The Epidemic of Oversharing

Society is now conditioned to communicate both personally and professionally via social media. The intention behind social media platforms was to create an environment for users to share information, foster connection and creativity, and allow for the creation and promotion of user-generated content (UGC). One of the unintended consequences, however, was the birth of a new environment that allowed for bad actors – hackers, identity thieves, spies, violent criminals, and even terrorists – to gain access to your personal information. ?

The challenge, regardless the sophistication level of the bad actor, social media users. People are oversharers.

• 59% of people post photos and names of their child(ren). [1]
• 40% of people post about their hobbies and interests. [2]
• 38% of people post about birthday celebrations. [3]
• 30% of people post names and photos of pet(s). [4]
• 27% of people post names and photos of their partner. [5]
• 93% of people post about employment updates. [6]
• 36% of people post about their company, job, colleagues, boss, etc. [7]
• 32% of people post updates and photos during business trips. [8]
• 26% of people post information about their clients. [9]

Prior to social media, adversaries gathered human intelligence (HUMINT) through old fashioned, boots on the ground surveillance. In the digital age, social media has become the primary HUMINT reconnaissance tool. In broadcasting personal information, and sharing personally identifiable details about oneself and others, individuals are effectively creating virtual dossiers, teeing both themselves, their friends, family, and coworkers up to be exploited.

So, I ask that before you post something online, you reflect on these questions:

1. Why am I sharing this piece of content? (What are your motives behind sharing?)
2. Is this content necessary to share? (Is this better kept to yourself?)
3. Does it make more sense to share with a smaller audience via phone call, text, email, or in-person? (Maybe broadcasting to a big audience just isn’t necessary. Who are the key stakeholders who need to see the message? This goes back to your motivation behind sharing.)
4. Who is receiving whatever I am sharing? (Are your privacy settings up to date? Do you have ‘friends’ and ‘followers’ that you don’t know?)
5. What are the possible ramifications for sharing the content? (Think about any ramifications that the content you are sharing may have for you personally, professionally, as well on others around you.)?

These questions aren’t meant to turn you into a social media curmudgeon, but rather, create an internal check-and-balance against the epidemic, and subsequent consequences, of oversharing on social media.

In 2021 there were nearly 1.4 million reports of identity theft received by the Federal Trade Commission (FTC), and consumers reported losing over $5.8 billion to fraud overall in 2021, an over 70% increase from the previous year. [10] Social media was one of the leading causes for these rising numbers. The rate of social media account takeovers increased by more than 1,000% in a one year due to phishing attacks and identity-based scams, costing 27% of individuals and 87% businesses revenue losses. [11]

A Path Forward

In addition to being cautious with what we share online, and who we share it with, steps everyone can take to improve their digital posture include:

1. Reporting Impersonation: If you notice that you or someone else is being impersonated on social media, report the account in question to the appropriate platform immediately. Trust & Safety teams exist for a reason!
2. Implement Multi-factor Authentication (MFA): Passwords – even the most complex ones – are generally easy for bad actors to crack. It’s best practice to implement an MFA on all accounts where it is available. Implementing an MFA is a great way to maximize your security and ensure that you are the only one who gains access to your accounts.
3. Update Privacy Settings: Privacy settings allow you to control your personal information and how that information is used. Review and update your privacy settings on all accounts and restrict who can see what (i.e., friend lists, contact info, posts, photos, etc.).
4. Avoid the Unknown: Don’t engage with, click links from, friend, or follow anyone you do not know. Seems like a no-brainer, but easier said than done. Next time you add a ‘friend’ or ‘follower’ just for the sake of increasing your following, ask yourself, at what cost am I possibly doing this?
5. Activate Automatic Updates: Bad actors take advantage of security flaws in your systems to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect yourself and your data. These updates are sets of changes to apps, software, and operating systems that are automatically pushed by the developer to fix or improve it.
6. Report Suspicious Activity: Familiarize yourself with the Terms of Service (ToS) and Community Guidelines (CG) of each platform you are using. If you notice suspicious activity that is in violation of the ToS or CGs, report such behavior to the appropriate platform. Again, those Trust & Safety teams are there to investigate violative content. They can’t do their jobs if you don’t report!

While course-correcting oversharing behaviors in a culture known for its oversharing will be uphill battle it’s a worthy fight to combat identity-based crimes that begin on social media.

The views and opinions expressed are that of the author and not those of the FBI or any other U.S. government agency.

[1] Tessian. HOW TO HACK A HUMAN. Retrieved from https://f.hubspotusercontent20.net/hubfs/1670277/%5BCollateral%5D%20Tessian%20Research/%5BTessian%20Research%5D%20How%20to%20Hack%20a%20Human/%5BTessian%20Research%5D%20How%20to%20Hack%20a%20Human.pdf?__hstc=170273983.5a52778ae3ec548b43f13d9c6d234270.1657802751851.1657802751851.1657802751851.1&__hssc=170273983.1.1657802751851&__hsfp=3791126892

[2] Tessian. HOW TO HACK A HUMAN.

[3] Tessian. HOW TO HACK A HUMAN.

[4] Tessian. HOW TO HACK A HUMAN.

[5] Tessian. HOW TO HACK A HUMAN.

[6] Tessian. HOW TO HACK A HUMAN.

[7] Tessian. HOW TO HACK A HUMAN.

[8] Tessian. HOW TO HACK A HUMAN.

[9] Tessian. HOW TO HACK A HUMAN.

[10] Federal Trade Commission. NEW DATA SHOWS FTC RECEIVED 2.8 MILLION FRAUD REPORTS FROM CONSUMERS IN 2021. Retrieved from https://www.ftc.gov/news-events/news/press-releases/2022/02/new-data-shows-ftc-received-28-million-fraud-reports-consumers-2021-0

[11] Identity Resource Center. IDENTITY FRAUD TO AFFECT GENERATIONS DIFFERENTLY; THE IDENTITY THEFT RESOURCE CENTER’S 2023 PREDICTIONS SHOW SHIFT TO SOCIAL MEDIA ATTACKS & MORE SCAMS. Retrieved from https://www.idtheftcenter.org/post/identity-fraud-affect-generations-differently-identity-theft-resource-center-2023-predictions/