Featured Post

That "Recruiter" probably isn't a recruiter

Image Source: depositphotos.com

Most people have accepted a LinkedIn request from someone they don't know. The profile looks credible. Professional photo, solid work history, a few mutual connections. Their job title says recruiter and you accepted it without thinking twice.

That’s the point.

LinkedIn is a goldmine for the wrong people

LinkedIn is an excellent tool, we aren’t denying that. Organisations use it to hire, build relationships and stay visible. It is an important platform for connecting with customers, partners and the wider security community. That’s why everyone’s on it and exactly why it attracts attackers.

For attackers, LinkedIn is less of a networking platform and more of a research tool.

A well-maintained LinkedIn presence tells you a lot about how a business operates. Who works in finance, IT or security. Who’s just joined or been promoted. Which suppliers you work with. Where senior people are speaking next month.

None of it is classified yet all of it is useful if you’re trying to get inside an organisation.

That picture isn’t built in one go. It’s built slowly, often starting with a connection request that looks completely ordinary.

Recruiter is the perfect cover

It works because it fits.

People expect recruiters to reach out cold. They expect questions about roles and experience. They expect to be moved onto email or WhatsApp.

Nothing about that feels unusual but what looks like a job conversation can be something else entirely.

The goal often isn’t immediate. It’s to get connected, seem legitimate and then sit in the background and quietly build context.

Mutual connections are not the safety net you think they are

Most people see shared connections as a green light but they’re not.

Those mutuals likely went through the same thinking. A few shared connections, looks fine, accepted.

So one unverified profile becomes part of a network that looks credible because enough people made the same assumption.

Ask your mutual connections if they actually know the person and most of the time, they don’t. They just clicked accept.

The connection isn’t the problem. What follows is.

Accepting a request isn’t the issue on its own.

It’s what gets built from there.

Questions that add up to a detailed picture of how your organisation works. Background that makes a phishing email more convincing. A route into a wider employee network through someone who appears trusted.

By the time anything is used, the groundwork is already done.

This won’t be solved by the platform

LinkedIn takes down fake profiles. That helps but it doesn’t change the underlying dynamic.

People extend trust quickly in professional settings and attackers rely on that.

What to do

No one is saying come off LinkedIn, we know it’s a highly valuable tool.

But spend an extra thirty seconds on unfamiliar profiles. Is there real activity or just a polished history? Does the background make sense? Why would this person want to connect with you?

If you’ve got mutual connections, have you ever actually seen them interact?

Think about what you’re posting too. Updates about systems, team changes or suppliers feel routine. To someone mapping your organisation, they’re useful context.

The point

Many attacks don’t start with a phishing email.

They start earlier, with someone quietly building a picture of who works where, what they’re doing and who trusts them.

LinkedIn is often where that starts. The platform isn’t the issue. Automatic trust is.

So next time a recruiter you’ve never heard of wants to connect, take a moment.

It’s probably nothing.

But probably isn’t the same as definitely.