900 million people around the world use LinkedIn. It is by far the largest professional-driven social media network. More than likely you have checked your own LinkedIn profile today. Hundreds of millions of people use it for professional networking, searching for employment, recruiting, and skills development. It also is, increasingly, being used in social engineering campaigns.

Cyber actors tied to Russia, North Korea, Iran, and China have been discovered using LinkedIn in social engineering.

In the past year, a North Korean group known as UNC2970 or TEMP.Hermit has pivoted from spearphishing emails to reaching out to executives at media and technology companies directly on LinkedIn.

The group begins by creating convincing profiles on the platform. Using these profiles, the group reaches out to their victims with phony job offers and then convinces them to move a conversation to WhatsApp, where the victim’s device is infected by malware. The target is sent a phishing payload disguised as a job description.

In other cases, attackers spoof an account of an actual person to fool victims. An Iranian hacking group called Charming Kitten was recently discovered creating an account that spoofed a politics and security researcher and using the account to target a freelance journalist that works for a platform that has been critical of the Iranian government.

North Korean attackers were also discovered pretending to be a recruiter at Meta reaching out to potential recruits. After connecting, they ask a victim to complete a programming challenge to move forward with the hiring process. The programming challenge is a scam designed to deploy malware on to a victim’s device.

Late last year, cybersecurity journalist Brian Krebs discovered several fake LinkedIn profiles for chief information security officer (CISO) roles at some of the world’s largest corporations such as Chevron and ExxonMobile. The profiles were at least convincing enough to fool Google search results and a magazine that publishes a list of CISOs at the world’s largest companies.

Fake LinkedIn accounts often come with them pictures of attractive people, mostly female. This is to lure, typically male, executives who could be attracted to the photos.

For years, attackers have used LinkedIn as a potential avenue for social engineering, and there are clear reasons why.

Because LinkedIn is more professionally focused, people are more likely to connect with people they don’t personally know. Also, because it is used by job seekers, clicking on links to documents or spreadsheets seems less suspicious than it might on other social media platforms like Facebook. As an example, if you receive a PDF from your “uncle” on Facebook Messenger, your guard is likely higher than it would be if a recruiter sent you a PDF job description in a LinkedIn direct chat.

Also, many people who use LinkedIn are searching for something, typically gainful employment. People searching for something, whether it be a new job, romantic relationships, a quick and easy cryptocurrency windfall, are more susceptible to social engineering attacks than those who are not. When you want something badly enough, you are willing to take chances or risks to get that thing. Often these chances or risks remove some aspects of common sense.

The current uncertain economy could make LinkedIn an even more appealing social engineering platform. More people are currently looking for work or at least keeping their options open in case something happens to their current employment. This means people will be more accommodating if they are approached by a recruiter or c-suite executive on LinkedIn.

What are some things you can do to protect yourself from these types of attacks:

Well, the obvious one is that you should not connect with anyone on LinkedIn unless you know them and you are certain the account belongs to that person. However, that is a tough ask, only connecting with people that you have met. Many have been asked to connect with someone who saw us speak at conference or wants us to come on their podcast although we have never been personally introduced to that person.

So, if you are going to connect with people you don’t know, before you do, examine their profile. How may followers or connections do they have? When is the last time they have posted? Do you have any connections in common? What are their posts like? Are their posts just reposts or do they actually write their own content?

Be very wary if a connection asks you to communicate anywhere else besides LinkedIn, business telephone, email, or Zoom. If a connection asks you to migrate from LinkedIn to a platform such as WhatsApp, your shields should immediately rise. Now, the person may have a legitimate reason for communicating on WhatsApp, but the likelihood of fraud grows exponentially higher in any case where such an ask is made.

Never download a document or click on a link from a connection, especially one you just met, unless you are absolutely certain that it is not loaded with malware or will take you to a credential harvesting site. Anytime you receive a link or a document from a connection on LinkedIn, be very careful to investigate its source.

For executives, employee awareness training and testing for employees is critical. It is important that your team members understand the social engineering risks they face, including those from LinkedIn.

The final thing is that you should always understand your motivations. This takes some emotional intelligence. But it is really true that social engineering is successful because people want something. Romance scams work because people want romance. Cryptocurrency scams work because people want to get rich quickly. Employment recruiting scams work because people want meaning, security, and purpose in their lives.

If you are lonely, you must understand that you are more at risk to romance scams or to believing an attractive avatar could be a real person and therefore interact with that avatar. If you are looking for work, or unhappy in your current position, you are more likely to jump when a recruiter reaches out with an enticing offer.

Before making any decisions that you may regret on an online platform, look inward and understand what is motivating you to make your current decision. That’s good practice generally in life, but before you wire out money, download an attachment from a new connection, or check out a document that could either change your life or be loaded with malware, understand why you are taking the action that you are.

When we think of social engineering, we mostly consider email. However, now that an increasing amount of our communication and connection comes from social media and networking platforms like Facebook and LinkedIn, we must now be extra-vigilant to guard ourselves from social engineering on these sources as well.