- The study shows how fake LinkedIn and other social media profiles are a major security risk, with the first step being a simple link request
- Suspicious accounts are common, with 77 per cent of survey respondents receiving connection requests from strangers, the route cyber attackers use to trick people and steal sensitive information
- The research further highlights a need for better security training, particularly focused on economic espionage
New research led by the University of Portsmouth has found that fake social media profiles, particularly LinkedIn accounts, are a leading cause of security breaches among professionals.
Published in the Security Journal , the paper gathered data from 2,000 participants who use social media for career-related purposes and focused on economic espionage - the illegal act of stealing an organisation's secrets for financial or other malicious purposes. Companies, government agencies and universities are all under attack by hostile state actors.
The introduction of the National Protective Security Authority (NPSA)'s 'Think Before You Link (TBYL)' app in 2022 demonstrated the need to protect individuals, in particular professionals in roles with sensitive data. This new study highlights a pressing need to raise awareness of rising cybersecurity threats in the UK, especially with the growing risk of espionage.
The findings reveal that many professionals in the UK don't fully realise how their everyday actions can put themselves and their employers at risk. 22 per cent of participants didn't understand what counts as confidential information, and 17 per cent didn't see trade secrets as important. With 12.8 million professionals in the UK, this suggests that around 2.5 million professionals may underestimate the importance of protecting sensitive information.
The research further showed just how common fake social media profiles are, with 80 per cent of people surveyed stating they've seen suspicious or fake accounts and 77 per cent of respondents receiving link requests from strangers. This highlights the need for professionals to be mindful who they connect with online, as fake profiles often target important individuals, build trust, and may eventually trick them into sharing sensitive information or encourage the clicking of dangerous links.
"Espionage might sound like something that only happens to governments, but everyone is a potential target. Once a hostile actor gets a link, they can build a relationship that creates the potential risk of serious harm", said lead author, Professor Mark Button , Co-Director of the Centre for Cybercrime and Economic Crime in the School of Criminology and Criminal Justice at the University of Portsmouth.
"Fake social media profiles are now a common way for attackers to connect with people and steal information. Platforms such as LinkedIn make it easy to find and target professionals, especially those in sensitive jobs. Even a casual connection could lead to a cyberattack.
"We all need to be more aware of these risks - whether we're handling national secrets or just using our bank accounts."
The study found that more than half of the professionals surveyed didn't feel confident spotting fake profiles, making it easier for outsiders to target them. However, it did also show that those who prefer connecting with like-minded people are less likely to accept suspicious profiles, reducing the risk of a security breach.
Looking ahead, the study emphasised the need for better employee training, especially for those who have access to sensitive data. The research also showed that security agencies should be doing a better job of explaining the risks, and there should be rules to make social media companies deal more seriously with fake profiles. From the research, it is evident that the current self-policing approach promoted by many agencies isn't working well, because one in four UK professionals are not prepared for the risks.
Professor Button added: "Training is essential, and tech companies must take more responsibility for stopping fake accounts."
"With all the technology available today, platforms should be doing more to detect fake accounts, but many still prioritise user numbers over user safety."
The research underscores the growing need for greater awareness of fake accounts, with LinkedIn's 2025 Digital Services Act Transparency Report highlighting reports of more than 156k fake profiles, demonstrating the extent of the problem.
This supports earlier reports from MI5 that more than 20,000 people in the UK were contacted on LinkedIn by fake recruiters working for the Chinese government to get sensitive information.
