The Era When LinkedIn Becomes a "Gateway for Spies"—Five Eyes Warns of China's Online Recruitment Operations

Messages from unknown recruiters arriving on business social networks.
"I'm interested in your expertise."
"Could you write a short report on international affairs?"
"The payment ranges from a few hundred to a few thousand dollars."

At first glance, it appears to be a typical side job offer or consulting request. However, the "Five Eyes" intelligence alliance, comprising the US, UK, Canada, Australia, and New Zealand, has issued a joint warning that such online contacts could be used for state-level intelligence-gathering activities.

The warning targets online recruitment operations allegedly conducted by Chinese military intelligence agencies. Through professional social networks, job sites, and freelance platforms, they attempt to contact government officials, military personnel, experts in defense, diplomacy, and security, think tank staff, researchers, and journalists to extract confidential information and sensitive insights.

The key point this time is that it differs from traditional "hacking" or "theft of classified documents." The targets are not necessarily classified files themselves. Rather, it is the peripheral information that individuals might consider insignificant, such as fragmented knowledge, organizational atmosphere, policy directions, military deployments, and activities, or the networks of involved parties.

In the world of intelligence agencies, fragments do not remain as mere fragments. By piecing together small bits of information from multiple individuals, one can gain a three-dimensional view of the target country's policy decisions, military capabilities, diplomatic priorities, and economic security vulnerabilities. This is why Five Eyes urges caution regarding "information that is not publicly available but appears routine to the individual."

Fake Recruiters, Fake Consulting Firms, and "Report Fees"

According to the Five Eyes warning, the entry points for contact are very modern. Operatives or their collaborators pose as private consulting firms, think tanks, recruitment agencies, or research companies. These companies are made to appear genuine, and their locations may be disguised as being outside China.

The initial contact is made through professional social networks like LinkedIn, job and gig work services like Indeed or Upwork, or related online talent markets. The counterpart acts as if they are looking for specialized personnel, such as "foreign policy analysts," "defense experts," or "writers knowledgeable about regional affairs."

Subsequently, candidates are asked to write trial reports. Topics include the Indo-Pacific region, China's relations with other countries, defense policies, international trade, and military trends. Even if the initial request seems to involve merely summarizing public information, over time, they may ask for "more insider-like analysis," "non-public atmospheres," or "views of involved parties."

The payment ranges from a few hundred to a few thousand dollars per report. Payments may be made using online payment systems, remittance services, or cryptocurrencies. The higher the payment, the more sensitive the information requested. Communication methods also shift from initial SNS or email to encrypted messaging apps.

This flow is a typical "gradual relationship-building" tactic. Instead of proposing espionage from the start, they disguise it as a legitimate side job or request for expert commentary, lowering the psychological barriers of the target. By the time the individual realizes it, they may have already received payments and entered into a continuous request relationship, making it difficult to refuse.

Not Only Those with "Secrets" Are Targeted

The important aspect of this warning is that the targets are not limited to high-ranking government officials or military leaders.

Of course, individuals with security clearances, personnel in defense, diplomacy, and intelligence fields, and military personnel involved in the Indo-Pacific region are considered primary targets. However, scholars, journalists, freelance writers, think tank staff, civilians close to the defense industry, and policy research are also included in the risk group.

This indicates that modern information warfare is no longer just about "classified information." Sometimes, the assessments of individuals close to policy decisions, the atmosphere of meetings, the nuances of statements by involved parties, and the sense of which themes are gaining attention hold more value than official documents within the government.

Especially on professional social networks, users themselves disclose detailed profiles. Past employers, areas of responsibility, educational background, qualifications, networks, areas of interest, posts, and community affiliations. These are effective for job changes and sales but also provide abundant material for intelligence agencies to select targets.

In other words, LinkedIn-type platforms can serve as career-building tools and as "talent catalogs" for national intelligence agencies.

China Denies Allegations, Calls Them "Malicious Slander"

On the other hand, China strongly denies the warning.

The Chinese Embassy in the UK refuted the Five Eyes claims as "completely fabricated" and "malicious slander." Furthermore, they criticized Five Eyes as the world's largest intelligence network, conducting indiscriminate espionage worldwide.

