Safety and Security Guidance
Search this page
FIND

Safety

U.S. Army Criminal Investigation Command's Major Cybercrime Unit has resources to help Soldiers and families safe on social media, including the Social Media Protection Guide.

OPERATIONS SECURITY

Operations Security is the process of protecting sensitive and critical unclassified information information that can be used against us. Its purpose is to prevent potential adversaries from discovering critical DOD information. OPSEC protects U.S. operations - planned, in progress and completed. Success depends on secrecy and surprise, so the military can accomplish the mission more quickly and with less risk. Our enemies want this information, and they are not just after military members to get it.

Soldier and Family Readiness Groups, Army spouses and Army family members need to know that posting sensitive information can be detrimental to Soldier safety.

  • Always assume that our adversaries are reading every post made to a social media platform. Ensure that information posted online has no significant value to those adversaries.
  • Even seemingly innocent posts about a family member’s deployment or redeployment date can put them at risk. Small bits of information can be assembled to make big pictures.
  • The best way to protect kids online is to talk with them. Be honest and open and educate them early about online risks.

DO'S AND DON'TS
FOR SOCIAL MEDIA POSTS
Do
  • Talk to your Family about OPSEC, so they know what can and cannot be posted.
  • Turn off geotagging and location-based social networking on phones and digital cameras.
  • Maximize your security settings on social platforms and include two-step verification, if available.
  • Closely review photos or videos before posting to ensure sensitive or personal information is not released (e.g., troop locations, equipment, tactical unit details and numbers of personnel).
Don't
  • Post details about your assigned unit’s mission or security procedures.
  • Announce locations and times of your unit deployments.
  • Release information about the death of a Service member before the next of kin is notified and the information is released by the DOD.
  • Post images of damaged equipment and gear.
  • Share personnel transactions (e.g., pay information, power of attorney, wills or deployment information).
  • Post unit morale or personnel problems.

CYBERSECURITY

GENERAL INFORMATION
  • When using social media, be cautious to not post personally identifiable information or any information about your Soldier’s job or mission that could damage Army operations.
  • Never accept a friend request from someone you don’t know, even if they are “a friend of a friend.”
  • Be aware that you could be targeted based simply because of your connection to the military.
  • Adversaries prefer to go after easy targets. Keep your computer security up to date and make yourself a hard target.
  • Never log in from risky locations. Public networking sites may not offer secure login. If you log in from a hotel, cyber café or public hotspot, your name and password can be captured at any time.
  • Do a search of yourself. If too much data comes up, you should consider adjusting your profile and settings on sites you use frequently.
  • Don’t trust add-ons: plug-ins, games and apps are often written by users, not the sites they’re offered on. Malicious authors can easily gain access to your data once you install their programs.
  • Use different, strong passwords for each online account, and never share your passwords.
  • Treat links and files carefully. Social engineers and hackers often post links in comments that try to trick people into downloading an “update,” “security patch” or “game.”
PRIVACY SETTINGS
  • Make it a point to understand how to use, adjust and update the privacy settings on social media sites.
  • Don’t depend on social media sites for confidentiality. Even social media sites that aren’t open and public by design can become so due to hacking, security errors and poor data management practices. In some cases, a site’s terms of service explicitly gives the site ownership of all your posted content.
  • Never share information on social media you don’t want to become public. If you aren’t comfortable placing the same information on a sign in your front yard, don’t put it online. Once you post something, you can’t control where it goes.
  • Providing too much information in your profile can expose you to identity thieves. Be cautious when listing job, military organization, education and contact information.
  • Think about what you’re posting before hitting share. Many times you can avoid releasing sensitive information by simply rephrasing your posts.
Geotagging safety

Geotagging is the process of adding geographical identification to photographs, videos, websites and SMS messages. It is the equivalent of adding a 10-digit grid coordinate to everything posted on the Internet. Some smartphones and digital cameras automatically embed geotags into pictures and many people unknowingly upload photos to the Internet that contain location information.

One Soldier exposing his or her location can affect the entire mission. Deployed Soldiers, or Soldiers conducting operations in classified areas, should not use location-based social networking services. These services can bring the enemy right to the Army’s doorstep.

Always assume that our adversaries are reading every post made to a social media platform. Ensure that information posted online has no significant value to those adversaries. Small bits of information, including location based data, can be assembled to make big pictures.

Scams

Types of Scams

The Federal Bureau of Investigation Internet Crime Complaint Center (IC3) has identified current and ongoing Internet trends and scams. The following scams affect military members:

U.S. Army Criminal Investigation Command (CID) receives hundreds of reports a month from individuals who have fallen victim to a scam perpetrated by a person impersonating a U.S. Soldier online.

Victims of “romance scams” report becoming involved in an online relationship with someone they believe to be a U.S. Soldier, who later began asking for money for various false service-related needs. Victims of these scams can lose tens of thousands of dollars with low potential to recover it.

