Because you must divulge some level of personal information in order to use and fully benefit from social networking sites, the risk of identity theft exists for people who use them. Below are some of the ways that you might put yourself at risk of identity theft:
- Using low privacy or no privacy settings
- Accepting invitations to connect from unfamiliar persons or contacts
- Downloading free applications for use on your profile
- Giving your password or other account details to people you know
- Participating in quizzes (e.g. How well do you know me?) which may require you to divulge a lot of personal information
- Clicking on links that lead you to other websites, even if the link was sent to you by a friend or posted on your friend’s profile
- Falling for email scams (phishing) that ask you to update your social networking profiles
- Using no or out-of-date security software to prevent malicious software from being loaded onto your computer and stealing personal information
Here are some examples of how people may become victims of identity theft through social networking sites:
Example 1: A man receives a message from one of his friends which has a link to a funny video, so he clicks on it. The link does not bring up a video. The friend’s profile had been hacked, and now a form of malicious software is being downloaded onto the man’s computer as a result of him clicking the link. This software is designed to open a way for an identity thief to take personal information from the man’s system. It additionally sends a similar email to everybody he is connected with on his profile, asking them to “view the video”. Downloading free applications and software can be sources of this type of malicious software, too.
Example 2: Someone has hacked a woman’s social networking profile to harass her and sabotage her online reputation. They are posting embarrassing photos and rude comments on her profile. These photos and comments appear to be from her and are directed to her network of contacts, when in fact they are not. Although she has used the highest level of privacy settings, she has shared too much information online with others. Someone used her posted information to fraudulently access her profile. Always remember, that even though your profile may be set to “private”, treat everything you post online as public.
Example 3: Cybercriminals sometimes will create a page that looks just like the introductory page to a favorite social networking site. This page will ask you to re-enter your password. These criminals will get you to this page from a link in an email or private message or public post with a link to a fraudulent site. If you are already logged in to a networking site and then asked to log in again, be aware that it is a red flag and it is probably a scam designed to make you divulge a lot of personal information to someone with bad intentions.
How to Protect Yourself
- Use the least amount of information necessary to register for and use the site. Use a nickname or handle (although this is not possible with certain sites).
- Create a strong password and change it often. Use a mix of upper and lower case letters, numbers, and characters that are not connected to your personal information (such as birthdates, addresses, last names, etc.).
- Use the highest level privacy settings that the site allows. Do not accept default settings.
- Be wise about what you post. Do not announce when you will be leaving town. Other things you should never post publicly: your address, phone number, driver’s license number, Social Security number (SSN), student ID number and even your hometown. Thieves can figure out your Social Security number by what town you were born in and what year. It’s OK to post what year or how old you are, but with this information combined with where you were born, they can figure out your SSN.
- Read privacy and security policies closely – know what you’re getting into. Some major social networking sites actually say they will use or sell information about you (not individual data necessarily, but aggregate information based on your personal information and that of others using their site) in order to display advertising or other information they believe might be useful to you.
- Verify emails and links in emails you supposedly get from your social networking site (e.g. the recent Facebook scam emails that asked customers to re-set their passwords). These are often designed to gain access to your user name, password, and ultimately your personal information.
Social networking has become a large part of most people’s lives and it shows no signs of stopping. However, most sites are considered “use at your own risk”, so be sure to follow the above guidelines to keep yourself safe.