Hackers use LinkedIn and Facebook to ensnare victims.
Now that Fortune’s Brainstorm Tech summit and the security world’s Black Hat conference have concluded, it’s time to commence that obligatory post-elbow rubbing ritual: adding connections on LinkedIn. (If you’re into that sort of thing.)
As you swap digital business cards and extend e-handshakes across the self-described professional network, remember not to let your guard down. Social media isn’t just an ideal place to make contacts. It’s also a great place for nation states and other adversaries to conduct espionage. Really.
Recent research from Dell SecureWorks, an Atlanta-based cybersecurity firm, suggests that Iranian hackers have been using phony online personas to lure phishing targets, sending them seemingly benign messages that contain computer-compromising code. According to the report, the attackers created bogus profiles for a supposedly young photographer from London, “Mia Ash,” who enjoyed traveling and listening to Ed Sheeran. The spies used the forgery of a femme fatale to seduce and ensnare technicians based in the Middle East who worked in industries of strategic interest to Tehran, ranging from energy to aerospace to telecommunications, the researchers said.
Get Data Sheet, Fortune’s technology newsletter, where this essay originated.
Microsoft’s msft LinkedIn wasn’t the only attack vector. The spooks created a similar persona on social networks such as Facebook fb , WhatsApp, and Google’s goog Blogger. The campaign was reminiscent of another Iran-linked operation that came to light a couple of years ago, which involved secret agents posing on LinkedIn as recruiters for big tech companies like Northrop Grumman noc and General Motors gm .
Other countries use social media to spy too. This week we learned that Russian agents attempted to track members of French President Emmanuel Macron’s election campaign using bogus Facebook profiles.
Here’s my trick. Whenever I receive an invitation to connect, I call to mind a meme that made the rounds on the web in 2015. The premise is that LinkedIn’s generic connection request tagline pairs exquisitely well with any New Yorker cartoon. The rib below always stuck with me.
Strange. I don’t remember a meeting a horse.