There has been no shortage of cybersecurity-related public service advisories from the Federal Bureau of Investigation over the last few weeks, with the holiday season firmly upon us. From retail brand impersonation scams, cash-stealing malware that can empty your bank account, and even fake Feds compromising passwords. But the latest, published December 5, has to be the most insidious and disconcerting yet. Here’s the social media photo attack that the FBI has warned all citizens to take steps to mitigate against.
Altered Social Media Photos Used In Attacks, The FBI Has Confirmed
While we the media, at least the part most interested in the consumer cybersecurity sector, have a tendency to focus headlines on things such as password compromise and Windows security updates, the breadth of attack types and sheer depth of depravity to which cybercriminals turn are almost endless. If ever there was a reminder of this, then the FBI public service alert I-120525 is it.
Criminals are “altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams,” the FBI has now confirmed.
Such virtual kidnapping is not, in and of itself, new. However, the now ubiquitous nature of social media networks, whether in the form of Facebook, LinkedIn, X, or others, has escalated the threat to a point where the FBI has felt the need to issue a critical warning for every citizen.
The threats actors will, the FBI said, contact people through messaging that claims a loved one has been kidnapped, and include “seemingly real photos or videos of victims along with demands for ransom payments.”
Leveraging threats of harm, significant claims of violence are the precise words used in the FBI PSA, an immediate payment is demanded and hence the pressure piles on. “Criminal actors will sometimes purposefully send these photos using timed message features,” the FBI warned, “to limit the amount of time victims have to analyze the images.”
FBI Issues Social Media Photo And Virtual Kidnap Attack Mitigation Advice
The FBI has recommended the following actions to mitigate falling victim to such a virtual kidnap scam:
- When posting missing person information online, be mindful that scammers may contact you with fake information regarding your loved one.
- Avoid providing personal information to strangers while traveling.
- Establish a code word only you or your loved ones know that you can use to communicate.
- Stop and think; do the kidnapper’s claims make sense?
- Always attempt to contact your loved one before considering paying any ransom demand.
