Skip to content
Naked Security Naked Security

Spies are watching… on LinkedIn

The young professionals portrayed in the LinkedIn listings are hot, enticing, and fictitious.

Germany’s spy agency – Bundesamt für Verfassungsschutz (BfV) – has published eight of the most active profiles it says are used on LinkedIn to contact and lure German officials for espionage purposes.

No surprises here – the young professionals the profiles portray are hot, enticing, and fake. BfV alleges that they’re just fronts used by Chinese intelligence to gather personal information about German officials and politicians.

Hans-Georg Maassen, chief at Germany’s intelligence agency (BfV), on Sunday alleged that Chinese intelligence has used LinkedIn to target at least 10,000 Germans, possibly to recruit them as informants.

Reuters quoted the BfV:

Chinese intelligence services are active on networks like LinkedIn and have been trying for a while to extract information and find intelligence sources in this way, [including seeking data on users’ habits, hobbies and political interests].

China denies it all.

Speaking in Beijing on Monday, Chinese Foreign Ministry spokesman Lu Kang said that the allegations are “completely groundless” accusations that amount to “chasing the wind and clutching at shadows.”

We hope the relevant German organizations, particularly government departments, can speak and act more responsibly, and not do things that are not beneficial to the development of bilateral relations.

The BfV identified faked profiles including:

  • “Rachel Li”, identified as a “headhunter” at “RiseHR”
  • “Alex Li”, a “Project Manager at Center for Sino-Europe Development Studies”
  • “Laeticia Chen”, a manager at the “China Center of International Politics and Economy” whose attractive photo was reportedly swiped from an online fashion catalog, according to a BfV official.

Reuters found that some of the profiles were connected to senior diplomats and politicians from several European countries, but that’s it: there’s no way to find out whether any further contact had taken place beyond initial social media “adds.”

According to the Financial Times, the BfV’s report is the result of a nine-month survey of social networks that began in January.

Maassen classified China’s work on LinkedIn as a “broad attempt to infiltrate parliaments, ministries and administrations.”

Chinese intelligence services are using new strategies of attack in the digital space. Social networks, especially LinkedIn, are being used in an ambitious manner to gather information and for recruitment.

The BfV said that establishing contact through social media has been on the agenda of foreign intelligence services for some time:

Information about habits, hobbies and even political interests can be generated with only a few clicks. Chinese intelligence agencies in particular are active on networks like LinkedIn.

According to German media reports, the Chinese intelligence services used fake profiles to contact members of the German and European parliaments, as well as senior military officials and representatives of foundations, lobby groups and consultancies.

Once contact was made, the spies would try to launch a professional exchange of views and information, followed by invitations to conferences and other events in China.

LinkedIn’s owner, Microsoft, on Monday announced that it had deleted any fake Chinese user profiles that were in violation of its Terms of Service.

How to fend off LinkedIn lusciousness

  • Don’t friend strangers. If you haven’t met someone in person, don’t accept their request to connect, even if they are a super-hot piece of crumpet.
  • Be careful what you share on social media. Work-related details are a goldmine for phishers, or potential spies.
  • Report imposter profiles. If you suspect a profile is fake, report it to LinkedIn.


Social media, including LinkedIn, is a time waster. Maybe there are people who truly get real use from it, but having tried it and dropped it, I found it wastes so much time, it is of negative value overall. Facebook is the ghetto of the internet, and LinkedIn is barely a step up.


Soooo, what your saying is, if I make a fake profile (government infosec) and can troll the trolls, I might get an all expenses paid vacation, a hot date and some bribe money too? Hmm. I have to make up an entire company so I can make coworkers to friend. How about Director of Operations of Section 9… I’ll have to be careful I don’t become; The Man Who Knew Too Little (1997).


LinkedIn is a spam email and nuisance call generator and not much more. I really should delete the damn thing.

I’ve had plenty of spurious requests for links and quite a few attempts at conversation. I’ve always considered these to be sales or ambitious creepers all best avoided.


I’m an independent consultant. I have enough work to keep me busy so I never prospect on LinkedIn, but my best clients have found me that way, My professional credentials have been called into question from time to time. Usually I just refer people to my LinkedIn profile.

Usually the contact requests are somewhat related to my field, and often people I’ve worked with in the past and lost touch with. But sometimes they are totally unrelated local young people. After asking, I found out that the Business class instructor at the local community college had given the class an assignment to each make five LinkedIn connections. That seems to have stopped.

The other tipoff that a request is bogus is to look at the number of connections the requestor has. If he has 500 or more connections, he’s a “collector” and deserves to be ignored or reported. It’s LinkedIn, folks, not Facebook.


I think the ideal thing is not to accept invites from people who have no connection with our type of jobs


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!