WASHINGTON — Since the onset of COVID-19, more people are engaging with others on social media, a U.S. Army Criminal Investigation Division agent said. Humans are increasingly becoming more connected digitally now than ever before.
But, where there is a gathering of people, there is almost always someone looking to exploit them said Special Agent Deric Palmer, CID Cyber Field Office, Digital Persona Protection Program Manager.
“I would say there's always a good use aspect of social media. A lot of people can’t see the harm that comes along with it,” Palmer said.
Palmer, who has a combined 20 years working in law enforcement, recently published his yearly guide “Social Media Protection” in which he outlines topics to ensure his audience is aware and prepared for threats that exist online, and to maximize the privacy and security settings with their social media accounts.
“Cyber is everything in today's standard: whether we're on a computer or if we have our phone attached to us, cyber is a driving force for both investigations and our day-to-day business within the government and within corporations,” Palmer said. “So, having a good acumen of what cyber vulnerabilities exist out there is important for people to recognize and understand.”
When Palmer is asking his platform users about their use of social media, he often asks what the risk and reward is. He looks at it from a social engineering perspective when educating people on the potential dangers of posting or using social media.
“I thought I was a pretty secure and private guy, especially coming from law enforcement background. I was always hypervigilant about my safety and the safety of my family,” Palmer said. “But when I went through my social engineering course, it scared the heck out of me. I realized I wasn't as private as I thought I was.”
Social engineering is looking at all the aspects of someone’s life to get a desired effect out of that person. These aspects can be gathered from open-source websites and from the posts users make online. He said sometimes the intent of the social engineering can be relatively benign, such as changing advertisements, or it can be malicious, like identity theft.
“Think of social media as a massive watering hole, and everybody goes to social media,” Palmer said. “Well, if you have all the animals going to the watering hole, the predators are right there with you. People don’t really think about that. They think about what’s fun and, especially under the current COVID times, there’s been a big turn to social media to deal with the contentions of being quarantined and teleworking. People don’t think about the trolls and the lurkers on social media that are basically stalking people.”
Palmer described the potential predators to be anyone from an old acquaintance, to cyber criminals, to state actors from an adversarial government.
To ensure Soldiers are educated on their online presence, Palmer advises Soldiers to better protect themselves while online.
“The reality is, we can't erase everything, right?” Palmer said. “If anyone tells you that something is 100% secure in a cyber aspect, they're lying to you. There's going to be a vulnerability whether we know about it, or we don't know about it.”
According to Palmer, even though it likely will never be 100% safe while online, that doesn’t mean steps cannot be taken to mitigate the risk. Good cyber hygiene includes ensuring passwords are updated and strong, encrypting files when needed, keeping their social media accounts private and free from public view, setting up in-home routers properly and recognizing social engineering attempts.
“Everything really comes down to, what is your cyber risk tolerance? What is your risk/reward when it comes to the technology that you're using?” Palmer said. “Start taking control of your digital identity. Start thinking about your privacy. That goes down to strong passwords and using password managers.”
Even though some users have taken measures to protect their information online, more than 150,000 U.S. citizens in 2020 were affected by cyber-attacks according to a report published by the FBI’s Internet Crime Complaint Center. Each year, the number of cyber-attacks increase by several thousand.
Another issue can arise from a service member having an unsecured social media. Cyber criminals are using publicly available photographs of service members from their social media accounts to create catfishing accounts. The 2020 FBI IC3 report indicated more than 23,000 people reported falling victim catfishing scams, which resulted in a loss of more than $600 million.
The use of service member’s social media pictures is a common tactic used by online impersonation scammers. These scammers simply copy your photographs, create a Catfishing account and commonly target women who are elderly, divorced or widowed for financial gain. In some instances, the victims may reach out to the real service member to either inform them of the impersonation or to demand answers,” Palmer said.
But there are several ways someone can protect their information while online, Palmer said. Personal information is easily accessible to others online. But Palmer lays out in his opt-out guide how someone can request and be deleted from those sites.
His opt-out guide lists some of the top sites that house personal information. These repositories of personal information are, most of the time, sold to big companies to create targeted marketing. But the repositories can also be used by predators for a variety of nefarious activity, Palmer said. When someone is going to start social engineering, they often start with the personal information that is readily available.
Even if someone doesn’t participate in social media, the digital footprint is still there. For Palmer, for someone to be safe from a cyber-attack or not to be targeted by social engineering, it is important to remain vigilant while on and off the internet and know to take care of your digital footprint.
“People need to understand the type of data that we're leaking willingly, and how it's being monetized and sold,” Palmer said.
“Everyone has the ability to protect themselves and everyone on social media. By taking steps to ensure that the photographs or their social media accounts are not accessible by anyone that is not their friend, can cause a disruption with impersonation accounts.”
“If you have fallen victim to a Confidence/Romance scam, don’t send the cyber-criminal money, and report the offending account to the social media platform,” Palmer said. “Every social media platform has a built-in tool to report an offending account. Contact your local law enforcement agency if you provided money to a scammer and file a report with the FBI’s Internet Crime Complaint Center, also known as IC3. If the online scam or other internet crime involves a Soldier as a suspect, they may also contact their local CID office or submit a tip through the CID tip line.”