At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5.
It warned users who had accepted such connection requests might have then been lured into sharing secrets.
“Malicious profiles” are being used on “an industrial scale”, the security agency’s chief, Ken McCallum, said.
A campaign has been launched to educate government workers about the threat.
The effort – Think Before You Link – warns foreign spies are targeting those with access to sensitive information.
One concern is the victims’ colleagues, in turn, become more willing to accept follow-up requests – because it looks as if they share a mutual acquaintance
MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved.
The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.
And it is thought a large number of those approached engaged initially with the profiles that contacted them online.
“No-one is immune to being socially manipulated into wrongdoing through these approaches,” the guidance given to government staff says.
The campaign, run by the Centre for the Protection of National Infrastructure, which reports to MI5, asks government staff to focus on “the four Rs”:
- recognising malicious profiles
- realising the potential threat
- reporting suspicious profiles to a security manager
- removing the profiles
“Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices,” government chief security officer Dominic Fortescue said.
“As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”
The US and other countries have launched similar campaigns.
Former CIA officer Kevin Mallory was sentenced to 20 years in prison, after being convicted of giving secrets to China following an approach on LinkedIn.
And the UK’s move is also being backed by the other members of the Five Eyes intelligence alliance, Australia, Canada and New Zealand.