About Us Contact Us
Login to

Cybersmart(er) Series: How to Stay Safe and Social Online


We are often taught that being a good person means giving other people the benefit of the doubt. We’re told to trust someone until they give us a reason not to because that’s how you build a healthy connection, right? Not necessarily.

As technology evolves and socializing online becomes the norm, cybercriminals are finding new ways to exploit these cultural changes for their own gain. Though it is possible to have safe connections with the people and content you find online, the sharing of personal or private information combined with our instinctual desire for validation, when channeled online, can become downright risky. Being able to filter safe content and safe people from the criminals and scams is a necessary skill when engaging in today’s online community.

This installment of the ongoing Cybersmart(er) series focuses on social cybercrimes, including romance scams, social media account hijacking and sextortion, and tips on how you can protect your own identity, safety and finances.

Identity Threats

Job Scams

The sudden increase in remote working as a result of the pandemic has inadvertently led to an increase in online job scams, causing a reported $68 million in losses for Americans in 2022. In this cybercrime, victims unknowingly apply for a fraudulent job position, divulging personal information or even sending money during the application or onboarding process. Because this scam closely mirrors the typical hiring process, it can be hard to detect, but there are ways to protect yourself when applying for jobs online, including the following tips:

  • Use discretion regarding the personal identifying information you share and when in the hiring process you share it;
  • Be cautious about making cash payments of any kind, ask for an explanation if a payment is requested and be mindful that scammers will most likely request payment through Zelle, PayPal, Venmo, etc.;
  • Scrutinize email addresses. Legitimate company recruiters often contact hires using an email account that ends with @companyname.com not a personal email like at @gmail.com, @yahoo.com, etc.; and
  • If you find a job posting on a legitimate job search platform, check the actual company’s website for the job posting and for the name of the contact listed in the job posting.

Account Takeovers

Although not commonly referenced as such, social media pages and online profiles can be likened to identification documents, similar to a virtual ID card or passport because of the mountain of information they hold. Cybercriminals can, therefore, have a lot to gain by hacking a social media account, which is why social media account hijacks, also called social media account takeovers, are increasing faster than any other type of identity crime.

In a social media account takeover, criminals combine social engineering, hacking and phishing techniques to take over a victim’s account. Once in, they have access to the victim’s sensitive data, including the identity of friends, and may lock you out of your own account. Then, criminals can wreak social havoc using your profile and can even sell your private information or account on the black market.

To protect your social media account from takeovers:

  • Install identity protection services on your devices to alert you of suspicious links and changes to privacy and security settings on social media accounts;
  • Know the signs of social engineering and phishing;
  • Pay special attention to inconsistencies in your friends’ online communication patterns (e.g., if a friend never sends you links to content but suddenly does, their account might be hijacked, and the link could be a phishing attempt); and
  • Inform followers and/or friends immediately if your account has been compromised.

Physical Threats

Vacation robberies

If you regularly post photos from your travel or even a fun day out without a second thought, friends may not be the only people taking note. Criminals also use social media photos as a tool to determine which homes to target in vacation robberies, especially when location settings confirm you are away. To avoid giving information to criminals that may be shopping for their next target:

  • Wait until you return from your trip or outing to post photos; and
  • Do not add location tags to social media photos and posts.

Sextortion

Sextortion has occupied the news lately, especially after a recent Senate hearing with social media CEOs. Outraged advocates claim video games, online chats and social media platforms are being used by predators to target vulnerable victims and children.

Sextortion online often begins as exchanges of images or media with someone with whom the victim has established a certain level of trust, only for such materials to be used as blackmail or shared with unintended third parties by the cybercriminal later. To avoid becoming a victim of this cybercrime:

  • Refrain from sending sexual content or personal contact information virtually;
  • Protect yourself from hacking attempts to steal sexual images by removing or refraining from posting explicit images on online platforms;
  • Monitor children’s online accounts for suspicious activity, review their social media privacy settings and teach them to report threats;
  • Cover phone cameras, webcams and recording devices when not in use; and
  • If you suspect that you or someone you know is communicating with a predator, save all conversations and report them to tips.fbi.gov.

Cyberstalking

Cyberstalking is the use of technology to stalk or harass someone online and is an extension of in-person stalking. There are many types of cyberstalking like excessive and persistent messaging, releasing a victim’s confidential information online (doxing), hacking into a victim’s phone or laptop camera and threatening or blackmailing. All are becoming more common each year with 4 out of 10 Americans claiming they’ve experienced online harassment. Although online, cyberstalking leaves victims fearful for their safety and negatively impacts their overall well-being and health.

Some ways to prevent cyberstalking are:

  • Create strong passwords for online accounts and use strict privacy settings;
  • Use a pseudonym or only part of your name online to make it harder for people to find you;
  • Leave parts of your online profiles empty of identifying information; and
  • Only friend people online that you know in real life.

Financial Threats

Fake shopping websites

Social media sites like Instagram and Tik Tok have become shopping platforms for many people who want to stay up to date on the most recent products and trends. Along with their own dedicated marketplaces, they also host digital ads that link to third-party commerce sites. However, as with all online activity, it is important to use discretion about which websites you browse. Many fake shopping websites exist that promise to deliver products and do not or pose as a real company only to collect your financial information. Repeated exposure to the same shopping ads only makes it easier to fall victim to these sites.

Before buying anything online:

  • Hover over any link before clicking it to make sure it’s going to the destination you intend to visit;
  • Purchase a product only after locating it on a legitimate website you know is real; and
  • Use a credit card to make online purchases as they are more likely to offer fraud protection.

Romance Scams

Catfish, Tinder Swindler, Dirty John. For years, romance scams have been a cultural fascination. Despite awareness of the topic, in real life, the number of romance scam victims and the financial cost of these scams continue to increase. The Federal Trade Commission reported $547 million lost to romance scams in 2021, up nearly 80% from 2020. This increased to $1.3 billion lost in 2022.

Romance scams often begin online or through dating apps with victims who believe they’re building a genuine connection with someone only to find out the person they’ve grown attached to is out to scam them. Common romance scammers pretend to be soldiers, people who travel for work or people working for an international organization. This positions them to have an explanation for why they can’t meet you in person or for why they need your financial assistance when a crisis ensues. Although it can be hard to detect a romance scammer, especially when your emotions are involved, keep these tips in mind when engaging in online communication:

  • Use an alternate phone number (e.g., Google number) for a social media or dating profile or before meeting someone in person to avoid falling victim to identity theft, which could lead to financial ruin;
  • Listen to your gut and beware of curious phone and video behaviors that scammers use like someone not being willing to video call but willing to send video recordings, speaking with an accent randomly, not moving in a live video call, calling from different or blocked numbers, always speaking on video calls while in the dark, etc.;
  • Never purchase gift cards or send money (electronically or otherwise) to someone you’ve only met online or via video;
  • Take note of frequent or suspicious crises or requests for money no matter the amount; and
  • Never download apps sent to you without independently confirming the app is safe.

Takeaway

Online communities like social media are important parts of many people’s lives, allowing individuals to connect in remarkable ways. This also allows for threatening and criminal cyber-behavior, which is why engaging online requires an understanding of not just your friends but the cybercriminals and dark possibilities scrolling in your feed, too.

For more tips on how to protect yourself online, visit the National Security Agency’s Keeping Safe on Social Media page at www.dgaplans.org/nsa-social-tips.