Romance scammers take on the online persona of a current or former U.S. Soldier by building a false identity using photographs of the Soldier found online, and then prowl the web for victims.

The most common scheme involves criminals, often from other countries, pretending to be U.S. Soldiers serving in a combat zone or other overseas location. These scammers often present documents and other "proof" of their financial need when asking their victims to wire money to them.

CID's Computer Crime Investigative Unit also cautions Soldiers themselves to be on the guard for "sextortion scams." In these scams, criminals engage in online sexual activity with unsuspecting Service members and then demand money or favors in exchange for not publicizing potentially embarrassing images, video or information.

Never send money to someone claiming to be a Soldier!

Such scams, when they involve dating sites, pose a unique challenge in the fight against impostors and identity thieves, because on such sites a dating profile is often required to conduct a search for fake accounts. That makes it difficult for organizations to monitor those sites for impersonators using a Soldier’s or key leader's information in a scam.

In addition, it is not possible to remove dating site profiles without legitimate proof of identity theft or a scam. If you suspect fraud on a dating site, take a screenshot of any advances for money or impersonations and report the account on the platform immediately.

Did you know Romance scams are the most reported?
Red Flags. BE SUSPICIOUS OF A PERSON WHO ...
  • Asks you for money for transportation costs, communication fees, marriage processing or medical fees. NEVER SEND MONEY!
  • Asks you to send money or ship property to a third party. Often times the company exists, but is not part of the scam.
  • Claims a lack of support or services provided to troops overseas.
  • Communicates only via social media or email.
  • Doesn't use an email address ending with ".mil." All military members have a ".mil" email address, so there is a high probability that a person is not in the military if they cannot provide one.
  • Uses common spelling, grammatical or language errors.
  • Speaks with an accent that does not match the person's story.
Reporting Scams. HOW DO I REPORT A SCAM?
Staying Safe. Tips to reduce vulnerability

Impersonations

The practice of impersonating Soldiers for financial gain is common. When impostor accounts are identified, it is important to report the accounts to the host platforms. X (formerly Twitter) allows users to create parody, satire, newsfeed, commentary and fan accounts that mimic organizations if they indicate that they are “unofficial” or “fan” accounts.

Identifying an impostor

Impostors are damaging not only to an individual’s reputation but also to the U.S. Army. It is important to know the warning signs of a scam or the common identifiers associated with an impostor account.

  • The account is not registered and/or verified.
  • The account has very few photos.
  • The photos are posted in the same date range.
  • The account has few followers or comments.
  • The account name and photos do not match.
  • There are obvious grammatical errors.
  • Key information is missing.

Official accounts will not send friend requests. If you receive a request from an account claiming to be a senior leader, report it.

The individuals or groups establishing impostor accounts can be clever — using different usernames, similar spellings, personal photos, official photos and even changing the nametape on Soldier's uniforms. Remember, anyone in the U.S. Army Family is vulnerable.

A Medal of Honor Recipient was impersonated on X before being awarded the Medal of Honor.
It is important to be aware that X allows parody and fan accounts. Once notified, X marked the account as a “tribute” or “fan” account.

Reporting impersonators

Soldiers, especially leaders, are prime targets for identity thieves who will use images posted online to create fake accounts. It is good practice to search sites regularly for impostors. Impostor accounts are violations of terms of use agreements. Most social media platforms have a reporting system that allows users to report an individual who is pretending to be someone else.

If the platform is unresponsive and the impersonation becomes a threat to reputation or personal safety, contact your local public affairs office or the Digital Media Division for assistance.

Search this page
FIND

SUPPORT

If you are experiencing difficulty with any of the following issues, here are some resources that may help.

REPORTING SCAMS

There are many different types of online fraud and cybercrimes. U.S. Army Criminal Investigation Command (CID) receives hundreds of reports a month from individuals who have fallen victim to a scam perpetrated by a person impersonating a U.S. Soldier online.
Learn how to report a suspected scam

REPORTING IMPOSTORS

Soldiers, especially leaders, are prime targets for identity thieves who will use images posted online to create fake accounts. It is good practice to search sites regularly for impostors. Impostor accounts are violations of terms of use agreements.
Report an imposter social media account

REPORTING MISCONDUCT

Misusing online communications (online bullying), sending harassing or intimidating communications and images, or other online misconduct may violate existing federal laws under the U.S. Code and may also be a violation of the UCMJ. Regulation 600-20 authorizes commanders to punish Soldiers who are in violation of its direction, making failure to adhere to the Army's rules for online behavior a punishable offense under the UCMJ. There are mechanisms for reporting online misconduct.
Learn how to report misconduct.

HAS YOUR OFFICIAL SOCIAL MEDIA ACCOUNT BEEN HACKED?

First, contact the respective social media platform lead at the Office of the Chief of Public Affairs Digital Media Division. The DMD POC will contact the platform on your behalf.
See additional actions and safety guidance.

What PAOs, social media managers, and Soldiers need to know about DoDI 5400.17 CLICK TO LEARN MORE back to top