Identity Theft through Social Networking

Contributed by Kent Lewis, the President of Anvil Media, Inc.

Identity theft affects as many as 10 million Americans each year, costing victims an additional 300 million hours in identity recovery and repair. According to the FTC “Consumer Fraud and Identity Theft Complaint Data” report in February 2008, the losses to businesses and financial institutions total nearly 53 billion dollars annually.

This is caused by a combination of factors that include: a lack of consumer knowledge about protecting your identity online; growing comfort and trust in social platforms; the need for social platforms to generate revenue; and a lack of standards. These factors have all led to a tremendous potential for online theft and fraud.

Fueling the Fire
With limited government oversight, industry standards or incentives to educate users on security, privacy and protecting your identity, users are exposed to identity theft and fraud.

Crimes of Opportunity
While everyone should know by now never to share your social security number or driver’s license information, many social networking sites ask for, if not require, sensitive information that can be used against you in a variety of malicious ways. The following profile elements can be used to steal or otherwise misappropriate your identity:

  • Full name (particularly your middle name)
  • Date of birth (often required)
  • Home town
  • Relationship status
  • School locations and graduation dates
  • Pet names
  • Other affiliations, interests and hobbies

Horror Stories
You’re probably asking why sharing your pet’s name, high school graduation date and membership to the NRA with the public is a potentially dangerous move. Below are just a few examples of how this information can be used to compromise your identity:

  • Phishing attempts using this information can be used to gain trust in order to obtain non-public information through online conversations. A Portland company was recently attacked with false Better Business Bureau false complaints in order to obtain additional information about the company and its employees.
  • GPS-enabled phones sharing your location can reveal sensitive information like your home and work address.
  • Ninety-five percent of Facebook profiles have at least one application, many of which are not reviewed and can be used for malicious and criminal purposes.
  • False profiles can be used to fuel resume fraud or defamation of character. A Canadian reporter recently was defamed via a false profile that included misleading posts, poorly considered group memberships and intellectually inconsistent political positions.
  • An American soldier abroad in Iraq discovered his bank account was being repeatedly being accessed online and drained. A security expert was able to replicate access with nothing more than his name, e-mail and Facebook profile.
  • An IT professor and author used MySpace information to hack into a friend’s e-mail and bank accounts, as outlined in a Scientific American article and NPR story.

Best Practices
Before you jump online and cancel all of your social media accounts, consider that there are ways to be smart about what you share and who you share it with:

  • Never, ever give out your social security or driver’s license numbers.
  • Consider unique user names and passwords for each profile.
  • Vary your passwords and change them regularly.
  • Don’t give out your username and password to third parties.
  • Assuming you plan to be active in social media, minimize the use of personal information on your profiles that may be used for password verification or phishing attacks.
  • Avoid listing the following information publicly: date of birth, hometown, home address, year of high school or college graduation, and primary e-mail address.
  • Only invite people to your network that you know or have met, as opposed to friends of friends and strangers.
  • For password security verification questions, use a password for all answers (rather than the answer to “What is your mother’s maiden name?”).
  • When age-shifting to protect your real birthday, keep the date close to your real birthday; otherwise, you may expose yourself to age discrimination.
  • Watch where you post and what you say, as it can be used against you later.
  • Google yourself regularly and monitor your credit using the free annual report or monthly monitoring services.

Consumers need to be educated on the proper use of social media as it relates to protecting privacy and security. What’s more, social networks need to understand the impact of not addressing security and privacy issues. If the information becomes corrupted, it not only casts doubt on the social network, but on your real-life personality, too.

Categories: general


Leave a Comment

  • (will not be published)