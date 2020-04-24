PITTSBURGH, W.Va. – The FBI Pittsburgh Field Office issued a release warning social media users to play close attention to the information they share online through popular social media trends, as many can lead to fraud.

The release stated that while a number of trending social media topics feel like fun games, they can reveal answers to very common password retrieval security questions . Fraudsters can then leverage this personal information to reset account passwords and gain access to once-protected data and accounts.

The release stated that one recent example of this is the high school support photo trend, which encourages users to share their high school photo in support of the class of 2020. Officials with FBI Pittsburgh said that many people are including the names of their schools and mascots, along with their graduation years, which are all possible answers to common password security questions.

The release stated that other examples of this include posting a picture of your first car, answering questions about your best friend, providing the name of your first pet, identifying your first concert, favorite restaurant or favorite teacher or tagging your mother; which may reveal her maiden name.

The release stated that the FBI is encouraging social media users to be vigilant and carefully consider the possible negative impact of sharing too much personal information online. Additionally, the release urged social media users to check their security settings to ensure they are set to the appropriate levels and enable two-factor or multi-factor authentication when available. Authentication is a process that requires users to prove who they are in more than one way while accessing an account, according to the release.

The release stated that there are three categories of credentials: something you know; something you have; and something you are.

“Something you know” is your password or a set PIN you use to access an account. The PIN does not typically change.

“Something you have” is a security token or app that provides a randomly generated number that rotates frequently. The token provider confirms that you—and only you—know that number. “Something you have” can include verification texts, emails, or calls that you must respond to before accessing an account.

“Something you are” includes fingerprints, facial recognition, or voice recognition. This category of credentialing sounds a bit unnerving—but think about how you unlocked your smart phone this morning. You probably have used your fingerprints or face several times today just to check your email.

Officials said that multi-factor authentication is required by some providers, but optional for others. The release recommends that if given the choice, users should take advantage of multi-factor authentication whenever possible, especially when accessing sensitive personal data such as a primary email account and financial and health records.

Cyber fraud can be reported to the FBI’s Internet Crime Complaint Center at www.IC3.gov.