Building a digital defense against social media scams

With the current crisis, millions of Americans are spending a lot more time at home and online these days. Physical distancing means we rely on virtual socialization more than ever, and bad actors know it.

Social media platforms have played host to various games and quizzes for a long time, but in this new environment, the FBI would like to remind the public to think before posting.

Many students in the class of 2020 won’t get a traditional graduation ceremony this year. Because of that, there’s a trend on social media to offer your support of these students by posting information about your high school experience, including photos and details such as your school name, graduation year and mascot. All are answers to common password retrieval security questions

Other online games ask you to post a picture of your first car; provide the name of your first pet; identify your first concert, favorite restaurant or favorite teacher. Some even ask you to tag your mother, which may reveal her maiden name.

Before taking part in what appears to be a harmless social media share, the FBI encourages everyone to carefully consider the possible negative impact of putting too much personal information online.

There are ways to lock down your sensitive accounts so a fraudster would need more than just the answers to a few personal questions. One great option is to use multi-factor authentication.

There are three categories of credentials: something you know; something you have; and something you are.

“Something you know” is your password or a set PIN you use to access an account. The PIN does not typically change.

“Something you have” is a security token or app that provides a randomly generated number that rotates frequently. The token provider confirms that you — and only you — know that number. This can include verification texts, emails or calls that you must respond to before accessing an account.

“Something you are” includes fingerprints, facial recognition or voice recognition. This category of credentialing sounds a bit unnerving, but think about how you unlocked your smartphone this morning.

Multi-factor authentication is required by some providers, but it is optional for others. If given the choice, take advantage of multi-factor authentication whenever possible, but especially when accessing your most sensitive personal data — including your primary email account, and your financial and health records.

As always, if you have been victimized by a cyber fraud, you can report it to the FBI’s Internet Crime Complaint Center at


More In Business