LinkedIn is generally treated by its users as the most serious of social media platforms due to its focus on the professional world. However, this may have made users particularly vulnerable targets for phishing scams.
No less important an organisation than MI5 has raised the issue, stating that over 10,000 people on a social network had been approached by rogue actors with fake profiles working on behalf of foreign states. The body did not name the social network, but the BBC stated it was LinkedIn.
The aim of the attacks has been to get people working in government departments and large businesses to link with them, with the scam merchants seeking to entice them to compromise cyber security and pass on important information with offers of new business opportunities.
In order to stop people targeted by scams from giving away sensitive information to these scammers, the Centre for the Protection of National Infrastructure has launched a campaign called Think Before You Link. This warns about the malign intentions of foreign agents and states that the use of fake LinkedIn accounts is a common tactic.
Among the factors that increases the threat posed by these fake accounts is the fact that once one person on LinkedIn has accepted an offer to connect, their other contacts will be more likely to accept these unsolicited requests once they see a mutual connection exists.
The campaign website carries extensive guidance and a series of informative videos, all designed to raise awareness of the threat and show people how they should respond if they suspect they are being targeted by phishing attempts in this manner.
One video shows the headshot image on a fake account changing once the target clicks accept on the request, with the narrator stating: “Connecting with profiles you don’t know can have unforeseen and damaging consequences”.
It then goes on to depict a network forming of “hostile states and organised criminals”, with figures from North Koreans to crooks in balaclavas placing their hands on the shoulders of each other, as well as with the phishing victim. It advises anyone who thinks they might have linked to someone suspicious to report it to their manager, before reviewing and potentially removing the connection.
LinkedIn has welcomed the campaign, stating: “Our Threat Intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies.”
The threat identified by MI5 is not the only recent phishing scam aimed at LinkedIn users. Earlier this month the eSentire Threat Response Unit identified a spear phishing scam from a group called Golden Chickens.
Aimed at those using LinkedIn to seek jobs, it would send a file-less backdoor disguised as a Zip file connected to a job vacancy. Instead, the upload, called more_eggs, allows the criminals to gain access to the system and add malware and ransomware.
According to eSentire, this poses a “formidable threat to businesses and business professionals”, as it us able to get round the usual antiviral and security systems and make it easy for the criminals to steal data.