This reaction symbolizes the recent US-China and UK-China relations. Western countries have repeatedly warned of cyberattacks, intellectual property theft, political interference, and infiltration into research institutions by China. Meanwhile, China has consistently countered by arguing that the US-UK-led intelligence network is the one building a global surveillance system.

This warning should be seen as both a security alert and a part of the information warfare itself. It is challenging to determine what is factual and what is diplomatic posturing based solely on public information. However, it is clear that intelligence agencies in various countries treat "recruitment-type information gathering using professional SNS" as a real threat.

Reactions on SNS: "Too Late," "I've Received It Too," "Can't Trust Five Eyes Either"

The reactions on social media to this news were not solely critical of China. Three main trends were observed within the scope of what could be confirmed.

The first is a reaction urging caution. Users interested in security and intelligence noted that it is not surprising that LinkedIn and job sites are used as contact methods by intelligence agencies, but they focused on the fact that not only government and military personnel but also researchers, journalists, and private analysts are included as targets. Particularly, the characteristics such as "high-paying report requests," "consulting companies with unclear substance," and "moving contact to encrypted apps" are seen as useful warnings for general business users.

The second is a reaction of "isn't this too late?" There have been repeated reports in the past that Chinese and Russian intelligence agencies have used LinkedIn to make contact. On related Reddit threads, there were comments jokingly asking if they could apply for spy recruitment themselves regarding fake online jobs and suspicious recruiters, while others calmly accepted that "these tactics have existed for a long time."

The third is distrust towards Five Eyes. In UK-related Reddit threads, there were comments viewing the reports of Chinese spy allegations as "politically fabricated enemy images" and others expressing skepticism by referencing past failures and misinformation by intelligence agencies. Similarly, the Chinese Embassy and Chinese media argue that "Five Eyes is the largest espionage network." These reactions indicate that modern information security issues are tied not only to fact recognition but also to trust in intelligence agencies, diplomatic conflicts, and public opinion formation.

On social media, sarcasm and jokes are also prominent. Reactions like "How much is the payment?" and "Why not give them false information?" reflect how serious security issues are being absorbed into everyday internet culture. However, in reality, treating such contacts lightly is dangerous. If a relationship is established where payments are received, and non-public information is continuously provided, it could lead to serious consequences such as criminal liability, dismissal, and revocation of security clearance, regardless of the individual's intentions.

It's Not Someone Else's Problem for Japan Either

Although this warning targets Five Eyes member countries, it is not unrelated to Japan.

While Japan is not a formal member of Five Eyes, it is deeply involved with the US, UK, Australia, Canada, and New Zealand in areas such as Indo-Pacific security, defense technology, semiconductors, space, cyber, and economic security. Government officials, defense industry personnel, university researchers, think tank members, employees of advanced technology companies, and journalists and analysts dealing with international politics may also be subject to similar contacts.

In Japan, in particular, there is an increasing number of cases where side jobs, contract work, overseas projects, and requests for expert commentary are completed online. It is not uncommon for requests to come in English from overseas research or consulting firms. In such cases, there is a danger of accepting work without sufficient verification of the counterpart's substance or risk assessment of the request content.

For example, caution is needed for requests like the following:

An unknown overseas recruiter asks specific questions about your current or past workplaces.
They seek insights into the organizational atmosphere or decision-making outlook rather than public information.
They offer unusually high report fees in fields such as defense, diplomacy, advanced technology, infrastructure, semiconductors, space, or cyber.
The company's substance is unclear, making it difficult to verify the website, location, or the background of the person in charge.
They prompt you to switch to encrypted messaging apps or personal emails midway.
The payer is a different individual or third party from the contracting entity.
They ask for content close to non-public information while saying, "I can't disclose the client's name."

If these signs overlap, it is advisable not to handle it as a mere side job offer but to consult with the compliance department or information management officer of your organization.

The Risks of a "Public Profile Society"

Professional social networks like LinkedIn have become indispensable tools for modern career development. They are effective for showcasing expertise, expanding job opportunities, and building networks. However, the more information is publicly available, the more precise the contact becomes for malicious parties.

