An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

My Coast Guard
Commentary | May 15, 2024

Coast Guard warns members: Adversaries using LinkedIn, Indeed, and Facebook to recruit spies

By Kathy Murray MyCG Senior Writer

Yes, that consulting offer you just got on LinkedIn may be too good to be true – especially if it came unsolicited from someone you’ve never met. 

That’s the message from Coast Guard Counterintelligence (CGCIS), which has seen an uptick in foreign adversaries reaching out to service members and their families on social media platforms like LinkedIn, Indeed, and Facebook, to see what information they can obtain.  

Using fake identities, agents from countries, such as China, Russia, Iran, and North Korea may dangle a job, a consulting gig, or ask you to write a report on your area of expertise. But what they’re hoping to do is trick you into providing insight into Coast Guard infrastructure, operations, plans, capabilities, and technologies.  

To counter such efforts, CGCIS just kicked off a new awareness campaign, DECISIVE KEEPER, to provide instructions on how to spot and report this kind of suspicious activity. Master Chief Petty Officer Heath Jones cautions everyone in the Coast Guard to be aware of the potential risks. 

“Our adversaries’ tactics are evolving,” said Jones. “By staying vigilant and reporting any suspicious activity, you play a crucial role in maintaining a safe community not just for Coast Guard members, but the total military workforce.” 

How long has this been going on? 

A handful of countries have been using social media to recruit spies for the past few years. In 2019, for example, former CIA officer Kevin Mallory, was sentenced to 20 years in prison for espionage that started when he was contacted by a Chinese operative posing as a headhunter on LinkedIn. Mallory ultimately provided the Chinese sensitive documents for which he was paid thousands of dollars. 

But this recruiting strategy really gained steam when travel slowed during COVID and, using social media became a low risk, low-cost way for adversaries to exploit unsuspecting military personnel, quickly and abundantly.

Who is being targeted? 

Members from the Department of Homeland Security, including the Coast Guard, the Department of Defense, as well as other federal personnel are getting unsolicited communications that are suspect. Foreign agents, typically: 

  • Target all ranks — active duty, reserve, civilian, and retired. 
  • Look for people with some access to classified data, but any information they can get that isn’t publicly available is a win. Bad actors will also target personnel with expertise in their country and its interests. 
  • Exploit all vulnerabilities. This might include pay issues for retired veterans, junior officers, and enlisted personnel. Medical or psychological issues, political climate, or other identifiers can also make you a target. 

What to look out for 

If you receive unsolicited communications, some warning signs include: 

  • A deal that’s too good to be true. These include jobs offering high salaries, remote or flexible work beyond what you’d typically expect, or a role billed as a limited time deal or exclusive opportunity. 
  • Flattery. The contact may overpraise you and your skills and experience. Or you might notice they focus more on where they’re recruiting you from then the company doing the recruiting.  
  • Lack of depth/detail. It may be hard for you to find verifiable company information online. 
  • The contact is looking to build a long-term relationship with you and may have built commonalities into their fake profile. They may say they graduated from the same college you attended, for example.

What to do  

If you receive suspicious communications:  

  • Check out the contact. Investigate his/her profile. Even though LinkedIn is a professional job networking platform, for example, the company doesn’t verify profiles. By some estimates 1 in 10 may be fake.   
  • Report the contact through QR code in this article. Remember, you can submit anonymous tips. The message counterintelligence wants to send: If you have a concern, report it. This shows you are trying to do the right thing. It’s much better to self-report than to have to say, “Ah, I took a payment because I didn’t know,” and risk appearing intentionally deceptive.  
  • Report foreign contacts as you’re required to under COMDTINST 3850.1A. 
  • Make yourself a harder target. Think about what you share on all social media and keep track of where you’ve posted resumes. Don’t post locations or about Coast Guard operations when they’re ongoing. Better to wait until you return. Be aware of who you’re following and who your friends are following. You can become a target through an algorithm. Use the highest security settings on all social media accounts. Keep in mind that the more you post, the more vulnerable you are. 

You can find out more about the DECISIVE KEEPER campaign here (CAC required). To anonymously report suspicious activity, text “CGCIS” to 738477 or use the following QR code: 

Qr codeDescription automatically generated