How can information on social media sites be used to steal your identity, compromise your financial accounts or endanger the Navy's operations?

Maybe you've had someone steal your credit card information or one of your friends has had their credit card information stolen.

You've probably also heard of criminals draining their victim's bank accounts after impersonating them.

To commit these crimes, criminals may collect some of the data about their victims from social media sites like Facebook and Twitter. Seemingly harmless information on these sites, such as your physical address, email address, birthday, pet's name, or high school that you went to may help criminals complete the security questions for your financial accounts if they've been able to partially compromise your accounts with other stolen information.

Your physical address and family routine may be of interest to thieves while your affiliation with the Navy and your hobbies may be valuable to intelligence organizations looking for ways to establish relationships with Navy personnel.

Finally, adversaries may use personal information they collect from social media to appear more legitimate in phishing emails.

By protecting your online personal information you can protect yourself from these types of exploits as well as protect the Navy's operational security and cybersecurity.

Phishing emails contain a malicious hyperlink and/or attached file. By clicking on the link, you may be directed to a fraudulent website that installs bad software on your computer or captures data you enter on the website. Opening the infected attachment can also install bad software on your computer. A phishing email may also just ask you directly for valuable information.

Spear phishing is a more selective form of phishing that targets victims by using personal information about them to build trust so they're more likely to click on the hyperlink or open the attached file.

Phishing has been, and will continue to be, a very effective way of breaching a computer's defenses. Once adversaries have compromised the Navy's defenses through a phishing exploit, they can move inside our networks to gather intelligence, steal data, and/or disrupt operations.

Our adversaries have already used phishing to target military networks.

How should you change your behavior so information you post to social media doesn't put yourself and the Navy at risk?

Things you should do:
* Customize your social media applications to be as secure as possible. The Smart Cards for Facebook, Google+, Twitter and other social media platforms at http://www.navy.mil/ah_online/OPSEC/smartcards.html explain how to do this.
* Verify all friend requests - don't trust people you don't know.
* Assume what you write on social media sites is permanent and will be made public.
* Before posting information, think about how it could expose you or the Navy to compromise.
* Use strong passwords so your accounts aren't hacked. One technique for doing this is to select the first letter of each word in an easily remembered phrase for the letters in your password. For example, "stand Navy down the field, sails set to the sky" would become "sNdtfsstts."

Things you should NOT do:
* Post personal information about yourself such as addresses, phone numbers, and schedules since your friends should already have this information.
* Post sensitive information.
* Use the same account name and password for multiple websites.
* Use your information when choosing answers to security questions for your accounts. Instead, use answers from a friend or make up the information.

What you share online can put yourself at risk, endanger the Navy's operational security, and make it easier for our adversaries to compromise the Navy's cybersecurity.