FBI Portland
Portland Media Office
(503) 460-8060
May 19, 2020

Oregon FBI Tech Tuesday: Building a Digital Defense Against Social Media Scams

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against social media scams.

With our current crisis, millions of Americans are spending a lot more time at home and online these days. Physical distancing means we rely on virtual socialization more than ever, and bad actors know it. Today, a warning to social media users to pay close attention to the information they share online.

Social media platforms have played host to various games and quizzes for a long time, but in this new environment we want to remind you to think before you post.

Many students in the class of 2020 won’t get the traditional graduation ceremony this year. Because of that, there’s a trend on social media to offer your support of these students by posting information about your high school experience, including photos and details such as your school name, graduation year, and mascot. All three are answers to common password retrieval security questions.

Other online games ask you to post a picture of your first car; answer questions about your best friend; provide the name of your first pet; identify your first concert, favorite restaurant, or favorite teacher. Some even ask you to tag your mother, which may reveal her maiden name. Before taking part in what appears to be a harmless social media share, we encourage you to carefully consider the possible negative impact of putting too much personal information online.

There are ways to lock down your sensitive accounts so a fraudster would need more than just the answers to a few personal questions. One great option is to use multi-factor authentication.

There are three categories of credentials: something you know; something you have; and something you are.

  • “Something you know” is your password or a set PIN you use to access an account. The PIN does not typically change.
  • “Something you have” is a security token or app that provides a randomly generated number that rotates frequently. The token provider confirms that you—and only you—know that number. “Something you have” can include verification texts, emails, or calls that you must respond to before accessing an account.
  • “Something you are” includes fingerprints, facial recognition, or voice recognition. This category of credentialing sounds a bit unnerving—but think about how you unlocked your smart phone this morning. You probably have used your fingerprints or face several times today just to check your email.

Multi-factor authentication is required by some providers, but it is optional for others. If given the choice, take advantage of multi-factor authentication whenever possible, but especially when accessing your most sensitive personal data—to include your primary email account, and your financial and health records.

As always, if you have been victimized by a cyber fraud, you can report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov.