Hackers are using LinkedIn as the ultimate phishing tool

Think before you accept that LinkedIn connection invitation, MI5 warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

According to MI5, the UK’s security agency, at least 10,000 citizens have been approached by state-sponsored threat actors using fake profiles on a popularsocial mediaplatform.

While MI5 did not specifically name the platform, the BBC claims to have learned that the platform in question isLinkedIn.

The technique is reminiscent of anattack earlier this yearthat specifically targeted security professionals. Uncovered byGoogle’s Threat Analysis Group (TAG), the attack was pinned on North Korean state-sponsored hacking groups that employed various means - including creating elaborate fake personas - to break into victims’workstations.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

According to MI5, the LinkedIn attacks are wider in scope and directed at staff in government departments and major businesses. Once connected, the scammers try to bait the individuals by offering speaking or business opportunities, before attempting to recruit them to pass on confidential information.

Know your friends

MI5 warned that, instead of directly approaching the intended victim, the scammers might first try to infiltrate their social network, using mutual acquantances to cultivate a false sense of security.

The intelligence agency has launched a campaign to educate government workers about the threat, and equip them with the know-how to spot fake profiles.

In a release, LinkedIn said it welcomes MI5’s ‘Think Before You Link’ campaign and offered insight into the ways in which it is already attempting to weed out bad actors, state sponsored and otherwise.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Our Threat Intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies,” shared LinkedIn.

ViaBBC

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call