Remember those days when you would run excited to get the mail hoping you got something interesting? Then, remember the days when you checked your email several times a day hoping someone sent you a message or that something interested was in the Inbox? Now, do you run to the mailbox to see if you got something interesting because the thought of opening all that email is too daunting and you really just want to put it off as long as possible?

 Well, I bet you would not be excited if you knew that a letter in the mailbox had a return address of “OPM Notifications, Washington DC” on it. I can tell you from experience, I’d rather have the spam. At least I know what to do with that.

Facebook is trying to help those who may have been affected by that Office of Personnel and Management (OPM) breach of a few months ago. It is providing a service that will notify you if it suspects you are a target of nation-state sponsored attackers. If it believes you are in this category, a notification will pop up on your screen advising you to turn on multi-factor authentication for your Facebook and other social media accounts.

It is called “Login Approvals” and can be activated in the security settings of your Facebook profile. It will then require you to add a code that is sent to your mobile phone via text before it will authenticate your login credentials for any new device. It’s a bit more secure than the “Login Notifications” that will notify you of a login from an unrecognized device, but without the extra code.

If you do get such a message from Facebook, or Google who has been doing something similar for several years, pay attention and use extra caution when participating in social media. Don’t post information that is personal or confidential or that may give a nation-state additional information that can be used against you, or your employer. Consider if it’s necessary to post your vacation plans or your business meeting location. Even if it doesn’t seem like a big deal, someone could use the information to send spam containing malware to your contacts and make the message more believable.

What do you do with the spam? Well first, it’s worthwhile to know that spear-phishing is a form of phishing that targets specific people or industries, particularly government and financial. It is big business these days and the OPM breach potentially makes it easier for nation-state sponsored cybercriminals to get desired information. So, always use caution when opening attachments or clicking links in email messages, regardless of the sender. If you are not sure if it’s safe, contact the sender by phone and verify before taking any action.

If you are authorized to make money transfers on behalf of your company, make sure you confirm any requests. Even if an executive begs you to do the transfer in a very convincing email message, always confirm with a phone call before sending money. It isn’t difficult for a phisher to make an email message look like it came from that executive.

Of course, always use unique login credentials for every online site you log into; especially social media. If one of your accounts gets compromised, you sure don’t want all of the others to be as well. Make sure the passwords are at least eight characters, use upper and lower case letters, a number or more, and a special character or a few.

You might wonder why adding an extra layer of security to your Facebook account will help if you are targeted by nation-state actors.  Well, it’s always a good idea to add more layers of security when being online. However, a criminal of this type targets victims for specific reasons and while you think no one could possibly be interested in you, they may be and they may be more interested in your connections.

If these nation-state sponsored cybercriminals are not interested in you, some other cybercriminal may be, so add layers of security wherever you can.

Copyright 2018,