By Mr. Jeffrey Castro (USACIDC)May 28, 2019
U.S. Army Criminal Investigation Command's (CID) Computer Crime Investigative Unit (CCIU) is once again warning Soldiers and the Army community to be on the lookout for "social media scams" where cybercriminals impersonate service members by using actual and fictitious information, not just for "trust-based relationship scams," also known as romance scams, but for other impersonation crimes such as sales schemes and advance fee schemes.
"By monitoring your social media identity, you can protect your Army family and your reputation," said Special Agent Marc Martin, deputy director of operations for CCIU. "The criminals will use factual data from official websites and Soldiers' personal social media sites, then prey on vulnerable people's trusting nature and willingness to help the Soldier."
Frequently, CID receives notifications from individuals stating they were scammed online by someone claiming to be a Soldier, but in reality it was an online scammer who has used an unsuspected Soldier's name and available social media photos to commit a crime.
No one is immune from becoming a victim. Scammers steal the identity of senior officers, enlisted personnel, contractors and civilians. Scammers, using this information from legitimate profiles, will capitalize on the trustworthy reputation of individuals associated with the Army.
According to Martin, CCIU has seen a resurgence of scammers using fake Common Access Cards (CAC), a "smart" card that is the standard identification for active duty personnel, Selected Reserve, DOD civilian employees, and eligible contractor personnel. Scammers use the cards to give their ruse a greater level of legitimacy.
"Using a fake CAC is not a new tactic," said Martin. "At first glance it could look almost legitimate, but if you look closely you will notice errors such as incorrect pay grades and other inaccurate markings."
Another recent scam that is gaining steam begins when a Soldier receives a letter in the mail demanding money or embarrassing information about him/her will be released to their spouse. The letter purports to be from someone who knows the Soldier and the sender claims to have information that if released to their spouse, will be very humiliating. The sender does not identify any specific misconduct or crime in the letter and demands large payments in Bitcoin or they will expose the alleged secret to the Soldier's spouse, family and friends.
Mitigating fraudulent social media accounts can simply start with searching for your name on various social media platforms. Since scammers may use your photo but change the name, you should also conduct an image search of your social media profile pictures.
If you find yourself or a family member being impersonated online, CID warns that you should take immediate steps to have the fraudulent sites removed. Victims should immediately contact the social media platform (company) and report the false profile.
Keep in mind that criminals create impersonation accounts to look just like the real account of a service member by using very similarly spelled names and replacing characters with dashes, spaces, and/or homoglyph characters. Be on the lookout for simple changes such as zeros (0) used instead of the letter "O" or a number one (1) instead of the letter "l."
"Always remember that effectively searching yourself requires creativity because of the misspelled names and other identifying information slightly different to disguise the criminal activity or just because the scammer doesn't have command of the English language," CID officials said. "Criminals will hijack photographs found on the Soldiers official and personal social media page and create a similar or identical biography."
Officials also warned that impersonations can be classified as Confidence Based/Romance Relationship, Sales Schemes or Advance Fee Schemes.
Confidence Based/Romance Relationship: Scammers defraud victims by pretending to be service members seeking romance or in need of emotional support and companionship. In these scams, cybercriminals often derive information for their fictionalized military personas from official military websites and social networking websites where military families post information about their loved ones. Scammers gather enough detailed personal information, including pictures, to concoct believable stories tailored to appeal to a victim's emotions and then lure unsuspecting victims (most often women) into sending money to help them with transportation costs, marriage processing expenses, medical fees, communication fees such as laptops and satellite telephones. They typically promise to repay the victim when they finally meet; however, once the victim stops sending money, the scammer is not heard from again.
Sales Schemes: Most frequently carried out on sites that facilitate sales of various products, scammers lure victims by offering goods well below market price. Most scams involve vehicle sales, house rentals or similar big-ticket items. The scammer advertises an item for sale, at a to-good-to-be-true price, and describes it in the broadest of terms. A person showing interest is soon contacted by the "seller" who claims to be a service member with a military unit that is being deployed abroad. The scammer uses the pending deployment to explain the need for a quick sale and, hence, the below market sales price. The scammer insists that money changes hands quickly using some untraceable and irrevocable means such as Western Union, MoneyGram or gift cards. The merchandise is never received and the scammer is not heard from again.
Advance Fee Schemes: These schemes defraud potential victims by promising big profits in exchange for help in moving large sums of money (or gold, oil, or some other commodity or contraband). Claiming to be high-ranking or well-placed government/military officials or the surviving spouse of former government leaders, the perpetrators offer to transfer significant amounts of money into the victim's bank account in exchange for a small fee. Some use photographs and biographical information of high-profile American military officials obtained from the Internet. Scammers that receive payment are never heard from again.
The Computer Crime Investigative Unit has found that the longer an imposter account is active, the greater the likelihood of misleading others," Martin said. "Protect yourself by conducting Internet searches on yourself and your family. Expediency is paramount."
For more information about computer security, other computer-related scams and to review previous cyber-crime alert notices and cyber-crime prevention flyers visit the Army CID website at https://www.cid.army.mil/cciu-advisories.html.