The UK government’s MI5-run Centre for the Protection of National Infrastructure’ has launched a new app to help people spot approaches from foreign spies and organised criminals seeking sensitive information.
According to MI5, 10,000 UK nationals across society were approached last year via fake social media profiles, e.g. on LinkedIn and Facebook.
Although the new ‘Think Before You Anybody can download link’ app is aimed at people working in sensitive industries, those working in government (e.g. civil servants) and those in high-tech businesses and academia.
According to the CPNI, hostile actors and criminals usually contact the target by posing as an interested ‘employer’ or recruitment consultant presenting a unique business opportunity. They then ask for further details about the target’s background and try to “sell” the business opportunity, insisting on discussing it privately, away from the initial website.
The CPNI says that this kind of engagement attempts to understand the individual’s level of access to sensitive information by drawing it out from them and then building a longer-term relationship. The idea is, of course, that the target remains unaware of the real purpose of the approach and, in some instances, they believe they are providing information to develop a legitimate business opportunity.
The CPNI says that some of the signs of an approach by hostile actors include offers that are ‘too good to be true, a lack of any visible or checkable company information available online, the use of flattery, attempts to introduce urgency, selling an idea/opportunity as being scarce/ one-off or exclusive, and the imbalance of a disproportionate focus on the target’s company, rather than validating the mark as a candidate.
The ‘Think Before You Link’ app, designed with the help of behavioural scientists, uses the following features to help protect the users from approaches by spies and scammers:
– Interactive learning provides the user with the knowledge of how to spot malicious approaches. This includes tailored content and case studies with more relevance to the user’s sector and role.
A social media profile reviewer includes a built-in reverse image search to identify profile pictures that may be re-used from other sites and includes self-answer questions.
– A reporting mechanism to help the user report a profile that might be malicious.
With threats such as economic espionage, worries about how states such as China and Russia use social media to influence opinion, a proliferation of online scams (e.g. recent ones utilising the situation in Ukraine), and news of Pegasus spyware at 10 Downing Street, fears are running high. This app may be a useful way to educate, alert and remind those in sensitive professions of today’s threats, as well as providing a fast and handy way for reporting, which could help provide a more accurate picture of the type and range of security threats and help enable quicker and better responses. Although most of us are unlikely to be targeted by spies, at least this app may stop and flag up some of the many security compromises via fake social media profiles. It may also provide a way for the government to gather evidence that may be used to put more pressure on the major social media companies to do more to tackle the problem of fake profiles.
