Recent security advisories from international law enforcement and industry observers have highlighted a growing trend in the use of professional networking platforms, particularly LinkedIn, as a channel for targeted recruitment-style engagement that can be used to obtain sensitive commercial or organisational information.

These approaches typically begin in a highly credible and professional manner. Individuals may be approached by recruiters, consultants, or research firms offering attractive opportunities such as advisory roles, freelance assignments, or industry-specific consultancy projects. Profiles are often carefully constructed, and initial communications appear legitimate and routine.

Over time, however, some interactions may progress from general professional discussion into requests for non-public information, internal business insight, or commentary on operational matters. In some cases, there may also be efforts to move conversations away from LinkedIn to encrypted messaging applications or less traceable communication channels.

While LinkedIn remains a critical tool for recruitment and business development, organisations in Malaysia should be aware that it can also be used as an entry point for information gathering activities targeting individuals across both private and public sectors.

This is particularly relevant for professionals in sectors such as finance, energy, technology, logistics, government-linked companies, defence-related industries, and advisory services, where access to commercially or strategically sensitive information may be of interest to external parties.

Common Warning Indicators

• Recruiters or contacts who are unwilling to clearly identify their end client or organization
• Requests for non-public, internal, or operational information
• Approaches offering unusually high compensation for vague or undefined work
• Pressure to continue discussions on encrypted or informal messaging platforms
• Requests for “sample reports,” “market insights,” or analysis based on internal knowledge
• Vague job descriptions with shifting scope during the engagement process
• Use of multiple intermediary recruiters or unverified consultancy brands

Practical Risk Mitigation Measures for Organizations
To reduce exposure, organizations in Malaysia may wish to consider the following safeguards:

• Provide staff awareness training on social engineering and online recruitment risks
• Implement clear internal policies on what information can be shared externally
• Encourage verification of all recruiters and consultancy requests before engagement
• Require internal approval for participation in external advisory or research projects involving company insight
• Remind staff to keep sensitive operational, financial, and strategic information strictly internal
• Monitor for repeated or unusual approaches targeting specific departments or individuals
• Encourage reporting of suspicious recruitment approaches to internal compliance or security teams

Individual Best Practices (LinkedIn Users)

• Verify recruiter identity through multiple independent sources before engaging
• Be cautious of unsolicited offers that require immediate or detailed responses
• Avoid sharing internal company information, even in informal discussions
• Keep LinkedIn profiles professional but avoid over-disclosing sensitive role responsibilities
• Treat requests for “quick insights” or “short reports” with caution
• Assume that professional conversations may be part of broader information-gathering efforts

Organizational Perspective
From a corporate risk standpoint, exposure through platforms such as LinkedIn is increasingly less about obvious phishing attempts and more about long-term relationship building and incremental information extraction.
Even seemingly harmless data points, when combined over time, can be used to build a detailed understanding of an organization’s structure, capabilities, supply chains, and strategic direction.

Conclusion
As professional networking continues to shift online, organizations should treat platforms like LinkedIn not only as recruitment and business development tools, but also as potential channels for structured information gathering by external actors.
A combination of awareness, internal controls, and consistent verification procedures can significantly reduce exposure to these evolving risks while allowing legitimate business networking to continue safely.