Social media and professional networking sites are part of how we live and work, however before you connect with someone, do you check who they truly are? Many of us simply accept requests without thinking too much into them.
The reality is people and groups often hide behind a fake identify, often for malicious purposes. This won’t be news if you’re familiar with the Centre for the Protection of National Infrastructure's "Think before you link" campaign.
So what is “Think before you link”?
The campaign raises awareness of cyber attackers that may act anonymously online in an attempt to connect with people who have access to valuable and sensitive information. Once connected they can use a variety of social engineering techniques to manipulate the target into divulging information of value to them.
Intelligence from the National Cyber Security Centre (NCSC) indicates they often pose as recruiters or talent agents who will approach you with enticing opportunities, when their real intent is to gather valuable information.
Their approach might involve:
- Engaging online with a “unique” business offer.
- Asking for further information about you.
- Attempting to move you towards specific communications platforms.
- Requesting phone calls or face-to-face discussion.
Why is this relevant to you?
As a member of the University you may have access to sensitive data and be a desirable target for attackers. If you are involved in certain areas of research, you may be of interest to hostile nation states and various activist groups.
So what can you do?
You can use the four Rs to protect yourself and those connected to you.
Recognise - do you recognise the profile?
Realise - ensure you are aware of the potential threat?
Report - have you connected with a suspicious profile. If yes, then ensure you report it to your local IT support.
Remove - last but not least, remove the profile from your network.
The Centre for the Protection of National Infrastructure (CPNI) have released an interesting and eye opening video that shows the consequences of “linking before thinking”.