June 16, 2024

Special Agent Johnny Guerrero from the 16th Air Force Cyber Investigation and Operations highlights a need for increased skepticism in the online space, echoing the cybersecurity adage of “never trust, always verify.” As a cybersecurity expert, Guerrero plays a pivotal role in combating online threats affecting U.S. Air Force personnel and their families.

A large amount of publicly available information on the internet can also serve as an attractive target for cyber fraudsters. According to Guerrero, cyber criminals conduct an online ‘reconnaissance’ of potential targets, using the personal details shared online to make their scamming attempts more personalized and plausible.

Cyber criminals typically compromise social media accounts or create fake identities to deceitfully extract information or money from unsuspecting users. Their fraudulent strategies are often adaptable, based on the victims’ online behavior and preferences. Such information allows scammers to target users using tools typically employed by advertisers – such as targeted ads.

Guerrero advises online users to be especially vigilant about suspicious interactions online, since scammers may try to impersonate their loved ones. As per the Federal Trade Commission, 44% of all reported instances of online fraud in the first half of 2023 were related to social media, with a considerable $2.7 billion in losses from social media scams – a figure that is possibly only a fraction of actual losses, considering under-reporting of such incidents.

Master Sgt. Joseph Witz, the 16th Air Force A39 OPSEC Program Manager, stresses the need for users to be mindful about the information they share on social media, as it may be weaponized by cyber criminals to gather sensitive information, and also cautions against sharing personal details in comments to public posts.

Fraudulent activities on online dating websites were also reported by FBI to be a source of significant user losses in 2022, amounting to $1.3 billion. On a similar vein, Guerrero warns against an updated version of the ‘romance scam.’ Here, scammers phish for victims’ voice samples via unsolicited calls, then use AI technology to mimic the victims’ voice to scam their loved ones.

Scammers usually initiate their fraudulent activities with seemingly harmless friend requests, followed by manipulative tactics like ‘love bombing’ and requests for financial assistance. Often, these impersonations involve stolen pictures and personal details, making them appear more genuine.

Maj. Aaron Williams, 16th Air Force A35 senior intelligence officer, shares his insights on how cyber criminals may attempt to compromise devices and communication channels of U.S. Air Force personnel for valuable intelligence. He emphasizes on the importance of strong authentication measures and good password practices.

Williams also advises personnel to secure their devices, cautioning against leaving them unattended, especially in open areas. Mobile devices are particularly vulnerable, and when connected to wired networks, they provide potential entry points for cyber attackers.

Scammers typically avoid any direct face-to-face interaction, instead preying on victims’ emotions and vulnerability with concocted stories to extort money. Guerrera urges vigilance and continuous education to tackle cyber scams: “People keep falling for scams”, he says.

Guerrero advocates for the use of ad-blockers and script-blocking browser extensions to enhance online safety. Also, any suspicious-looking links should be left unclicked. Equip service members with the necessary tools and information to safely navigate online spaces, and you ensure a resilient defense ecosystem.

For more detailed information on how to identify, avoid, and report scams or recover money lost to scammers, visit [ftc.gov/scams](ftc.gov/scams). If you suspect a scam, report it to the FTC at [ReportFraud.ftc.gov](ReportFraud.ftc.gov).


Frequently Asked Questions

How do online scammers operate?

Online scammers typically create a false identity or compromise existing online profiles to manipulate and exploit unsuspecting users. They gather information from the victim’s online presence and behavior, then use this information to build a plausible narrative, such as masquerading as a loved one or an acquaintance.

What is the ‘romance scam’?

In a ‘romance scam’, fraudsters target individuals looking for companionship or romance, usually on dating sites. Traditional romance scams involve manipulating victims into sending money. A newer version involves obtaining the victim’s voice sample (using AI technology) to impersonate the victim and defraud their loved ones.

How can users protect themselves against online scams?

To protect against online scam, users are advised to always verify any suspicious online interactions, be sceptical of any unsolicited requests (especially on social media), and be cautious when sharing personal information online. Strong password practices, multi-factor authentication, and using ad-blockers can also enhance online security.