Research reveals how fake social media accounts could be the cause of serious security breaches

New research led by the University of Portsmouth has found that fake social media profiles, particularly LinkedIn accounts, are a leading cause of security breaches among professionals.

Published in the Security Journal, the paper gathered data from 2,000 participants who use social media for career-related purposes and focused on economic espionage—the illegal act of stealing an organization’s secrets for financial or other malicious purposes. Companies, government agencies and universities are all under attack by hostile state actors.

The introduction of the National Protective Security Authority (NPSA)’s Think Before You Link (TBYL) app in 2022 demonstrated the need to protect individuals, in particular professionals in roles with sensitive data. This new study highlights a pressing need to raise awareness of rising cybersecurity threats in the U.K., especially with the growing risk of espionage.

The findings reveal that many professionals in the U.K. don’t fully realize how their everyday actions can put themselves and their employers at risk. Twenty-two percent of participants didn’t understand what counts as confidential information, and 17% didn’t see trade secrets as important. With 12.8 million professionals in the U.K., this suggests that about 2.5 million professionals may underestimate the importance of protecting sensitive information.

The research further showed just how common fake social media profiles are, with 80% of people surveyed stating they’ve seen suspicious or fake accounts and 77% of respondents receiving link requests from strangers. This highlights the need for professionals to be mindful of who they connect with online, as fake profiles often target important individuals, build trust, and may eventually trick them into sharing sensitive information or encourage the clicking of dangerous links.

“Espionage might sound like something that only happens to governments, but everyone is a potential target. Once a hostile actor gets a link, they can build a relationship that creates the potential risk of serious harm,” said lead author, Professor Mark Button, Co-Director of the Center for Cybercrime and Economic Crime in the School of Criminology and Criminal Justice at the University of Portsmouth.

“Fake social media profiles are now a common way for attackers to connect with people and steal information. Platforms such as LinkedIn make it easy to find and target professionals, especially those in sensitive jobs. Even a casual connection could lead to a cyberattack.

“We all need to be more aware of these risks—whether we’re handling national secrets or just using our bank accounts.”

The study found that more than half of the professionals surveyed didn’t feel confident spotting fake profiles, making it easier for outsiders to target them. However, it did also show that those who prefer connecting with like-minded people are less likely to accept suspicious profiles, reducing the risk of a security breach.

Looking ahead, the study emphasized the need for better employee training, especially for those who have access to sensitive data. The research also showed that security agencies should be doing a better job of explaining the risks, and there should be rules to make social media companies deal more seriously with fake profiles. From the research it is evident that the current self-policing approach promoted by many agencies isn’t working well, because 1 in 4 U.K. professionals are not prepared for the risks.

Professor Button added, “Training is essential, and tech companies must take more responsibility for stopping fake accounts.”

“With all the technology available today, platforms should be doing more to detect fake accounts, but many still prioritize user numbers over user safety.”

The research underscores the growing need for greater awareness of fake accounts, with LinkedIn’s 2025 Digital Services Act Transparency Report highlighting reports of more than 156k fake profiles, demonstrating the extent of the problem.

This supports earlier reports from MI5 that more than 20,000 people in the U.K. were contacted on LinkedIn by fake recruiters working for the Chinese government to get sensitive information.