When it comes to social media, it seems like there are two kinds of people: those who screen friend and contact requests before accepting them and those who don’t. I am in the first category. I generally only accept social media friend and contact invitations from people I have known or worked with first-hand, who I want to stay in touch with or work with again, and whom I would be comfortable recommending for a job. Others have a different approach, accepting any and all invitations to connect on social media. In some cases, these social media users routinely send invitations to connect to anyone they can reach.

The Dangers of an Open-Door Policy with Social Media Friend Requests

Sometimes in the course of investigating a subject on social media, I’ll find that he or she has thousands of Facebook friends. I’m no social scientist, but I’d be willing to bet that very few people have that many actual friends in their lifetimes, let alone at any given period. Some social media users are what I like to call “connection hoarders.” These individuals click “accept” on any invitation to connect on social media regardless if they know the person or not. The “connection hoarders” will approve requests and invites whether it be to drive up their number of contacts to reach as wide an audience as possible, or simply to feel more popular.

An Example from LinkedIn


An image from the ‘Katie Jones’ LinkedIn profile.

But when accepting social media friends, as with real-life friends, some measure of due diligence is often in order. A case in point: the Associated Press recently reported that LinkedIn has become a favorite platform for foreign spies interested in infiltrating the social networks of the politically connected. The story describes a LinkedIn account purportedly belonging to someone named Katie Jones, “a 30-something redhead” who claimed to work at a top think tank and whose LinkedIn network included influential pundits and experts. The profile even carried a photo of Katie. The trouble is, according to experts interviewed by the AP, the profile and the photo both appear to be fake and likely were created by a foreign government to gather information and gain the trust of those taking the bait. Among those who accepted Katie’s LinkedIn requests were Paul Winfree, former deputy director of President Trump’s domestic policy council, and a possible nominee to the Federal Reserve Board. When it comes to social media, Paul Winfree told the AP, “I literally accept every friend request I get.”

Beware the Requests of Strangers

Of course, he’s not alone. Blindly accepting any and all social media requests can mean handing over a wealth of personal and professional information to a stranger, and possibly one who is up to no good. For example, by accepting a LinkedIn invitation from someone you don’t know, you are giving them access to your full work history, which, in turn, could also help them determine where you’ve lived and when. By reading former or current co-worker recommendations posted to your profile, you have now given this stranger the names and job titles of people you know and trust. Once they have access to your profile, they can see your connections, where you worked with those people and what you did there.

By accepting a stranger’s request to connect, you risk that people on your contact list could also receive a request from them which could put their information on display as well. Just seeing that the person is connected to you may be all it takes for your contacts to accept the invitation, and now the stranger has access to their information as well as yours. This can then lead to the stranger having extensive insight into your personal and professional life, putting you and your contacts at risk.

Exercise Everyday Due Diligence

Information gleaned through a LinkedIn or other social media connection could also serve as an open invitation for a social engineering hack. For example, the stranger whose LinkedIn invitation you accepted might see that your former co-worker Bob Jones left you a recommendation from your time working together at Widgets USA. The hacker can then approach Bob pretending to be you, referencing something about your time at the same company, or make up a story about how you told him to ask Bob for details about a sensitive project you worked on together.

It’s not hard to imagine how such information, in the wrong hands, could have disastrous results. The fact is that you simply don’t know who is on the other end of your connection, if it is even a real person, or a fake profile set up to steal your personal information and contacts. Many social media platforms, including LinkedIn, work to remove profiles determined to be fake. Even so, as LinkedIn said in a statement to the AP, “we recommend you connect with people you know and trust, not just anyone.”

Before accepting a friend request, ask yourself:

  • “How do I know this person and why might they want to connect with me?”
  • “What can I find out about this person before connecting with them?” Check out their other social media profiles or do a quick Google search.
  • “Are they connected with any of my real-life friends?” If so, you might ask your real-life friend how they got connected with them and what they know about them.
  • “Finally, do I really need another pseudo social media friend?”

Having a large professional or social network can be a wonderful thing, but letting anyone and everyone in, without due diligence and care, can connect you to trouble.

What guidelines should executives and high-profile individuals use to protect their personal privacy online?
Learn more