National Cyber Security Awareness Month 2019 Wrap Up
I know I only promised a three-part series, but National Cyber Security Awareness Month was just so busy, I wanted to collect a few final thoughts before we rush headlong into the 2020 Holiday Season. This year I revisited what I see as the three most commonly overlooked aspects of cybersecurity; passwords, updates, and netiquette. I could say there was no P.U.N. intended. But, there totally was. There’s also a very serious side to the intersection of these three concepts, and with that, it’s story time!
My most recent brush with cybercriminals came just this weekend. You see, a dear friend of mine of 15 years passed away last week with no immediate family left to take care of his last wishes and make funeral arrangements. As devastated as I was to be the mouthpiece for this intensely sad information, I found solace in the ease with which Facebook facilitated finding and contacting his surviving family and notifying our vast network of friends all over the country. I had the unenviable task of setting his last wishes into motion, rallying a small group of our mutual friends to identify and claim his remains, and now planning an obituary, eulogy, and memorial service. It might have been midterms week too, I barely noticed.
What does this have to do with cybercriminals? Well, I created a Facebook Fundraiser to raise money to cover the costs of the funeral arrangements. It wasn’t until a few days into the fundraiser, Saturday to be specific, that friends of mine started to ask me if I had messaged them about buying gift cards for the fundraiser. They told me someone with my shortened name, not my full name as it appears on Facebook, had messaged them asking for Amazon gift cards. They even used my current Facebook profile photo.
Naturally this was a scam, but the criminals were able to effectively target everyone who had donated to my friend’s funeral fundraiser because it was public. They even harassed the family of the deceased about buying gift cards and tried to make them feel bad when they didn’t comply. At least five reports were sent to Facebook by my friends, reporting the profile as impersonating me. After each report an email would arrive telling me it had been reported, then another declaring that the user wasn’t impersonating me or violating any standards. One by one, they went ignored, even though this was happening to dozens of people by this point, all of them emotionally vulnerable after having lost our dear friend.
Sometime Sunday, suddenly, the name on the conversation changed from mine to another Facebook user. I looked the user up, and I wasn’t able to find the imposter account, but I was able to find the original account these criminals were about to impersonate and go after next. The only thing we had in common was we’re both running a Facebook Fundraiser that was marked as public instead of private. That’s when I took the issue to Twitter, as Facebook had officially ignored all our reports. I felt helpless to warn the next victim and his list of friends and family who were about to get spammed, or worse, scammed by these criminals.
Even though my account password was fine, my identity was not. My friends are smart folks, and also know I don’t use sloppy grammar, even in private messages. They used their own netiquette to discern that something wasn’t right with the conversations they were presented with and did the right thing by contacting me directly offline. I immediately broadcasted what was happening and made reports of my own. Luckily for me, the criminals moved on. Unfortunately, it wasn’t because their account had been deactivated, but to try again with someone else’s stolen Facebook identity. Something just as important as knowing where you are on the Internet, is knowing who you are talking to. Even when the name and face might match a close friend, be aware of how they type, and know whether or not they would be asking you to buy gift cards online.
I know that’s a somber note to end National Cyber Security Awareness Month with, but I think it drives home the point that cyber criminals are always out there waiting, especially when we’re at our most vulnerable. We must stay vigilant when we’re out there on the Internet, adopt a netiquette and set of rules for yourself and your family when they’re online. And be sure to let them know, as a rule of thumb, anyone asking you to buy gift cards online in a private message is probably trying to scam you. For those interested, here’s a link to my thread on Twitter complaining to Facebook about the attempted fraud.