Social Networking Sites: A Haven for Identity Thieves

by Lomit Patel


Social networking sites like MySpace.com and Facebook.com encourage members to meet new people, share pictures and information, and interact with others in online communities.

However, while social networking sites present many opportunities for members to connect with others on both a personal and business level, they also expose users to people who may have bad intentions, including identity thieves and other cybercriminals.

Bernadette Auert, a 34-year-old administrative assistant, says that she would never open links from spam e-mails or respond to offers in pop-up windows. She uses smart passwords and takes every precaution to protect her financial information when shopping and banking online.



But, like millions of other social networking users, she admits that she lets her guard down when she logs into MySpace.com.

Most people exercise great caution when it comes to revealing personal information in a public place or when surfing online, but don't think twice before posting all kinds of intimate information on social networking sites.

Research conducted by the National Cyber Security Alliance (NCSA) reveals that a whopping 74 percent of social networking users divulge personal information, such as their e-mail address, name and birthday.

Not only do they reveal this potentially harmful information, but they also engage in other risky behaviors, such as downloading files and responding to unsolicited e-mails from fellow members.

NCSA research shows that 83 percent download unknown files from other people's profiles -- an action that could lead to identity theft, computer spyware, viruses and other risks.

Unfortunately, cybercriminals are counting on this lack of caution, as they target the millions of users that frequent social networking sites. Because people reveal personal information on these sites, it is easy for cybercriminals to look at user profiles and use the information they find to customize their attacks.

These targeted phishing attacks are known as "spear phishing", and social networking sites present unprecedented opportunities for these scams. For example, a spear phisher may pose as one of your social networking contacts or friends to create phony messages designed to trick you into revealing more personal data, such as your credit card or phone number.

Auert experienced such an attack when a phisher, posing as one of her friends, sent her a link to a photo. Without hesitation, she clicked on the link and was directed to a site that asked for her logon information and email address.

Fortunately, she noticed that the address bar did not read "MySpace.com" and closed it immediately. If she had provided this information, the phisher could have gained access to all kinds of information from her MySpace.com account.

According to Ron Texeria, executive director of NCSA, social networking users need to understand that sharing personal data may make them targets for online attacks. If a malicious person obtains your social security number, name and birthday, he or she may have enough information to hack into your financial records and compromise your personal information.

Using information that you offer about your home, hobbies, interests, and friends, a cybercriminal could impersonate a trusted friend or convince you that they have the authority to request personal or financial data.

Fortunately, you can minimize their risks of becoming victim by understanding the potential dangers of these sites. Here are a few simple rules to follow when socializing online:

• Beware of scammers. Criminals scan social networking sites to find potential victims for customized scams, from phony lotteries to illegitimate business opportunities to fake high school reunions. Consider restricting access to your page to a select group of people and setting your profile to private to prevent uninvited members from viewing your personal information.

• Exercise caution when clicking on links or downloading files. Scam artists often post links to infected ad banners in their profiles. Avoid opening links or downloads from strangers, and never enter your password or account number unless you've verified the site's authenticity. When in doubt, always call the site owner to confirm.

• Protect your personal information. Identity thieves can easily find enough photos and personal information on social networking sites to steal your identity. Avoid posting your full name, financial data, social security number, street address, birth date, and phone number.

• Be proactive in your efforts to thwart identity thieves. Adding a "Credit Freeze" or "Fraud Alert" on your credit report at the three major credit bureaus can help you avoid identity theft. This stops identity thieves in their tracks by locking your credit down and preventing lenders from offering new credit in your name unless they verify your identity via phone or e-mail. You can also conduct a free search on StolenID Search to see if your data has been compromised.

Social networking sites provide great opportunities for people to meet and share experiences. But with this freedom comes a level of risk and the need to exercise caution. By using your best judgment and following these safety tips, you'll enjoy the benefits of social networking and avoid the costly risks.