Foreign spies are using fake LinkedIn profiles on an “industrial scale” to gain information about the United Kingdom’s national security, with more than 10,000 “disguised approaches” detected by MI5 in the last year. The warning from the Centre for the Protection of National Infrastructure comes as the FBI cautioned that North Korean agents are posing as IT workers to gain access to businesses in the US.
“Many of these profiles are established as an elaborate ruse for eliciting details from either officials or members of the public who may have access to information relating to our national security,” said cabinet office minister Steven Barclay, whose portfolio includes cyber security. “It is therefore crucial that we do all we can to protect ourselves and our information, ensuring those who we connect with online are who they say they are.”
Why are fake LinkedIn profiles being used by spies?
According to Ken McCallum, director general of MI5, the agency had detected more than 10,000 attempts on professional networking sites like LinkedIn targeting people across the country in the past year. “Foreign spies are actively working to build relationships with those working in government, in high-tech business and in academia,” he added.
The nature of LinkedIn as a networking platform and the amount of personal and professional information posted makes it an ideal target for espionage purposes and general criminal activity. “LinkedIn is a platform in which people are used to having unknown people approach them, which provides the attackers good grounds to lure victims,” says Omer Dembinsky, research manager at the cybersecurity firm Check Point.
Recent research conducted by the company shows that fake LinkedIn details were used in 52% of phishing attacks detected in the first quarter of 2022, up from 8% in the previous quarter. The business social network now accounts for more than half of all phishing-related attacks globally, according to Check Point’s research.
The scale of the problem can be understood through the sheer amount of fake profiles on the professional networking site. Data from LinkedIn’s most recent transparency report shows that during the first six months of 2021, 11.6 million fake accounts were detected and stopped at the registration stage. In 2020 during the same period and stage, 33.7 million accounts were disrupted, an increase from 19.5 million the previous year.
According to the same report, 3.7 million fake accounts were successfully created in the first half of 2021 until they were “restricted proactively”, before other LinkedIn users flagged them. This was an increase from 3.1 million in 2020, and from two million in 2019.
This article originally appeared on Tech Monitor.