State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Beware of LinkedIn Honey Trap Schemes

Garden State Cyber Threat Highlight

Original Release Date: 5/18/2023

Summary

Threat actors use social media to target unsuspecting users searching for connections, job and business opportunities, relationships, friendships, and more. While many social media platforms are using these campaigns, LinkedIn can be a more effective platform for social engineering schemes as its users often inherently trust it more than others due to its focus on careers. In one scheme type, often referred to as “honey traps,” “love traps,” and “sweetheart scams,” LinkedIn users receive connection invitations from accounts displaying conventionally attractive, and often young, individuals accompanied by a message requesting to “become friends” or prompting a discussion about career or collaboration opportunities. The threat actor’s LinkedIn profile typically indicates that the account may have recently been created, as the user has few or no followers and no mutual connections. If the target accepts the connection request, the threat actor may send direct messages asking to sync up on other social media platforms or to meet in person while they happen to be visiting the target’s city. Once an online relationship begins to develop, the threat actor may attempt to convince the target to click on malicious links or download malicious files in order to access the target’s accounts or personal and professional information. Depending on the nature of the target’s work history and employment, honey traps can be used for espionage purposes to discover sensitive information that is beneficial to the threat actor’s business or home country.

Recommendations

The NJCCIC advises social media users refrain from accepting connection and friend requests from unknown users and exercise caution with the information shared online with unverified users.  Additionally, refrain from opening attachments or clicking links delivered in suspicious or unexpected communications, even those from known senders. In addition, users are encouraged to follow cybersecurity best practices, including securing online accounts with  multi-factor authentication and keeping systems and applications patched and updated.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.