Washington Soldiers, veterans, and their families can secure their identities by leveraging complex passwords, using password managers, separating work and personal accounts, and enabling two-factor authentication. your online footprint, minimize your online footprint, and avoid fraud.
Derrick Palmer, Supervisory Special Agent in Charge of the Army Criminal Investigation Division, has been in law enforcement for more than 20 years and focused on social media and data privacy for more than nine years.
These public data brokers have access to addresses, email addresses, phone numbers, social media accounts, contact information such as relatives and colleagues, professional licenses, court proceedings and civil lawsuits, and everything else, Palmer said. He says he sells comprehensive reports on someone for as little as $20. May be used in social engineering fraud campaigns.
scam
Current scams include credit repair, cryptocurrencies, social media account takeovers, scams, and two-factor authentication scams, but the biggest increases are credit and romance scams.
“A pretty big problem[for the Department of Defense]is online impersonation accounts,” he said. “It's a multi-layered attack.”
In the case of identity theft, a person impersonates an Army general or chief of staff. The imposter may send messages via text message or social media saying, “I’m in a meeting with a client and I need to get a gift card right away,” or “I’m stuck in Syria and need a gift card right away.” Send a direct message like “I need you.'' To extract $2 billion from Syria. ”
“Will a two-star or a four-star text you?” Palmer said. “Will they use the word 'customer' or will they ask for money?” You are dealing with a scammer. Impersonation accounts are rampant on social media. I started seeing them on Reddit, Quora, and other similar sites. ”
This fraud negatively impacts the reputation of soldiers who are not involved in the fraud.
“I've seen accounts impersonating not only non-commissioned officers but also high-ranking officers,” Palmer said. “It causes some reputational damage to those individuals, their service departments, and the Department of Defense.”
In the case of romance scams, scammers may target men or women over the age of 50 and try to get them to send money. A young woman could seduce a young soldier and end up in a relationship where inappropriate photos are exchanged. The scammer then pretends to be her parents and extorts the soldier's money by telling the soldier that the woman is underage and in possession of child pornography.
Credit repair scams advertise to people that they can help improve your FICO score by 100 points or more. People who are concerned about their credit can improve their credit score by 10 to 20 points by talking directly to creditors and credit bureaus, he said.
Cryptocurrency scams are get-rich-quick schemes and typically offer high returns on investment, he said.
“In a social media account takeover scam, a hacker actually takes control of someone's social media account,” he says. “They can hack into accounts and see information that appears on compromised data sites and password-selling sites.”
For example, let's say your Facebook account is hacked. Passwords are displayed in clear text and hackers buy them from the dark web. They get in and lock the individual out of their social media accounts. They post about fake investment opportunities. Share links about applications designed to collect credentials. Gather personal information about the victim's friends and family. It then uses that to take over their accounts, Palmer said.
In a two-factor authentication scam, the scammer impersonates a friend or contact you need to get your account back. They will ask for your phone number or email.
“If they're your friends or family, they already have this information,” Palmer said.
Scammers may also set up fake online websites or stores. Please check the website URL. For example, Bank of America's URL is boa.com, not bo.a.com. Also check the links in the tab. If you see a broken link, it's likely a fake page, he says.
chip
“One way to protect yourself is to make your passwords complex,” Palmer says. “Many people tend to use the same password between 8 and 14 characters long for multiple accounts.”
To increase password complexity, Palmer recommends using a password manager application such as 1Password, LastPass, Dashlane, Bitwarden, or KeyPass.
When you first set up your password manager, you'll need to create a master password. This is something only you know. “Even these institutions are the masters for password managers. They can't know what their passwords are,” he said. “This is where complexity comes in. Use a passphrase, the spacebar, replace letters with numbers, and put an exclamation mark on the 1. Password managers offer passwords of up to 30 characters, so it's a no-brainer for hackers. It becomes more difficult.”
Palmer recommends silos of trash cans. What this means is using separate email addresses for social media, home life, rewards programs, and work.
“When we start separating our lives into these buckets and silos, we want to focus on data breaches. When a company is breached, when you sign up for an account, what does that organization say about you? “Does it hold any information?” he said.
“Using the same email address in all these different types of silos increases the potential for compromise and information leakage,” he added.
He said two-factor authentication is not 100 percent effective, but will develop defenses against social media, email and financial information websites.
Mr. Palmer also suggests giving false answers to account security questions.
“The same questions tend to be used on different platforms, and people tend to carelessly post information on social media,” Palmer said. “We don't naturally look at it through an (operational security) lens on social media.”
He recommends intentionally giving false answers to security questions. He also recommends using a VPN and using all security and privacy features on social media sites.
Palmer said that while soldiers, veterans, and their families can never be 100% safe in the cyber realm, these tips can help them better protect their information from fraud. said.
“Siling your accounts, using very complex passwords, and using password managers and two-factor authentication creates more work for hackers to target your information,” Palmer said. said. “It reduces cyber risk and adds an extra layer of defense.”