ROBINS AIR FORCE BASE, Ga. -- Clicking on your favorite social media app, you notice you’ve got a new friend request. The request is from you. The profile picture is of you. The name is yours. Is this a prank? Have you been hacked? What just happened?
In the current environment of social media saturation and identity theft, this type of situation has happened.
The new threat of cloned or imposter social media accounts is a current priority concern for operations security personnel.
The threat
According to Air Force Reserve Command Intelligence, open sources report that cyber actors and terrorists use multiple fake personas on social media to target Defense Department personnel.
The simple process of creating phony online social media accounts and profiles provides imposters the ability to gather information on everything from weapons systems, troop deployments and other sensitive material by reviewing postings, pictures and friend requests of DoD personnel.
“Operations Security should always play a big role in how social media is used,” said Erick Holloway, AFRC OPSEC program manager. “Everyone must remain cautious when posting personal and work-related information.”
Imposters can use these “friendly” and seemingly harmless personas to interact with unknowing targets to subtly extract information, including the identities of friends, work locations, relatives and associates who may also be targeted.
That gathered information can target those without social media accounts, because imposters may steal personal identification attributes and set up accounts using that information and the victim’s likeness.
The defense
Imposters can be clever, using different user names and spellings that are close to correct and personal or official photos.
Here are some warning signs of a scam or common identifiers associated with imposter accounts:
- The account is not registered.
- The account has very few photos.
- Photos are very new and reflect the same date range.
- The account has very few followers and comments.
- Official accounts will not send friend requests.
- The account name and photos do not match.
- There are obvious grammatical or spelling errors.
- Key information is missing.
OPSEC officials highly recommend not accepting friend requests from individuals not personally known.
They also recommend frequently searching one’s own name using a search engine. When searching, include like or close spellings since imposters often use similar spellings to remain undetected. Officials also encourage privacy settings at maximum levels on all computers, phones and tablets that contain personal data.
“It’s each member’s responsibility to ensure external website applications that are enabled on personal devices only have access to noncritical information,” Holloway said.
For more information on social media privacy settings check out the link.