For example, information such as "knowledgeable about defense policy," "involved in government committees in the past," "researching specific regional affairs," or "familiar with military technology and cybersecurity" may be achievements for the individual but also serve as material for creating target lists for the counterpart.

This is not to say that one should quit using SNS. Rather, it is necessary to decide in advance how detailed to write the profile, which contacts to respond to, and at what stage to report to the organization, assuming the profile will be public.

Companies, universities, and research institutions should not leave this to individuals. Information management training should be designed to include not only the removal of classified documents and email misdelivery but also "external job requests," "expert interviews," "overseas consulting projects," and "contacts via SNS."

Information Warfare Has Entered Everyday Business Contexts

The warning from Five Eyes indicates the reality that espionage has shifted from a world like in movies to within everyday business tools.

In the past, espionage activities were often described with images of secret meetings, encrypted documents, and special operatives. However, in the modern era, they blend into ordinary digital actions such as profile searches, job ads, online meetings, report requests, electronic payments, and encrypted chats.

In that sense, the current issue is not just a problem with LinkedIn. All professional SNS, job sites, freelance intermediary services, researcher networks, online events, and messaging apps can serve as entry points for contact.

For those seeking to steal information, the most efficient method is not breaking systems but having people voluntarily talk. Moreover, they gradually increase the depth of information without making the individual aware that they are engaging in espionage.

Therefore, what is questioned in modern security is not only the defense of servers and devices. How to protect human vulnerabilities such as professional approval desires, temptation by high rewards, the desire to be recognized as an expert, and aspirations for international projects becomes a new line of defense.

The Five Eyes warning specifically names China, but its essence is broader. Regardless of whether it is a state, company, or criminal organization, we already live in an era where people are found, enticed, and information is extracted online.

Is a message received on LinkedIn simply a career opportunity, or is it the gateway to information operations?
Determining this will become increasingly important.

Source URL

• Article distributed by Bloomberg published in Financial Post. Confirms the outline of the Five Eyes warning, China's response, target individuals, and reward amounts.
  URL: https://financialpost.com/pmn/business-pmn/linkedin-china-spying-threat-prompts-warning-from-us-allies
• MI5 Official Announcement: Five Eyes Joint Warning "Safeguarding Our Secrets" announcement page. Primary information warning that Chinese military intelligence agencies use professional SNS and job sites.
  URL: https://www.mi5.gov.uk/five-eyes-joint-bulletin-safeguarding-our-secrets
• Canadian Security Intelligence Service (CSIS) Official Page: Confirms the targeted individuals, fake recruiter tactics, report requests, payment methods, and risk explanations.
  URL: https://www.canada.ca/en/security-intelligence-service/alerts-advisories/safeguarding-our-secrets.html
• Reuters Article: Reports on the Five Eyes joint warning, target fields, China's embassy's rebuttal, and the relationship with past warnings.
  URL: https://www.reuters.com/business/media-telecom/five-eyes-security-alliance-warns-chinese-espionage-threat-2026-06-03/
• ABC News Article: Confirms the Five Eyes warning from the Australian side and the explanation of contact through job and professional SNS like LinkedIn.
  URL: https://www.abc.net.au/news/2026-06-04/five-eyes-asio-warn-chinese-spies-linkedin-jobs-intelligence/106757646
• Statement from the Chinese Embassy in the UK: Primary information where the Chinese side refutes as "complete fabrication" and "malicious slander" and criticizes Five Eyes.
  URL: https://gb.china-embassy.gov.cn/eng/PressandMedia/Spokepersons/202606/t20260604_11937092.htm
• Global Times Article: Chinese media conveying the Chinese embassy statement. Confirms the tone of China's rebuttal.
  URL: https://www.globaltimes.cn/page/202606/1362717.shtml
• Related Reddit Thread: Confirms past SNS reactions to Chinese spy suspicions using LinkedIn, trends of caution, sarcasm, and skepticism.
  URL: https://www.reddit.com/r/europe/comments/1fggk06/china_uses_linkedin_to_recruit_academics_for/
• Related Reddit Thread: Confirms skeptical reactions from UK SNS users regarding MI5's China spy warning