What to look out for
Why you should think before you link
In this section, we hope to provide you with some insights into the campaign. It is important to note that no single behaviour or hallmark should be taken in isolation. Rather, a combination of these factors should be considered indicative of a potential malicious approach.
How do they trick you?
Typically, hostile actors and criminals contact the target posing as an interested ‘employer’ or recruitment consultant presenting a unique business opportunity. They ask for further details about the target’s background, try to “sell” the business opportunity, and insist on discussing it privately, away from the initial website.
This kind of engagement is an attempt to understand the level of access the individual has to sensitive information, draw it out from them, and build a longer term relationship. Most of the time the target is not aware of the real purpose of the approach. In some instances, they believe they are providing information to develop a legitimate business opportunity.
Know the signs
There are many ways in which malicious profiles will try and connect with you. The examples below are just of some of the things to look out for.
Too good to be true
Offering remote, flexible working, a disproportionately high salary for the role advertised.
Lack of depth/details
A lack of any visible or checkable company information available online. The role itself lacks tangible details.
Flattery
Overly focusing on your skills/experience along with a reference to government or ‘high end’ candidates.
Urgency
Overly responsive to messages. Attempts to rush you off the website onto another communication method.
Scarcity
Emphasis on so called limited, one-off or exclusive opportunities.
Imbalance
Disproportionate focus on their company, rather than validating you as a possible candidate.
Why do some people engage?
These online approaches work in a similar way to other ‘scams’ (e.g. romance, financial, cyber scams). It may be increasingly difficult to suspect the scam as it progresses as you become psychologically invested and therefore reluctant to reassess your previous decisions. Many people may ignore their concerns and choose to focus on the so-called business opportunity.
Recognise the profile
When a new connection adds you or gets in touch on social networks, check to see if you recognise them first. If you do not recognise them, watch out for signs that you can associate with fake or malicious profiles.
1. Profile picture
Picture of highly attractive individual in a formulaic business setting such as an office. Largely detectable with reverse image search.
2. Company affiliation/description
Generic, non-descript consultancy or recruitment company. Reference to government contacts, ‘state owned’ enterprises. Similar content to other suspicious profiles.
3. Profile name
Typically this is a common western first name followed by a foreign surname.
4. Unrealistic job roles
Very senior or high-profile job roles, with a young profile picture.
5. Mutual contacts
Contacts with mutual friends may have been made to make the profile appear more legitimate. Many people don’t fully check the profiles of new requests before accepting.
Consequences of not reporting
Case Study
Emma
DV-cleared Ex Civil Servant
- Approached online over a professional networking site
- Travelled to a foreign country for meetings
- Over a six-month period Emma was recruited and provided with basic covert communications system to provide information to contacts
- Emma was asked to provide sensitive information in relation to HMG
Case Study
Jason
SC-cleared Engineer at UK Defence Contractor
- Approached online over a professional networking site
- Travelled to a foreign country for meetings with contacts established online
- Was asked for detailed technical information on military aircraft
- Arranged to travel to a foreign country for a third time before being disrupted by the Security Service
Search for Think Before You Link and download the app today.
