Tyler Cohen Wood is an expert in social media and cyber issues. She is a senior officer and a
cyber branch chief for the Defense Intelligence Agency (DIA) within the Department of Defense (DoD) where she makes decisions and recommendations significantly changing, interpreting, and developing important cyber policies and programs affecting current and future DoD and Intelligence Community policies.
All views expressed on this site are my own and do not reflect the US government, my employing agency or any prior employers.
Stay tuned for updates on protecting yourself and your children in the online domain.
Social media is the easiest way to connect and keep in touch with friends and relatives. Most people have at least one social media account that they use to regularly check into places, like bars and restaurants, and post photos and status updates. Now that the holidays are around the corner, social media is a fun way to let friends and family know about our exciting vacation plans.
For example, maybe every 4th of July, Thanksgiving and Christmas you go to your in-laws’ home in Florida and look forward to it every year (like I do). Maybe you post a status update saying, “Can’t wait until Wednesday when we get out of the cold and enjoy the beach in sunny Florida.” While you’re there, maybe you post photos of the turkey and status updates showing your visit to the classic car museum and check in at the Sarasota Art Festival.
But, could you unknowingly be giving away information to people who might not have good intentions, making you an easy target for fraud or crime?
Last Christmas, my friend J. was going to California for a visit. She was exhausted from just having finished painting her house, according to the many photos she posted to social media, and was really excited to get away. She began posting status updates to her social media accounts counting down the days until she got to enjoy ten whole days of vacation. While in California, she posted photos and status updates showing the fun things that she and her family were doing. Tanned and feeling refreshed, she came home to find that her house had been broken into and she had lost irreplaceable family heirlooms. What could have happened?
Every time you take a photograph with your smart phone, by default, the camera in your phone is set to capture what is called EXIF data as part of the photo. EXIF stands for “Exchangeable Image File Format” and includes the date and time that the photograph was taken, the exact geographic coordinates, with latitude and longitude, and some other identifying information such as the serial number of the camera. You can’t see the EXIF data in the photograph unless you use special tools that are easily found and accessible to anyone for free on the Internet.
Some social media sites will strip out EXIF data when you post a photo, but not all of them do. For the social media sites that don’t strip it out, anyone who can access your social media can download the photo with its EXIF data, use a free tool to map the exact location of where the photo was taken in just a few seconds. J. had posted many photos to social media showing her recently repainted house. Anyone who had access to her social media sites that kept EXIF data could have easily deduced her exact address based on these photos. By talking about when she was going to be away, she was basically saying, “My house will be empty.” By posting her photos and “checking in” to places while on vacation, she was confirming that she was indeed away. Upon close examination of her social media, she found out that some of the settings on some of her social media sites were set to allow anyone to view her posts.
So how can we learn from J. and take some quick and easy steps to protect ourselves while traveling during the holiday season?
1. Turn EXIF data off when taking photographs that you plan to post to social media. There is a setting on your smart phone, no matter what brand or model of phone you have, that allows you to turn off EXIF data.
2. Do not mention exact dates on social media of when you are going to be out of town.
3. Be cautious about “checking in to” places on social media. When you check in, you are using location services that allow anyone with access to your social media an approximate location of where you are at a given time.
4. Monitor your privacy settings on social media. Because terms of service and default settings can change at any time, make sure that you frequently check your social media privacy settings to allow for optimal privacy.
Performing these simple steps won’t take much time or effort. This time of year is busy and stressful enough — why have something else to worry about? By following these quick tips, you can help ease your mind and have a safe, happy holiday season.
Tyler Cohen Wood is a Cyber Branch Chief at the Department of Defense (DoD). She has 14+ years of experience with Cyber forensics, supporting DoD and law enforcement. In her upcoming book, Catching the Catfishers: Disarm the Online Pretenders, Predators, and Perpetrators Who Are Out to Ruin Your Life, she discusses privacy and how to protect yourself online.
All views are my own and do not in any way reflect those of my employing agency or the United States Government.
According to a CNN article (http://www.cnn.com/2014/06/24/us/kfc-incident-questions/) by Ashley Fantz and Ralph Ellis, 3 year old Victoria Wilcher and her grandmother went to a KFC restaurant to eat. Victoria had been attacked by a pit bull dog and had extensive facial wounds and other injuries. Victoria’s grandmother claimed that KFC asked them to leave because Victoria’s injuries were upsetting the other customers. Victoria’s family posted the story to Facebook and created a donation site on GoFundMe.com, a crowdfunding site. After much public outcry, KFC offered to pay $30,000 to Victoria’s family to help with medical bills. The crowdsourcing site brought in over $300,000 in donations. However, after KFC conducted an investigation, it appeared as if the story was a scam. The hoax was perpetrated by Victoria’s family to raise sympathy and donations to pay for Victoria’s medical bills. KFC honored its commitment to pay the $30,000.
Crowdsourcing is a way for people to get money to fund a project, invention or charity with donations from many people. Often times, this is a great way to help people in need or to help out a great project that would have otherwise never gotten off the ground, but how can we make sure that we are not donating to a hoax or being scammed out of our hard earned money? Follow the 5 tips below to help you identify if the project or person you are planning to fund is the real deal.
1.) Make sure the person is real. A lot of crowdfunding sites will do some diligence to make sure that the person asking for funding has a Facebook page, but remember, anyone can make a Facebook page. Analyze the page to see if it looks legit. Do they have friends that they engage in frequent banter with? Do other people comment on their page as if they know them or does it appear as if the Facebook page just has “filler” friends? Do they just have one social media site or can you find a record of them on other sites? Does the page have a normal timeline as if it has been around for a while or just a very brief timeline? A brief timeline might be an indicator that it might have been created shortly before asking for funding.
2.) Research public records on the person planning the project. Do an online search for public records of anyone whose project you are thinking of funding. This includes looking at public court documents such as bankruptcy filings.
3.) Look at their work history. Look at their professional social media. Do they have a credible professional social media site with a good work history showing experience in the area of the project they are trying to fund? Do they have references or colleagues that endorse them? You can also reach out to a colleague who has endorsed them and ask questions about the person.
4.) Look at their personal social media. A person asking for funding via their social media should have pretty open privacy settings and so you can piece together a pattern of life on the person in question. Look for red flags such as a person posting a lot about partying or other things that might make you deem them as not being reliable or putting their all into the project you are helping to fund.
5.) Look for multiple funding sites. Is this person trying to fund the same project on multiple crowdsourcing sites? This could be a red flag that they are just trying to make money from as many people as possible with no intention of actually conducting the project.
By following these 5 tips, you can help protect yourself from being the victim of a crowdsourcing scam and feel more comfortable that your hard earned dollars are going toward a good cause.
Protect Your Business
Check back regularly for tips on protecting your business and its data