A geotag is a tag on a social media post or story that shows your geographical location. These are most widely used on Twitter, Instagram and Facebook. Often when people upload a post, they don’t think twice about tagging their location, it’s simply part of the process. We’ve all seen people uploading Facebook status’ when they’re on holiday, detailing exactly what airport they’re flying from and to. This may seem harmless, and most of the time it is, but if a cyber criminal is targeting you or your business, a simple geotag could lead to an extremely dangerous security breach.
Why is geotagging unsafe?
As suggested by IT support and technology experts from Netstar, simple geotag gives cyber criminals the information they need to work out where you are, what you’re doing, and when the best time to strike is. Through social media, they can learn your daily routine and whereabouts, making you extremely vulnerable to a cyber-attack. This may seem extreme, but it’s not as rare as you might think. In 2016 Kim Kardashian was tied up and robbed at gunpoint, all because a social media post advertised her expensive jewellery and a simple geotag led attackers to her location.
In recent years, targeted cyber-attacks have become extremely common, and scammers are no longer only sending out mass, generic scams. Although a targeted attack requires more time and effort, scammers can acquire more detailed, accurate data on individuals and businesses, which increases the chances of the scams paying off. Scammers can find a surprising amount out through social media and online research. They often target CEOs, Directors, Managers, or members of the finance team as these people will have the authority to handle financial aspects of the business.
CEO phishing is a popular email scam, used by scammers to infiltrate businesses for financial gain. Scammers will pose as Directors or CEO’s, replicating email addresses and sending emails pretending to be out of the office asking employees to complete tasks for them. These are often aimed at finance departments, where scammers will ask employees to transfer large amounts of money into their bank accounts. These scams often have an element of urgency, which encourages employees to complete the task. The effectiveness of CEO phishing is improved massively if the CEO in question is actually out of the office, as it makes the scam more believable. Therefore, cyber criminals can target specific CEOs, sending out CEO phishing scams when they know they’re out of the office, information that they can gain from geotagged social media posts.
It’s important to note that making your social media accounts private won’t necessarily protect your personal information from scammers. If you are being targeted by a cyber criminal, they will likely create realistic-looking fake accounts, posing as friends or acquaintances. Ask yourself, is everybody on your friends list really your friend? Hence, further measures need to be taken to protect yourself on social media and restraining from geotagging is one of them!
Geotagging on Facebook
Facebook is the most widely used social media platform, with 1.69 billion users as of 2020, which is why you should be extra careful.
Facebook’s name for geotagging is “checking in”. If you’ve ever checked in to a restaurant, bar, hotel, amusement park, etc. you’ve geotagged your Facebook post. Whenever you add a new post or image, you will have the option to check-in. Once you’ve checked in somewhere, you’ll automatically geotag all future posts to that same location. To stop this, you need to click the “x” on the location that appears as you’re composing your post. We would advise not to geotag your posts in the first instance, due to the information outlined above. But if you are worried about previously posted geotagged posts, you can go back and edit older posts, removing the location and geotag to keep yourself safe.
Geotagging on Instagram
Geotagging on Instagram is a lot like geotagging on Facebook. You choose to manually geotag your images whilst you’re composing your post and can edit older posts to remove geotags. Once a post is geotagged, you can even view the location on a map – exposing exactly where you were when the photo was taken!
Even more dangerously, Instagram Stories is an extremely popular feature that allows for geotags. Instagram Stories are images or videos that last 24 hours and are visible to all of your followers (or to everyone depending on your privacy settings). Geotagging your story could be even riskier, as it gives viewers real-time information on your whereabouts. For example, if a cyber criminal was tracking a CEO with a view to carrying out a CEO phishing scam, they could easily find out when that CEO was out of the office and implement the scam at this time. Facebook and Snapchat also have very similar Story functions, so watch out for this on those platforms too.
Geotagging on Twitter
Twitter is the only social network that automatically geotags your posts. The geotags appear on posts as a small map icon in the corner of a tweet. The location of the tag is usually quite vague, tagging a town or city as opposed to a specific coffee shop or restaurant. However, if you are abroad when posting, scammers will know that you’re away from your office and home and could use this information to target you.
To turn off automatic geotagging got to: Settings > Security & Privacy and untick “Tweet location – Add a location to my Tweets”.
You can also remove old location information from Tweets by clicking “Delete location information” on the same page.
In summary, London based technology experts Netstar, recommend never geotagging your social posts without good reason. If you’re attending an industry event that you want to advertise or promote via social media, then this could be a good opportunity to use a geotag. But before advertising your location, you need to consider whether it’s safe and secure to do so. If a cyber criminal could use your geotag as information to target you, don’t take the risk.