LinkedIn’s spy problem
Ever gotten a weird connection request on Linkedin? You’re not alone. A valuable resource for career networking, the Microsoft-owned site has amassed 930 million members since its inception in 2002, so it’s unsurprising that some might not be entirely above board.
However, the personal nature of the information people share on LinkedIn — things like job history, location, and professional connections — has made it appealing to scammers and even spies. That’s right, spies.
The next time you get an unusual connection request, you might want to look a little closer before you accept them automatically.
It might sound a little far-fetched, but there have been numerous reports of suspected spies lurking on LinkedIn over the past few years. Last year, the United Kingdom’s MI5 warned that they had detected more than 10,000 online espionage attempts on LinkedIn over the previous year. Ken McCallum, director general of MI5, the agency, described ideal targets as “those working in government, in high-tech business and in academia.”
Meanwhile, in September 2022 KrebsOnSecurity noted a sudden influx of fake Chief Information Security Officer profiles for many Fortune 500 companies, such as Chevron and ExxonMobil. Just a few weeks later KrebsOnSecurity wrote about how more fake profiles were creating headaches for HR departments managing invite-only LinkedIn groups. These fake profiles tended to be related to recent global events and news trends, particularly crisis relief and disaster recovery.
According to Wired, many such fake accounts are created by state-backed groups from countries like Russia, China, North Korea, and Iran. They connect with targets and utilize malware and phishing scams to steal sensitive information. But sometimes, these fake profiles’ shady behavior is more than just spamming and hacking. It can also serve as a tool for recruitment.
One high-profile example involved a former Danish Foreign Ministry official who had also worked for the Obama administration. The New York Times reported that Jonas Parello-Plesner received a message from a woman on LinkedIn claiming to be from a Chinese headhunting firm. She offered to fly him to China and provide him with well-paid opportunities. When he arrived in Beijing, he wasn’t met by the woman but by three middle-aged men who offered him “great access to the Chinese system”.
Unlike some social media sites, on LinkedIn, it’s normal to have unknown people approach you, whether for a job offer, career collaboration, or simple connection. That’s the nature of networking, after all, and LinkedIn provides a convenient platform for professionals to do it on a digital device from anywhere in the world. But the price of that convenience is your anonymity. When you’re dealing with anyone you’ve never met in real life online, it’s quite challenging to make sure that they are who they say they are. And LinkedIn is no exception.
It likely helps that LinkedIn is the only American social media platform that isn’t blocked in countries like China (though that will soon change). The New York Times also points out that many former government employees highlight their security clearances on their profiles to appeal to potential employers, inadvertently appealing to shady LinkedIn users at the same time.
How LinkedIn is fighting the problem
LinkedIn is aware of the problem and has introduced several features for weeding out fake profiles, such as identity verification, AI-generated profile photo detection, and an “about this profile” feature that will show users when a particular profile was created. According to the company’s Community Report, between July and December 2022, around 58 million profiles were detected and removed by LinkedIn. 87.4% of these were blocked at the registration stage, while manual investigations and restrictions caught 12.6%. The remaining fake profiles were reported by LinkedIn members.
But it’s not entirely foolproof, and some fake profiles still fall through the cracks. Cybersecurity experts believe users still need to be careful about who they engage with and what they advertise on LinkedIn. Mike Clifton, executive vice president and chief information and digital officer at Alorica, told CNBC, “It’s important to stay vigilant and engage cautiously on social networks to protect your information.”
This isn’t news to me, I’ve had weird “connections” added to my LinkedIn account from Russia and China and elsewhere for years. Reviewing my account information from LinkedIn verified that I had never contacted them nor invited them. Glad they are announcing this publicly, I guess.