Do you want to connect? Understand that foreign intelligence entities and criminals routinely use deception on social media platforms to try and connect with people who have access to information they want. Before you link online with someone you don’t know, think about the risks it may pose to yourself, your family, your organization and even national security.
The “Nevernight Connection”
The FBI and the National Counterintelligence and Security Center (NCSC) have released a new movie, “The Nevernight Connection,” to raise awareness of how hostile actors use fake profiles and other forms of deception on social media to target individuals in government, business and academic communities for recruitment and information gathering.
Inspired by true events, the 30-minute video details the fictional account of a former U.S. Intelligence Community official targeted by a foreign intelligence service via a fake profile on a professional networking site and recruited to turn over classified information.
The Threat
On professional networking sites and other social media platforms, hostile actors routinely pose as headhunters, interested employers or people with enticing career opportunities in order to connect and develop relationships with people who have access to valuable information.
Over time, they attempt to elicit information from their targets, including about their work and contacts. In some cases, promising targets are offered all-expense-paid trips overseas for meetings or presentations, where they are pressured to turn over more information. Some foreign intelligence services are doing this on a mass scale, targeting thousands of people globally via social media.
While current and former government employees are at risk from these schemes, individuals in the private sector and academic and research communities are also being targeted this way by hostile actors seeking to acquire trade secrets, proprietary data and information about cutting-edge research and technology.
Mitigation
At a minimum, the NCSC and FBI encourage the public to practice basic cyber hygiene when receiving an invitation to connect via social media.
- Never accept an invitation to connect from someone you do not know, even if they are a friend of a friend
- If possible, validate invitation requests through other means before accepting them
- Exercise caution when posting information about yourself, your job and contacts on social media, as it could draw unwanted attention from adversaries and criminals
- Report suspicious online approaches to appropriate authorities
Additional Resources
U.K. Centre for the Protection of National Infrastructure (CPNI)
- “Think Before You Link” — These CPNI materials provide advice on how to recognize malicious online profiles, realize the threat they pose, respond appropriately and minimize the risk of being targeted in the first place
- “Glitch” — This CPNI video identifies how hostile actors use professional networking sites to build relationships with targets and attempt to access sensitive information
National Counterintelligence and Security Center (NCSC)
- “Know the Risk: Raise Your Shield” — Video on social media deception
- “Don’t Be This Guy” — Additional video on social media deception
- “Social Media Deception” — Additional video on social media deception
- NCSC Social Media Deception poster and infographic
- NCSC Social Engineering poster and infographic