Digital Defenses - Cyber Self Defense

The Social Media Sanitation Issue

April 09, 2024

“No way would I fall for that!”

A scam call, that is.

Except we do… Even the batshit crazy ones.

This story has it all. $50,000.00. A shoebox. A stranger’s SUV. An “Amazon” call. The FTC. The CIA. Money laundering. Drugs. Even murder!

Nobody would believe any of it!

I mean, after all, we’ve all heard the warnings.

  • Don’t give personal information to “customer service agents” who call to warn of suspicious activity

  • Don’t click on email links from unfamiliar addresses

  • Don’t hand over social security or banking info

But what if you already have?

What if all of your personal information is already out there?

You may have heard what happened to financial columnist Charlotte Cowles, and how she was scammed out of $50,000.00 in cash.

No way, right?

I thought the same thing when I read the article, but the fact of the matter is…

Americans Lose $40 Billion a Year to Phone Scams

There were obvious red flags, and we’ll get into those, but in a follow up interview she made it clear that it was the volume of information the scammers knew about Charlotte and her family that overwhelmed her spider senses.

How could they know so much about her if it weren’t real?

The thing is, it’s remarkably easy to learn about people, because we share way too much.

And what we share never goes away.

A simple selfie captioned “I look good for 40!” might seem like innocent fun, but your date of birth is now public knowledge.

Scammers use publicly available data to build profiles of their victims.

How?

It often starts with a data breach like the ATT breach that’s been in the news.

The names, social security numbers, addresses, and phone numbers of a whopping 73 million past and current customers all for sale on the dark web.

(If you’re not familiar with the dark web, we’ll bring you up to speed in the next issue.)

Here’s How it Works

The scammer buys up some of that data, and then starts building profiles.

Let’s say one of those people in the data the scammer purchased was Susie Johnson.

I’m looking at real LinkedIn page. Let’s say it was Susie’s (not a real name). The page lists many details about this person’s education and career:

  • Where she went to school

  • What she studied

  • What sorority she was in

  • What activities she did

  • Where and when she volunteered in Africa

  • Where she’s worked

  • Who she’s worked with

  • Where she lives

All that information from just this one page.

And it’s a jumping off point.

With one quick search, I even know she reports to Fran at her current position at Acme Heavy Industries!

Now, I’m no detective (nor am I a creep) and we’ve made our point, so I’m stopping there.

What more could be found on Facebook, Instagram, Twitter, what could be gleaned from contacts and colleagues?

“Hi this is Fran’s new assistant, Kim. I’m working on the guest list for this year’s office party, can I get your husband’s name?”

This can happen to anyone. So, the question is, what’s out there about you?

Are all your social profiles private?

Fix that.

Do you have any friends/followers you don’t actually know?

Delete them.

Do you over share?

Stop, and go back through old posts to clean up.

To properly sanitize your social media and leave a cleaner online footprint takes more than simply switching to private and cleaning up your posts.

You also have to watch what you say, because even in private others can share.

Use generic phrases like my eldest, my youngest, and my partner so you don’t give scammers details to use against you.

As mentioned, there were red flags in the call Ms. Cowles received, but they knew her…

  • Social security number

  • Child’s name

  • Address

  • Husband’s name

Every time she had a doubt they hit her with another detail.

They kept her off balance.

They kept her on the phone. No break to stop and process the red flags.

That’s why they collect so much information, and why it’s so important that you don’t put that information out there.

Now, let’s look at some of the red flags.

  1. The caller said they were from Amazon. Amazon will not call you over suspicious activity.

  2. The caller “transferred” the call to a fake federal agent. How?

  3. The fake federal agent then “transferred” the call to another fake federal agent at a different agency. How?

  4. The FTC investigates civil antitrust.

  5. The CIA gathers and analyzes foreign intelligence.

  6. Law enforcement will not tell you not to speak with an attorney.

These are all obvious, but a total stranger giving you your own social security number, naming your child, and telling you you’re under suspicion of money laundering, drugs, and murder?

Your brain can seize up.

That’s what happened to Charlotte. That’s why she put $50k in a shoebox and dropped it through the open window of an SUV.

Your best defense is not making ANY of those details public to begin with.

But, if it’s already out there, and you get a call from “Amazon,” you can tell ‘em exactly where they can stick it.

Fin

Have a friend that might enjoy Digital Defenses? They can subscribe at the link below.

Readers of Digital Defenses might also enjoy the Morning Brew Newsletter for a personalized news experience with a bit of cheek.