A growing number of fake social media accounts are putting UK professionals and their organisations at risk of serious cyber breaches, new research has found.
The study, carried out by the University of Portsmouth and published in the Security Journal, looked into how fake LinkedIn accounts are being used to target individuals with access to sensitive data. It found that these impersonator profiles are not only common but alarmingly effective at slipping through the cracks of professional networking.
The findings suggest that hostile foreign actors—often state-backed—are increasingly using platforms like LinkedIn to connect with professionals, build trust over time, and eventually extract confidential information or persuade individuals to click on harmful links.
Out of 2,000 participants surveyed, all of whom use social media for work-related purposes, 80% said they had spotted suspicious accounts online, while 77% reported receiving connection requests from strangers they didn’t recognise. Yet many admitted they couldn’t always tell which profiles were real and which were not.
The research pointed to a larger problem: a gap in awareness. More than one in five respondents (22%) weren’t clear on what counted as confidential data, and 17% didn’t consider trade secrets especially important. With around 12.8 million professionals in the UK, that could mean roughly 2.5 million people are underestimating the value of the information they handle every day.
It’s not just government departments that are being targeted. Businesses, research institutions and universities have also become soft targets for economic espionage—where private sector secrets are stolen for strategic advantage.
In response to this growing threat, the National Protective Security Authority (NPSA) launched the “Think Before You Link” app back in 2022. The tool was designed to help users identify suspicious approaches online, especially those working in high-risk or data-sensitive roles. But this new study suggests that awareness campaigns may not be cutting through as effectively as hoped.
“Once a fake account gains a foothold, the danger isn't always immediate,” said one of the researchers. “These attackers often take their time, making small talk and slowly building trust before making a move.”
One of the more worrying revelations was that just over half of respondents didn’t feel confident identifying fake profiles—leaving a wide open door for social engineering tactics. On the flip side, professionals who said they were selective about who they connected with were far less likely to fall for such tricks.
The report also took aim at social media platforms themselves. It suggested that the self-policing approach many companies rely on isn't working. According to LinkedIn’s own 2025 Digital Services Act Transparency Report, more than 156,000 fake profiles were taken down—but that number likely reflects only a fraction of the problem.
MI5 has previously warned that over 20,000 UK citizens have been contacted by bogus recruiters linked to foreign intelligence groups, including efforts reportedly tied to the Chinese government. That kind of large-scale targeting shows how widespread and well-organised these campaigns can be.
The study concludes that both organisations and tech companies need to raise their game. More consistent training for employees—especially those in high-risk roles—is seen as essential. At the same time, platforms are being urged to take more responsibility when it comes to detecting and removing fake accounts.
For now, though, the message is clear: if you're connecting with strangers online, particularly in a professional setting, it might be wise to think twice before you click.
Image: DIW-Aigen
Read next: AI’s Rise Pushes Tech Energy Use and Emissions Skyward, Despite Greener Ambitions
The study, carried out by the University of Portsmouth and published in the Security Journal, looked into how fake LinkedIn accounts are being used to target individuals with access to sensitive data. It found that these impersonator profiles are not only common but alarmingly effective at slipping through the cracks of professional networking.
The findings suggest that hostile foreign actors—often state-backed—are increasingly using platforms like LinkedIn to connect with professionals, build trust over time, and eventually extract confidential information or persuade individuals to click on harmful links.
Out of 2,000 participants surveyed, all of whom use social media for work-related purposes, 80% said they had spotted suspicious accounts online, while 77% reported receiving connection requests from strangers they didn’t recognise. Yet many admitted they couldn’t always tell which profiles were real and which were not.
The research pointed to a larger problem: a gap in awareness. More than one in five respondents (22%) weren’t clear on what counted as confidential data, and 17% didn’t consider trade secrets especially important. With around 12.8 million professionals in the UK, that could mean roughly 2.5 million people are underestimating the value of the information they handle every day.
It’s not just government departments that are being targeted. Businesses, research institutions and universities have also become soft targets for economic espionage—where private sector secrets are stolen for strategic advantage.
In response to this growing threat, the National Protective Security Authority (NPSA) launched the “Think Before You Link” app back in 2022. The tool was designed to help users identify suspicious approaches online, especially those working in high-risk or data-sensitive roles. But this new study suggests that awareness campaigns may not be cutting through as effectively as hoped.
“Once a fake account gains a foothold, the danger isn't always immediate,” said one of the researchers. “These attackers often take their time, making small talk and slowly building trust before making a move.”
One of the more worrying revelations was that just over half of respondents didn’t feel confident identifying fake profiles—leaving a wide open door for social engineering tactics. On the flip side, professionals who said they were selective about who they connected with were far less likely to fall for such tricks.
The report also took aim at social media platforms themselves. It suggested that the self-policing approach many companies rely on isn't working. According to LinkedIn’s own 2025 Digital Services Act Transparency Report, more than 156,000 fake profiles were taken down—but that number likely reflects only a fraction of the problem.
MI5 has previously warned that over 20,000 UK citizens have been contacted by bogus recruiters linked to foreign intelligence groups, including efforts reportedly tied to the Chinese government. That kind of large-scale targeting shows how widespread and well-organised these campaigns can be.
The study concludes that both organisations and tech companies need to raise their game. More consistent training for employees—especially those in high-risk roles—is seen as essential. At the same time, platforms are being urged to take more responsibility when it comes to detecting and removing fake accounts.
For now, though, the message is clear: if you're connecting with strangers online, particularly in a professional setting, it might be wise to think twice before you click.
Image: DIW-Aigen
Read next: AI’s Rise Pushes Tech Energy Use and Emissions Skyward, Despite Greener Ambitions
