Without a doubt, the growth of social networking has exploded in recent years and has added value to the Internet by providing yet another exciting way for citizens all over the world to connect and interact. In fact, social networks like Facebook, MySpace, Twitter, LinkedIn and many smaller sites have become the preferred way many people communicate today as well as a growing business development tool.
However, the use of social networks has also provided a new — and sometimes surprisingly easy — way for identity thieves and other cybercriminals to obtain critical personal, biographical and even proprietary information that can assist cybercriminals in conducting a wide range of crimes — including identity theft.
Facebook, MySpace and LinkedIn all encourage users to provide personal information such as name, address, sex, birth date, schools attended, birthplace and interests. This information can be shared with “friends” or with the public at large.
These details can provide the crucial information identity thieves need to misrepresent themselves as you. The more information that is included, the easier it is for a fraudster to fill in the blanks. Think of it like algebra. The more factors one has, the easier it is to solve for the missing variables.
A More Personal Attack
While Twitter’s 140-character mini-blogs don’t leave much room to provide critical personal information, a patient “follower” can easily string together tidbits of personal information a “tweeter” might provide over the course of numerous posts. In combination with other personal and biographical information that is often readily available about all of us, the identity thief can use social networks to contact someone via one of the sites, request to be part of the target’s group (e.g., a friend on Facebook), and then simply request or obtain other information needed to take over the identity of the victim.
By getting this information, the identity thief can use it in targeted phishing attacks. Rather than sending out a blind invitation, like “go to this link for an amazing money-making opportunity,” the identity thief can invite a “friend” with wording like “I know you just lost your job” or, “I know you are looking for money for college” (information social networking users often post), then invite the person to look at a “business opportunity,” which then requests other personal information in order to take advantage of the bogus offer.
The issue of identity thieves and cybercriminals using social networks to steal personal and biographical information has become critical enough that the Federal Trade Commission has issued warnings to children, parents and others about the proper use of social networking.
“Social networking sites have added a new factor to the ‘friends of friends’ equation,” according to the FTC. “By providing information about yourself and using blogs, chat rooms, e-mail, or instant messaging, you can communicate, either within a limited community, or with the world at large. But while the sites can increase your circle of friends, they also can increase your exposure to people who have less-than-friendly intentions.”
Tips and Pointers
The FTC suggests these tips for safe social networking:
- Think about how different sites work before deciding to join a site. Some sites will allow only a defined community of users to access posted content; others allow anyone and everyone to view postings.
- Think about keeping some control over the information you post. Consider restricting access to your page to a select group of people — for example, your friends from school, your club, your team, your community groups, or your family.
- Keep your information to yourself. Don’t post your full name, Social Security number, address, phone number, or bank and credit card account numbers — and don’t post other people’s information, either. Be cautious about posting information that could be used to identify you or locate you offline. This could include the name of your school, sports team, clubs, and where you work or hang out.
- Make sure your screen name doesn’t say too much about you. Don’t use your name, your age, or your hometown. Even if you think your screen name makes you anonymous, it doesn’t take a genius to combine clues to figure out who you are and where you can be found.
- Post only information that you are comfortable with others seeing — and knowing — about you. Many people can see your page, including your relatives, your teachers, the police, the college you might want to apply to next year, or the job you might want to apply for in five years.
- Remember that once you post information online, you can’t take it back. Even if you delete the information from a site, older versions exist on other people’s computers.
- Consider not posting your photo. It can be altered and broadcast in ways you may not be happy about. If you do post one, ask yourself whether it’s one your mom would display in the living room.
- Flirting with strangers online could have serious consequences. Because some people lie about who they really are, you never really know who you’re dealing with.
- Be wary if a new online friend wants to meet you in person. Before you decide to meet someone, do your research: Ask whether any of your friends know the person, and see what background you can dig up through online search engines. If you decide to meet them, be smart about it: Meet in a public place, during the day, with friends you trust.
- Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, tell an adult you trust and report it to the police and the social networking site. You could end up preventing someone else from becoming a victim.
Bottom line: The advent of social networking is a new and exciting way to communicate with friends, acquaintances and business associates around the world. By practicing safe social networking techniques, the possibility of identity theft or other harms can be reduced and the experience can be exceptionally rewarding.
Rob Douglas is an identity theft consultant and the editor of IdentityTheft.info, an informational Web site about identity theft.