How to best protect against online scams targeting service members

When a fake Twitter account of then-US Africa Command commander General Stephen Townsend surfaced last year, it prompted the command to issue a warning about online scams.

However, Townsend is by no means the only senior executive or service member whose online identity has been compromised. According to some experts, scams against military personnel are even on the rise.

In August, cybersecurity firm ZeroFox released its second white paper on military fraud, emphasizing that today’s threat landscape is shaped by the war between Russia and Ukraine, rising economic instability and a growing political divide.

It also highlighted that as of June 30, more than 700,000 consumer reports from service members — active duty, reservists, veterans and their families — have been filed with the Federal Trade Commission since 2018. Losses total more than $718 million with a median loss of $650.

“Every day, the US Department of Defense information network processes 48 million emails, 174.8 billion cybersecurity events, 420 million marketing and phishing attacks, and 1.5 billion malicious cyberattacks are blocked,” said a Navy awareness release for cybersecurity.

As online scams targeting active and retired military personnel and their families grow exponentially, experts are touting some basic reminders to prevent the military community from falling victim to such dangers.

TIED TOGETHER

According to ZeroFox’s Maj. Brian Kime, love scams are one of the top military extortion tactics — when a criminal adopts a fake online identity, often impersonating military personnel, in order to build an illusion of affection and trust before exploiting their victim.

This catfishing behavior reportedly works well because the military uniform is seen as a sign of trust. Additionally, due to the nature of their job, service workers are often familiar with cash transfers.

Kime, who has spent the past 20 years in the US Army Reserve’s Innovation Command and was once deployed to Afghanistan, also shared that crypto and investment scams have increased during the pandemic.

Over the summer, during a House Committee on Oversight and Reform subcommittee hearing, lawmakers debated the rise in financial fraud targeting the military community.

“It is particularly shameful that the scammers use their target’s sense of duty and patriotism to their fellow officers and veterans to exploit them,” Rep. Stephen Lynch (D-Mass.) said in his opening statement.

During the hearing, Malini Mithal, an FTC official, said the most common complaints for military consumers ranged from identity theft and fraud to fraudulent business opportunities and fake investment plans.

Knowing these incidents are on the rise, Kime pointed to some key ways the military community can better protect themselves online.

For one, he shared that military personnel should not make their official military portrait their profile photo on social media sites like LinkedIn. When troops post a photo of themselves in uniform, he added that they should be aware of the platform’s privacy controls so they understand who has access to those images.

Additionally, service members are less likely to steal their identities and information by hiding contact information, using unique passwords, and opting in for multi-factor authentication.

As more people connect digitally, Army Criminal Investigation is also highlighting common red flags and offering insights into how troops should respond when scammed.

“If you have fallen victim to a victim [c]Trust/[r]omance scam, do not send the cybercriminal any money and report the social media platform attacker’s account,” Special Agent Deric Palmer said in an Army publication earlier this year. He added that if money has been provided to a scammer, one should contact local law enforcement as well as the local CID office for a tip.

TIED TOGETHER

All of the advice, of course, comes against the backdrop of the Department of Defense’s first-ever social media guidelines, released in August, urging tighter management of the Department of Defense’s official accounts.

“It’s a good first step,” Kime said of the policy, but “it has some pretty significant loopholes,” including discouraging the creation of an official account for each entity, which he believes should be done to stop spawning fake ones prevent accounts.

Kime also said he believes reform is needed to update a related policy that provides online protections for a specific group of senior Pentagon officials. The nature of the people on the list, he argues, is not comprehensive enough and should include all levels of troops who have been victims of or are vulnerable to abuse.