Social media has become integrated into our daily lives. Digital channels such as Facebook, Instagram and LinkedIn are incredibly popular. Therefore, it is an everyday occurrence to receive messages for a potential (career) opportunity through these platforms. But what if that one connection is not what you think it is?
Recently it has been in the news that foreign intelligence agencies try to gather information and knowledge about essential subjects in different ways. One of these ways is to approach social media. This is usually done through Instagram, Facebook, or LinkedIn.
From connection requests to exchanging sensitive information
What often seems like an innocent connection request usually ends with significant consequences for the employee as well as the organization. This form of espionage is basically like the Tinder Swindler. Where the perpetrator contacts you, takes you out to dinner, gives gifts and appreciation. Then comes the demand for money and, in this case, for sensitive information. But how does this work? Espionage on social media starts with a personal approach, such as a connection request or contact request from an unknown person. In most cases, the connection requests are from men and women posing as a recruiter or consultant from a company or even a government agency. There are also cases of connection requests without a profile picture.
Flattery is central to the contact. The person behind the connection request praises your knowledge and experience and usually asks to share your expertise in an interview or article. After the initial contacts, it moves to email or WhatsApp, which follows up rapaciously with a physical conversation. Due to the rapid pace, a bond of trust is built in a short time. A bond of trust is crucial for espionage. Therefore, the victims are more likely to share sensitive or secret information with the person in question. This is often in exchange for money, a lucrative business deal or a good job in the perpetrator's respective country. Read here the story of Lesley, who became a victim of espionage and his experience.
How the intelligence services work differs in practice. But cases show that the approach is always bold and proactive. In some cases, the steps can follow each other rapidly, but there are also cases where it takes years before a relationship of trust is established. In the end, the goal is always the same, to acquire sensitive information or high-quality knowledge in a covert manner.
Am I next?
Does everyone run the risk of becoming a victim of espionage via social media? In principle, yes. It's just that in these cases, the "preference" goes to people who work for an organization or agency with access to unique or sensitive information. According to the AIVD, the following circumstances arouse the interest of intelligence services:
- Working for an organization with specialized (technological and innovative) knowledge that may be of interest to other countries.
- Having access to (personnel) data of other people working with confidential information.
- Work in the security domain, science, or the high-tech sector.
- Work as a public servant and deal with confidential files.
- Being a promising "young professional".
- Being the founder and/or owner of a successful startup or SME.
Not all connection requests hide scams but be alert to the risks and make other people aware of them too. Curious how you can recognize a fake profile, read the steps of the AIVD here. For further information about espionage on social media, please refer to the article by the AIVD.
Audittrail is an audit and advisory organisation in the field of security, privacy and GRC. Audittrail supports organisations with setting up awareness programs and offers organisations insight into the awareness level of its employee. Are you interested in how your organisation responds to a phishing email, or do you have questions about this article? Let us know via email@example.com or through + 31 71 747 17 17