Yesterday, myself, along with what seemed like a large percentage of my industry friends on Facebook, received a few new friend requests that appeared suspicious. Some questioned, some accepted and as of this morning, the accounts appear to have been removed.
For a few years now, I haven’t approved friend requests on the social media platform unless I personally knew that person. It’s meant that I’ve probably ignored your request, but please don’t take it personally.
Friends?
Sunday’s friend requests solidify that shill accounts are out there and its hard to determine their true intent. Many of my friends posted the “Not today ISIS!” statement in reference to these requests and it looks like someone in the industry had their Facebook account compromised, which led to these accounts friending many people that I knew. They used the compromised account list of friends to build their own.
A few common indicators of these fake accounts are that there’s nothing available in terms of posts or photos for you to see, other than the persona a quirky guy behind the desk wants you to see. In this case and many others, these accounts are female, attempting to friend males. They typically are either some scantily clad woman giving off the “just looking for a good time” vibe, or like these instances, an outdoor/adventure chick.
While I can neither confirm nor deny that these accounts originated from ISIS or a terrorist network, I do wish Facebook would do more to crack down on these, rather than other things they’re doing in our industry, like trying to shut down gun sales over their network. I get it, but I feel like stopping the intel gathering of foreign interests should be a little higher on the priority list. Surely there’s some kind of alarm that gets thrown when a new Facebook account suddenly sends out dozens of new friend requests. Perhaps though it’s hard to distinguish this activity from another Facebook newbie that’s just found all their friends online.
Remember, loose lips sink ships, which is to say that you need to scrutinize what you put out there publicly on the internet. Just assume that nothing is private and once it’s online, anyone can read it. It’s a good policy to adopt, especially if you’re in the Military, Law Enforcement or another organization that depends on OPSEC (operational security.)
Even if you’re a civilian who thinks that your life is an open book, you definitely have your own OPSEC concerns to worry about. All those places you check into online are leaving a digital footprint and waving a big flag that you’re not at home. Don’t even get me started on the stick figure family stickers on your mini van.
What security practices do you follow online? Post them up in the comments below so we can all benefit from some new ways of staying safe that we might not have thought of.
Additional Resources
- OPSEC and the Media’s Responsibility to Guard our Operational Playbook
- Can Someone Steal Your Identity and Become You?
- Make Your Case: How to Run a Self Surveillance
- iPhone Users: Siri May be Giving Your Personal Information Away Freely
- Protecting Your Identity On the Internet: Fighting Data Brokers
- Can Anyone Truly Be Anonymous Online?
- Securing Your Digital Life: Simple Tips for Your Devices in Public
- Securing Your Digital Life: Home Wireless Networks
Update 160201: I must be on the radar now, I just received another request below. Can you spot the resemblance with the previous friend request? The language is a dead giveaway too.