Limit Social Media Footprints: CRPF Tells Security Personnel

New Delhi: The Central Reserve Police Force (CRPF) has initiated a massive cybercrime awareness drive for its personnel, asking them to limit their social media footprints. The department has also asked the personnel to regularly review their privacy settings and make their posts, friend lists, and personal details visible only to trusted contacts.

CRPF is India’s largest Central Armed Police Force, with a total strength of around 300,000 personnel.

“Cybercriminals often gather small pieces of publicly available information such as birthdays, pet names, vacation plans, or work details to craft personalised phishing attacks, guess passwords, or even commit identity theft,” stated the Cyber BYTE, a monthly e-newsletter published by the Communication & IT Directorate of CRPF, in its latest edition.

Instinct become protector

A vigilant Head Constable of 182 Bn of CRPF was able to protect himself from the clutches of cyber fraud in November last year.

The victim received a message from Facebook Messenger from an individual falsely claiming to be a DIG, CRPF. Under this false identity, the caller informed the Head Constable that a Commandant was being posted to his location.

Shortly thereafter, a second individual, impersonating the said Commandant, called the Head Constable and stated that he had obtained the Head Constable's phone number from the DIG. The impersonator claimed that certain “official luggage” was being dispatched to the Head Constable's residence and demanded money under the pretext of parcel delivery and transportation charges. The Head Constable declined the request, citing a lack of funds.

The fake DIG again pressured the Head Constable via message, directing him to transfer at least Rs 20,000 immediately, assuring that the balance could be paid after 20 days. Following this, the impersonating “Commandant” contacted the Head Constable on WhatsApp and insisted that the amount be sent through Google Pay/PhonePe. Believing the request to be authentic, the Head Constable transferred Rs 20,000 and shared the transaction screenshot. He subsequently received a fabricated invoice carrying a forged CRPF logo and reflecting a remaining due amount of Rs 50,000.

At about 1500 hrs, the Head Constable received another WhatsApp call from the same fraudster, claiming that the luggage had been dispatched and pressuring him to pay an additional Rs 41,000 as “transport charges," with a false assurance of instant refund within 10 minutes. The Head Constable refused further payment.

Recognising the fraudulent activity, the Head Constable immediately informed his Company Commander, 182 Bn, and promptly lodged a complaint with the Cyber Crime authorities for necessary investigation and action.

“There are several such cases we register, where cyber fraud tries to siphon off money using their tactics,” said a senior official.

Aware of the cyber fraud trends, the Communication & IT Directorate of CRPF have suggested its personnel to adopt a three-pronged strategy to protect themselves from cyber fraud.

QR Codes Can Be Risky

Stating that QR codes can be risky because they hide their destination, it is suggested that to reduce risk, people should avoid scanning QR codes from unknown or suspicious sources.

“QR codes make it easy for attackers to direct users to phishing websites, malware downloads, or fake payment pages without obvious warning. Scammers often place malicious QR codes on posters, parking meters, menus, or even over legitimate codes, tricking people into entering personal information or financial details. Since users cannot see the full web address before scanning, it is harder to judge whether the link is trustworthy,” the newsletter suggested.

Limit Social Media Footprint

“Limiting your social media footprint is one of the most effective ways to protect your personal information and prevent cyberattacks. Cybercriminals often gather small pieces of publicly available information such as birthdays, pet names, vacation plans, or work details to craft personalised phishing attacks, guess passwords, or even commit identity theft,” it said.

Log Out at the End of the Day

It further suggested setting a daily reminder to log out before leaving work or shutting down the device.

“Logging out at the end of the day is an important security practice that helps protect sensitive information and systems from unauthorised access. Leaving accounts signed in, especially on shared or workplace devices, increases the risk of someone accessing data, sending messages, or making changes without permission. Logging out ensures that sessions are properly closed, reduces exposure to insider threats, and supports overall cybersecurity hygiene. Making it a daily habit to log out before leaving helps safeguard both personal and organisational information,” it said.

Talking to ETV Bharat, SS Kothiyal admitted that on many occasion security personnel become victims of cyber fraud.

“All the central paramilitary forces should organize massive awareness drive and a lecture session on cyber fraud for their personnel,” said Kothiyal who retired as inspector general of police (Border Security Force).

Our security personnel have their own Facebook, LinkedIn and other social media accounts, and in the majority of the cases, the fraudsters are found using such social media platforms to dupe people, said Kothiyal.