During the past five years, some 10,000 UK nationals have been lured by fake profiles connected to hostile nation-state threat actors on LinkedIn, the business-oriented social media platform.
According to the British spy agency MI5, the fake profiles are being deployed on an industrial scale.
The impostors are targeting staff in virtually every government department and in important industries, and are wooing them with promises of speaking, business or travel opportunities.
The staff are being recruited to provide confidential information.
To shed some light on the issue, the UK has initiated a PR campaign for government staff with a video titled ‘Think Before You Link’.
According to John Morgan, chief executive officer at Confluera, any cyber security strategy has a weak link that has nothing to do with software – the issues tend to arise due to the human factor.
Nowadays, attackers use more sophisticated methods, but the tried-and-tested methods of lying and social engineering remain an effective means of reaching their goals.
Morgan said that when a LinkedIn profile is constructed in a professional manner and presses all the right buttons, people tend to believe it.
At the same time, the lack of user verification is a well-known issue on the platform that has persisted over the years.
Due to the fact that LinkedIn is widely used by professionals, it makes it a desirable target for the malicious threat actors.
Chris Clements from Cerberus Sentinel added that recruiting personnel is one of the best methods of espionage – after all, insiders have existing access that they can use to potentially siphon off sensitive information without the fear of being caught.
Throughout history, both government and private institutions have been targeted.
In some cases, financial gain is the main motivator – in others, insiders are recruited on ideological grounds.