Updated December 9 with details of a second FBI warning alongside comments and advice from a cybersecurity expert regarding the photo-based attacks currently targeting social media users.
There has been no shortage of cybersecurity-related public service advisories from the Federal Bureau of Investigation over the last few weeks, with the holiday season firmly upon us. From retail brand impersonation scams, cash-stealing malware that can empty your bank account, and even fake Feds compromising passwords. But the latest, published December 5, has to be the most insidious and disconcerting yet. Here’s the social media photo attack that the FBI has warned all citizens to take steps to mitigate against.
Altered Social Media Photos Used In Attacks, The FBI Has Confirmed
While we the media, at least the part most interested in the consumer cybersecurity sector, have a tendency to focus headlines on things such as password compromise and Windows security updates, the breadth of attack types and sheer depth of depravity to which cybercriminals turn are almost endless. If ever there was a reminder of this, then the FBI public service alert I-120525 is it.
Criminals are “altering photos found on social media or other publicly available sites to use as fake proof of life photos in virtual kidnapping for ransom scams,” the FBI has now confirmed.
Such virtual kidnapping is not, in and of itself, new. However, the now ubiquitous nature of social media networks, whether in the form of Facebook, LinkedIn, X, or others, has escalated the threat to a point where the FBI has felt the need to issue a critical warning for every citizen.
The threats actors will, the FBI said, contact people through messaging that claims a loved one has been kidnapped, and include “seemingly real photos or videos of victims along with demands for ransom payments.”
Leveraging threats of harm, significant claims of violence are the precise words used in the FBI PSA, an immediate payment is demanded and hence the pressure piles on. “Criminal actors will sometimes purposefully send these photos using timed message features,” the FBI warned, “to limit the amount of time victims have to analyze the images.”
Second FBI Cybersecurity Warning In As Many Days – What You Need To Know
The FBI has now issued a second cybersecurity public service advisory, described as a national warning to all U.S. citizens. The December 8 PSA stated that cyber threat actors are “increasingly use pressure tactics and artificial intelligence to defraud Americans out of their hard-earned money,” warning that everyone must “protect themselves and their families from fraud this holiday season.” The particular threat is a lot more commonplace, and one would hope familiar, to anyone reading this: phishing scams.
“If you feel pressured to act fast, pay money, or turn over personal information, take a beat,” FBI Director Kash Patel said, adding that the public should “stop and assess if what you’re being told is real.” A different cyber threat, but the same advice applies as it does to the virtual kidnapping attacks using social media photos as leverage. Question everything, especially where urgency is being applied to give you an itchy clicker finger.
FBI Issues Social Media Photo And Virtual Kidnap Attack Mitigation Advice
“Scammers rely on panic,” Pieter Arntz, a malware intelligence researcher at Malwarebytes, confirmed, adding that “they push tight deadlines, threaten violence, and try to force split-second decisions.” Arntz called this, quite aptly, “emotional pressure,” and it is front and center in the social engineering attack playbook.
FBI Issues Social Media Photo And Virtual Kidnap Attack Mitigation Advice
The FBI has recommended the following actions to mitigate falling victim to such a virtual kidnap scam:
- When posting missing person information online, be mindful that scammers may contact you with fake information regarding your loved one.
- Avoid providing personal information to strangers while traveling.
- Establish a code word only you or your loved ones know that you can use to communicate.
- Stop and think; do the kidnapper’s claims make sense?
- Always attempt to contact your loved one before considering paying any ransom demand.
