”

LinkedIn is particularly useful for these types of campaigns because many users regularly connect with people they don’t know.

The UK’s Chief Security Officer Dominic Fortescue stated, “Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”

The UK’s Centre for the Protection of National Infrastructure (CPNI) has launched an initiative dubbed “Think Before You Link” to raise awareness of social engineering on LinkedIn. LinkedIn itself said it welcomed the government’s campaign.

“We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom,” LinkedIn said. “Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust. We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members.”

New-school security awareness training can help your employees recognize targeted social engineering attacks.

The BBC has the story.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews