WILMINGTON, N.C. (WECT) - While posting your high school senior picture or photos of your first car on Facebook may seem like a fun idea, the FBI wants to warn the public that posting this kind of information could led to fraud.
The FBI Charlotte said Monday that these kind of social media trends can reveal answers to very common password retrieval security questions.
This personal information could be used to reset account passwords and gain access to once-protected data and accounts.
“The high school support photo trend encourages users to share their high school photo to support the class of 2020,” the FBI Charlotte said in a news release. "Many people are including the name of their schools and mascots, and their graduation years. All three are answers to common password retrieval security questions.
“Other examples include posting a picture of your first car; answering questions about your best friend; providing the name of your first pet; identifying your first concert, favorite restaurant, or favorite teacher; and tagging your mother, which may reveal her maiden name.”
The FBI is encouraging the public to check their security settings and to enable two-factor or multi-factor authentication when available.
Here is more from the FBI:
There are three categories of credentials: something you know; something you have; and something you are.
- Something you know is your password or a set PIN you use to access an account. The PIN does not typically change.
- Something you have is a security token or app that provides a randomly generated number that rotates frequently. The token provider confirms that you—and only you—know that number. “Something you have” can include verification texts, emails, or calls that you must respond to before accessing an account.
- Something you are includes fingerprints, facial recognition, or voice recognition. This category of credentialing sounds a bit unnerving—but think about how you unlocked your smart phone this morning. You probably have used your fingerprints or face several times today just to check your email.
Multi-factor authentication is required by some providers, but is optional for others. If given the choice, take advantage of multi-factor authentication whenever possible, but especially when accessing your most sensitive personal data, including your primary email account, and your financial and health records.
