The UK’s domestic intelligence service has launched a new ad campaign after warning that state spies have already approached over 10,000 citizens via social media.
MI5 boss claimed that over the past five years, malicious profiles have been set-up and used “on an industrial scale,” according to the BBC. The broadcaster identified the platform as LinkedIn.
Those approached include staff at almost every government department, companies in strategically important sectors and academics. They might be offered business trips which could be used to try and recruit them into spying for hostile nations, the report claimed.
These employees are potentially more exposed to such approaches given they have been working from home and using personal devices more often, the government’s CSO told the BBC.
The new campaign, launched by MI5 offshoot the Centre for the Protection of National Infrastructure (CPNI), urges individuals to follow the “four Rs”: recognize malicious profiles, realize the threat, report profiles to managers, and remove them.
“Criminals and hostile actors may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information. They often do this by posing as recruiters or talent agents who will approach individuals with enticing opportunities, when their real intent is to gather as much information as possible from the target,” the CPNI said.
“The consequences of engaging with these profiles can damage individual careers, as well as the interests of your organisation, and the interests of UK national security and prosperity.”
John Morgan, CEO at Confluera, argued that humans continue to be the weakest link in cybersecurity.
“Although the lack of user verification is well known, it is hard not to believe someone’s background when presented in a professional manner. The fact that the platform is widely used by professionals makes it a much more enticing target due to the large size of the reward,” he added.
“As with any other new threat vectors, organizations should educate their employees but also prepare for attackers to eventually gain access to the network, services, and data.”
LinkedIn has issued a statement welcoming the campaign.