Social networking and media has become a part of nearly everyone’s life with sites such as Facebook.com, Twitter.com or Linkined.com. Having an online profile allows for easy communication among friends, family and business associates. The sites create an almost intranet feeling experience where nearly all needs of the user can be met without leaving the social site. While many people understand that the act of surfing the web has a threat of identity theft, these cyber hangouts create a false sense of security that everyone is on there for the same reason—for social contact.
Identity thieves are on the search for any useful identifying information about a perspective user. Social Security numbers, date of births, present mailing address and phone numbers are the prime information they are after. This information does not have to be obtained from the same source, as they may store it in a database while continuing to gather a user’s overall identity profile from multiple sites and sources. This information can be used to create a credit facility in the user’s name without their knowledge and then max it out leaving the user to deal with the mess. Other information that may not seem critical can be used for other purposes, such as answering security questions to financial institutions the user already has assets in or credit with. This information could be something as simple as the user’s dog’s name, the high school they attended or their mother’s maiden name.
Information can be obtained from users who have little to no privacy security features turned on, which allows anyone with a computer to take a glimpse into their personal lives.
Users should turn on the privacy features that restrict access to their information to only users and members that the profile owner knows and trusts with the access. Identity thieves have been known to create fake accounts and trying to befriend/follow/link to users in an attempt to by-pass the privacy features the users have set and begin viewing information on their profile. Do not accept an invite from someone that is unknown to the user no matter what his or her profile picture may look like. These fake account users may then send a message containing a link or file with the intent of infecting the computer with spyware and/or malware. The link may also direct the user to a phishing website that emulates another website that requires the user to enter their username and password into.
The phishing website will connect the user to their website and log them in while collecting their sign-in information along the way. Be sure to look at the top of the browser to confirm that the website’s address is the intended one. With the login information identity thieves can login and obtain all the information that the user has uploaded to the site either in the profile, inside of messages, or in notes. Users also tend to use the same passwords for multiple sites or passwords that are similar. Identity thieves will try to use this login information to access additional sites such as email accounts or to give their password cracking software an incredible head start.
Social websites, just like the rest of the Internet, is full of identity thieves that are on the lookout for easy targets. Be mindful of what information is divulged onto social sites and that every possible security measure be taken. Being informed and proactive about security threats can be just as important and effective as having security software. Couple an informed user with modern security software, and identity thieves are likely to move to the next potential target.