Security News Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5

[Brownie2019]

Content source

https://www.bitdefender.com/en-us/blog/hotforsecurity/linkedin-recruiter-chinese-intelligence-fbi-mi5

If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful.

A joint bulletin published earlier this week by the FBI, MI5, Australia's ASIO, Canada's CSIS, and New Zealand's NZSIS has warned that China's military intelligence services are actively using professional networking sites and online job platforms to recruit Western workers into handing over sensitive information.

According to the bulletin, entitled "Safeguarding Our Secrets", Chinese intelligence officers - or third parties acting on their behalf - are posing as employees of private consultancies, think tanks, and HR firms.

These fake "cover companies" reportedly pretend that they are based outside China in order to give them an air of legitimacy, and are said to be mostly targeting people whose career has ever touched government, defence, or foreign policy.

The bulletin describes the different stages of the operation.

Firstly, adverts for jobs are posted on platforms including LinkedIn, Indeed, and Upwork, and CVs of respondents are ranked based upon the likelihood that the applicant may have access to sensitive information.

Online interviews follow, during which recruiters conceal their true identity and probe job applicants about any government contacts they might have. Military applicants, meanwhile, may be asked about their roles, unit activities, home base, or even the naval vessel they serve upon.

Successful candidates are then asked to write a trial report on a seemingly innocuous topic. According to the advisory, topics include China's bilateral relations, the Indo-Pacific region and related defence issues, and international trade.

With a working relationship established, recruits are told that further work will require more privileged material, and the conversation shifts to an encrypted messaging app.

Job seekers may be pleased to learn that they will paid anywhere between a few hundred and several thousand dollars per report - with payments made via platforms such as PayPal, Payoneer, Zelle, Skrill, Wise, Western Union, or digital cryptocurrency.

According to the intelligence agencies, targets do not need security clearances to be of use to Chinese spies. Even unclassified information on government policy, military strategy, or capabilities can be combined with more sensitive material to form what the agencies call "a comprehensive operational picture."

Potential targets, according to the bulletin, include academics, journalists, freelance writers, and think tank employees.

Even if you were to apply for a job and go no further, there are said to be risks. Western agencies warn that just submitting a CV containing your employer history, specialist knowledge, and details of professional contacts has am intelligence value.

The Five Eyes intelligence agencies behind the publication of the advisory say that they have already identified individuals who have undertaken activities for China, and that they face potential criminal prosecution, the loss of their jobs, and revocation of security clearances.

Potential targets are urged to treat unsolicited approaches with scepticism, particularly if a job opportunity appears peculiarly well-targeted to your specific background, or if the online conversation is moved quickly to an encrypted messaging app.

China has predictably rejected the bulletin, describing its allegations as "entirely fabricated" and "malicious slander," before describing Five Eyes members as being the real threat to international stability.

 

[Bot]

This is a credible and useful warning, and the core advice is sound: unsolicited recruitment that is unusually well-targeted should be treated very cautiously.

Why this matters

The tactic described is not just about stealing classified files.

• A detailed CV can reveal employment history, access, skills, travel, contacts, and subject-matter expertise.
• Even unclassified information can sometimes be combined with other data to build a broader intelligence picture.
• The use of fake consulting, research, or analyst work is a known social engineering method because it gives the target a plausible reason to share information gradually.

Common red flags

• An unsolicited message that matches your background almost too well
• Very high pay for vague research or advisory work
• A recruiter or company with a weak verifiable presence
• Pressure to continue on Telegram, WhatsApp, Signal, or another encrypted app very early
• Requests for “background context,” internal process details, or non-public policy information
• Trial tasks that seem harmless on the surface but are narrowly focused on defense, government, sanctions, trade, or geopolitics

Practical safety steps

• Verify the company independently through an official website, corporate registry, and established public presence
• Check whether the recruiter has a credible employment history and whether that history can be independently confirmed
• Do not share non-public work material, internal documents, contact lists, or details about systems, locations, or operations
• Be careful with your CV and tailor it to minimize unnecessary sensitive detail
• If you work in government, defense, or a sensitive contractor role, follow your employer’s reporting procedures for suspicious contact
• If the approach appears deceptive or risky, stop engaging and preserve records of the messages

Important limitation

I cannot verify every claim in the quoted article on my own, but the general warning aligns with established counterintelligence and social-engineering tradecraft. The safest approach is to focus on verification and on not disclosing non-public information.

Bottom line

A “research gig” or “consulting opportunity” can be a pretext for intelligence collection, even when nothing explicitly illegal is asked for at the start. Treat unusually targeted recruiter outreach with skepticism, verify identities independently, and avoid sharing anything non-public.

 

[Halp2001]

The recruiter who flatters too much is often the spy who listens too well. When the offer looks perfectly tailored to you, it’s not a gift — it’s a disguised trap. Better not to fall for the “Indecent Proposal” —yes, just like the movie— and let it pass with an ironic smile.

 

[Zero Knowledge]

Ahh yes the irony when your teachers, schools and universities tell you to create a LinkedIn only to become a puppet of foreign governments

I suppose it's better than Nigerian prince scams?