+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

An Army cybercrimes investigator's tips to keep your personal information away from social-media scammers

Sep 9, 2019, 21:09 IST

Even the most innocuous data posted to a social media feed can be married up with other publicly available information to provide online criminals the tools they need to exploit members of the military or general public, an Army special agent said.Mark Herlihy

Advertisement
  • Seemingly harmless information about yourself, when shared on social media, can be compiled by scammers and others, according to an Army special agent.
  • But there are a number of steps you can take and tips to remember in order to avoid being targeted.
  • Visit Business Insider's homepage for more stories.

WASHINGTON - Even the most innocuous data posted to a social media feed can be married up with other publicly available information to provide online criminals the tools they need to exploit members of the military or general public, an Army special agent said.

Special Agent Deric Palmer, program manager for the Digital Personal Protection Program, part of the Major Cybercrime Unit at the US Army Criminal Investigation Command, explained how those who aren't careful or aren't paying attention can unwittingly provide scammers and other online criminals all the information they need to exploit them.

Social media accounts, Palmer said, serve as fertile ground for digging up the kinds of information that can be used to impersonate someone, steal identities or break into other online accounts, such as banking or insurance.

A Facebook page, for example, might contain current and past physical addresses where a person has lived, phone numbers, email addresses, names of pets, significant events such as birthdays and anniversaries, hobbies and other interests. Just browsing a Facebook page, Palmer said, he can figure out your favorite music, books, TV shows, political and religious leanings.

Advertisement

All that, he said, serves as "an attack vector" that an unscrupulous person can use to communicate with users further and gain their trust. Additional communications can bring out even more details that might later be used to break into online accounts or exploit users in other ways. Some social media users, Palmer added, even volunteer critical information that could be used to access their online financial accounts that they'd never divulge if they were asked by a stranger.

Some online memes, he noted, pose as games that get users to volunteer information that, coupled with other easily obtainable information, can be used to exploit them. A quick search online reveals a simple graphic meme that purportedly allows users to choose "your new cat name" and then post the results, along with the meme itself, on their own social media feed.

Image memes such as this one ask users to construct and share on their social media feeds new, &quotfun" information that is constructed from their personal information.C. Todd Lopez/Defense Department

For the "cat name" meme, users would use the last digit of their phone number as a selector for any of nine name prefixes, their zodiac sign to choose from a list of 12 middle names, and their favorite color to choose from a list of eight potential last names.

A user might end up with "Count Sassy Pants" as a silly name for their cat. When they post that on their social media feed, along with the meme image itself, would-be criminals will know their phone number ends in 8, they were born in either August or September, and that their favorite color is yellow. Coupled with data already on their social media feed, and with data that can be obtained from data brokers, the information makes it easier to exploit users, Palmer explained.

Advertisement

Military personnel also are candidates to be impersonated online - malicious users might opt to use imagery of real-world service members available online to exploit other users. The US military is one of the most trusted institutions in the nation, and online criminals, Palmer said, take advantage of that.

"The US military is viewed as a prestigious club ... It's an indicator of prestige," Palmer said. "It's instant respect. If I can pretend to be a US general, unwitting people will respect me immediately."

With that respect, he said, a criminal can exploit other users while pretending to be a member of the US military. Palmer's advice to service members: don't post your picture in uniform with the name tape visible. "It immediately makes you a target," the special agent said.

Palmer offered some tips to avoid being scammed:

• Immediate red flag! Be suspicious if you are asked for money or a wire transfer to pay for a purported service member's transportation, medical bills, communication fees or marriage-processing charges.

• Be suspicious if the person with whom you are corresponding wants you to mail anything to a foreign country.

• Be aware that military members at any duty location or in a combat zone have access to mail, cyber cafes, Skype and other means of communicating with their families, and they have access to medical and dental treatment.

• The military will ensure that family members are notified should a service member is injured.

• Insist on a "proof of life." The scammers will not video chat with you, because they know you will catch them in their lie.

• Trust your instincts! If it seems too good to be true, it probably is.

The special agent also provided eight points for better security online, and to make users less likely to be victimized by online criminals:

• Permanently close old, unused accounts.

• Enable two-factor authentication on any platform that allows it.

• Use strong passwords, and use different passwords for every account.

• On social media, accept friend requests selectively.

• Configure the strongest privacy settings for each social media account.

• Think before you post.

• Limit use of third-part applications on social media applications, read the license agreement, and be sure exactly what those applications want to be able to access.

• Change answers to security questions, and use false answers so that online criminals can't use information they gather online to gain access to your accounts.

NOW WATCH: A new Gmail scam is fooling tech-savy users - here's how to protect yourself

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article