Beware of Espionage Efforts on Professional Networking Sites

Updated: Jul 24, 2019

Individuals using professional networking sites—particularly LinkedIn—should be aware of foreign governments attempts to connect online to gain access to classified or sensitive US Government information or proprietary intellectual property and technology. Indicators of state-sponsored fake accounts include fake profile photos, limited connections, and generic job titles. In 2018, the head of the National Counterintelligence and Security Center disclosed a Chinese espionage campaign that entailed an effort to recruit individuals with access to government and commercial secrets via LinkedIn. France and Germany have warned about similar foreign espionage efforts on LinkedIn.

Fake LinkedIn Profile of Katie Jones (Source: The Verge)

  • In June, the Associated Press revealed that the LinkedIn account of Katie Jones was fake and likely used a computer-generated profile picture. The profile featured a job at a prominent DC-based think tank and an expansive network of experts. These credentials enabled the imaginary Jones to make connections to a deputy assistant secretary of state, a senior aide to a US Senator, and an economist considered for a seat on the Federal Reserve Board of Governors. Experts who reviewed the profile noted that flaws in the profile, such as experiences and degrees that could not be verified, mirrored other state-run espionage efforts on the networking site. Authorities have not disclosed which state was behind the profile.

  • In June 2018, Kevin Mallory, an ex-CIA officer, was convicted of espionage for transmitting classified information to China. Mallory was contacted on LinkedIn in February 2017 by an individual claiming to represent a Chinese think tank but who the FBI says was a Chinese intelligence officer. Mallory traveled to China, delivering documents containing secret and top-secret US defense information to the Chinese contact in exchange for money.

  • In 2017, a GE Aviation engineer received a message on LinkedIn from an individual claiming to be the deputy director of the International Cooperation and Exchange Office at the Nanjing University of Aeronautics and Astronautics in China. After an email exchange, the US-based engineer agreed to share information on GE Aviation’s proprietary technology. An FBI investigation determined the same individual, who was subsequently arrested and extradited to the United States on espionage charges, conducted multiple probes on LinkedIn designed to collect information on technologies.

Protect Yourself Against Espionage Efforts on Professional Networking Sites

Source: Ignite Social Media

Fake profiles may use stock photos or model-quality photos of a lesser known actor/actress or public-figure as profile pictures. Do a reverse image search to determine if the same image has been used previously online. Using Google Chrome, right-click and select “search Google for image.” For other web browsers, upload or paste the image using Google’s image search and selecting the camera icon.

Source: BBC News

A fake profile may lack specificity in the summary and experience sections or use a generic job title such as

“manager” or “recruiter.” Spend a moment reviewing the profile before clicking accept.

Source: LinkedInsights

Fake profiles may have a limited number of connections or connections that are all the same or all the opposite gender. Check mutual connections to assist with confirming the validity of a profile.

Additional Safety Practices

  • Never accept connection requests from individuals you do not know without reviewing their profile first.

  • Do not provide personal information such as your Social Security Number in an online job application sent to you via a direct message.

  • Refrain from sharing specific information about your position or company over messaging.

Visit LinkedIn to report fake profiles on their site.

Download PDF

The NTIC is governed by a privacy, civil rights, and civil liberties protection policy to promote conduct that complies with applicable federal, state, and local laws. The NTIC does not seek or retain any information about individuals or organizations solely on the basis of their religious, political or social views or activities; their participation in a particular noncriminal organization or lawful event; or their race, ethnicities, citizenships, places of origin, ages, disabilities, genders, or sexual orientations. No information is gathered or collected by the NTIC in violation of federal or state laws or regulations.