You probably know that you need to be careful about what you share on social media, but you might not know that China has been using LinkedIn to recruit unwitting informers. LinkedIn is a great tool for networking and career advancement, but it’s also a potential hotbed of spying activities and identity theft. Learn how to keep yourself safe while still making the most of LinkedIn.
Germany’s leading spy agency, Bundesamt für Verfassungsschutz (BfV), announced in December 2017 that the Chinese government has been using LinkedIn to infiltrate Germany and other countries to gain inside information. It published eight LinkedIn profiles which it said are fake, linked to non-existent organizations. In response, Microsoft, which owns LinkedIn, declared that it had deleted any fake profiles.
Germany accused China of fishing for connections with German and other European businesses and political leaders using LinkedIn. Europe and the USA have been worried for a while about China’s covert attempts to spy on Western activities, innovations, and intentions. The BfV chose to publish these fake LinkedIn profiles to warn people not to assume that every profile on LinkedIn is genuine. The BfV estimates that over 10,000 Germans have been targeted via LinkedIn to become informers.
LinkedIn contact followed a particular pattern. The fake Chinese profile, posing as a headhunter, consultant, or think-tanker would try to connect with leading business professionals and thought leaders for a professional ‘exchange of views’, followed by invitations to conferences and events in China. The BfV claimed that the Chinese surveillance agents wanted to gather information about European habits, hobbies, and political interests as the first step to recruiting informers.
Watch What You Share on LinkedIn
It’s widely known that you need to be careful what you share on social media in general, but not so many people realize the risks of identity theft and LinkedIn or the wider political threats going on. LinkedIn is a good place to share your qualifications, but there is other information that you shouldn’t share.
As well as the risks of surveillance from states like China, careless LinkedIn users face the risk of identity theft on LinkedIn. Hackers can harvest the personal information you share on LinkedIn to work out the answers to your security questions. Two ethical hackers demonstrated how they could track down users’ email addresses via LinkedIn and then use those to gain knowledge of other vital personal details.
If you’re asking yourself ‘what are my identity theft risks on LinkedIn?’ start by not sharing these details:
- Your financial details
- Your home address
- Your lesser-known personal details like the name of your elementary school or your mother’s maiden name, which are two of the most popular subjects for security questions
- Details about your interests, like the name of the local baseball team you play in or the neighborhood orchestra you take part in
- Exciting inside political or business information that isn’t in the general media
However, you can and should share other pieces of information like your high school or college, your professional qualifications, and your personal hobbies.
Be Social, but be Responsible on LinkedIn
LinkedIn encourages you to make connections and strengthen your social standing, but you still need to be responsible. Best practice recommendations for reducing the connection between identity theft and LinkedIn include:
- Don’t share sensitive information through LinkedIn. It’s much safer to use a company’s secure website rather than a direct LinkedIn message.
- Think twice before you connect with a stranger, even if they look attractive and even if their position sounds impressive. Do a bit of research to check that the company they ‘work for’ is legitimate and that they really exist as an employee on that company’s website.
- If you click through to a company website via LinkedIn, look for a secure connection before you enter your private information. Check that the browser bar shows a padlock symbol and https://.
- Check that LinkedIn messages are legitimate. Every valid LinkedIn message should include your name and current professional title in the footer, so look to see that it’s there before replying.
- Like with every social networking platform, use a strong password to protect your LinkedIn account from hackers and snoopers.
- If you suspect that an account is fake, report it to LinkedIn.
Be Mindful of What the Message Says
Unfortunately, your LinkedIn message box is just as vulnerable to spam messages and phishing attacks as your email account. Not everyone knows what are their identity risks on LinkedIn, so get to know the buzzwords that give away a non-legitimate LinkedIn message.
- Think twice before accepting a connection request from a LinkedIn user that you don’t already know. Any user with very few connections (especially under ten) should raise your suspicions.
- An incomplete profile, together with a user based outside of the USA (or your home country) are giveaways of a spam message.
- Although you shouldn’t judge people by their spelling errors, a profile and message that are full of typos and grammar mistakes should raise a red flag.
- Another point to look out for is someone without a photo or just showing a company logo. A photo which looks familiar is also suspicious. If you think you’ve seen this face before, do some digging.
One common LinkedIn scam is to send an email connection request with a button that you can press to accept the connection. The button looks like a real LinkedIn link, but if you click on it you’ll be redirected to a fake site that loads malware onto your device. Always go to your account to accept connection requests.
If you do receive a suspicious message via LinkedIn, archive the message. This gives you the option of reporting it as spam or misinformation. If you do accept a connection request and then realize that it wasn’t legitimate, just undo the connection and report the account. The real damage comes if you start having a conversation with a phishing LinkedIn account, which gives them the opportunity to discover your personal or vital employee information.
Stay Safe on LinkedIn
LinkedIn can be the gateway to your dream job, so don’t run away from it for fear of identity theft or of becoming an unknowing informer on your country. Keep your wits about you when responding to LinkedIn messages and connection requests, and protect yourself with one of the best ID theft services to keep your sensitive information safe.