Social Networking Sites and Identity Theft

Posted on Tuesday 16 March 2010

As I am a member of some social networking sites and have a fairly high on-line presence, I thought I’d write a bit about security and social network sites.

A lot of social networking sites, like Facebook, MySpace, LinkedIn and such have a fair amount of personal information about anyone who is a member. This can lead to problems with identity theft if you’re not careful.

For instance, there are five or six basic pieces of information an identity thief needs to steal your identity. They are: your name, your birthdate, your address, your Social Security Number, your phone number and some personal information about you.

Your name is usually pretty readily available on most social networking sites.

Your address is often available via a simple internet search or through a phone directory listing. As is your phone number.

On many social networking sites, your birthday, if not complete birthdate is readily available.

Your Social Security Number is hopefully something you’re a bit more careful with.  I’d point out that many organizations use this as an identifier, when they really have no need to have it, and no real right to demand it from you.  However, many people give out their Social Security Number because it has become somewhat of a universal identifier.

If you are in the habit of giving out your Social Security Number, please stop doing so. And if any organization asks you for it, ask them why they need it. If they do not have a good reason for collecting it, don’t give it out.

Some legitimate uses for it are for government organizations, like the Department of Labor or the Internal Revenue Service require it.  Banks and other financial institutions, including insurance companies and investment banks, require it for tax and credit checking purposes. Employers require it for tax purposes.

The personal information about you that may be very important, although it does not seem it are things like:

  • Where you were born?
  • What is your mother’s maiden name?
  • Where you lived as a child?
  • What was your first pet’s name?
  • What elementary school you went to?

The reason is simple—these are often the answers to the security questions that financial institutions ask you to verify your identity.  The more of these you give out—the more vulnerable you are to identity theft.

One common method identity thieves use to gather this type of information is to setup on-line quizzes and games, like friendship quizzes and IQ tests, that gather this information in a relatively innocuous setting. By automating this type of information gathering over the internet, identity thieves can reduce the amount of work they actually have to do.

It is a lot like those Nigerian President e-mails you get as spam.  They send them out by the millions, so if only one-hundredth of a percent respond and fall for it, they stand to make a lot of money.

What precautions can you take?

First, when dealing with a financial institution, don’t answer these questions with the actual answers.  You should use answers that are specific for each account or financial institution.  There is no requirement that you answer these questions with the actual answers… just that when they ask you for the answer, your answer match whatever they have on file.

While this does take a bit more work on your part, but it does greatly reduce the risk that someone will be able to answer the security questions correctly.  If you need help remembering the various questions and answers, there are some very good password vault applications available for your cell phone, laptop or PDA.

Second, consider getting a disposable phone number for general use.  A good example of a disposable phone number is to get a MagicJack or Vonage phone number.  Use this number as your public number, and setup the voice mail on it.  Check the voicemail regularly.  This is also a good way to protect your cell phone number from being published in marketing databases. Vonage is nice because they will send you an e-mail with the voicemail message included as an attachment. MagicJack is nice because you can get the number for six years or so for about $100, which is far less expensive than almost any other way of getting a phone number.

Third, consider getting a PO Box for your financial related bills and using that address strictly for them. One common gambit many identity thieves use is to steal your mail and get the account information that way.  By having the mail go to a PO Box, you reduce the risk of theft from an unattended mail box.

Fourth, check your credit records annually.  If you see anything you don’t recognize, follow up on it immediately. Also, if you’ve been a victim of identity theft, you can have your identity flagged and request that the credit bureaus notify you before releasing any credit history or information.

Fifth, don’t ever click on a link inside an e-mail from your bank, financial institution or any other on-line account.  In most e-mail programs, you can look at the raw source of the e-mail, and in most of the ones that allegedly come from your bank saying your account has a problem will have a bogus URL for the bank link you click on.  If you get an e-mail from an institution you have an account at, either call them or go to the webpage by typing the URL into the browser address bar.  This avoids the possibility of a bogus url.

Just remember, most institutions will never ask you for your account number or password in an e-mail.  If you have even the remotest doubt about an e-mail, call the institution in question.  Checking the raw source of the e-mail will often reveal the truth of its legitimacy.

Until this country puts the burden of proof in identity theft cases where it belongs, on the financial institution, you really need to take as many precautions as you can to protect yourself.  Once your identity is stolen, you will have years of problems dealing with the fallout from it.  I’ve written on this topic before, and would recommend you read what I’ve written on data security and identity theft.

How to reduce identity theft

I’d point out that a majority of the identity theft in this country are crimes of opportunity that are only feasible by the very loose credit application process that banks use.  They send credit card applications out by the thousands, and most of these are accepted with no real verification that the person who actually applied is the one who is on the form.

This type of identity theft could be eliminated by a simple change in the credit application process. If all financial institutions were required to have a notarized fingerprint on all applications for credit, accounts, or loans, a majority of the identity theft problems would disappear.  This would reduce identity theft in large part by making it too complex and laborious a process for the opportunistic identity thief.

The reason I say this is simple—if someone opened an account in my name and defrauded the bank and the bank came after me for the account balance—all I would have to do is ask the bank for the fingerprint on the application.  If the fingerprint on the application doesn’t match, the bank has obviously failed to do its due diligence and should be forced to eat their losses or find the criminal actually responsible for the crime.

Most low-level identity thieves do not have the resources to corrupt a notary public.  And if a notarized fingerprint is required, the aid of a notary republic or forging the notarization would be required. This is far more effort than most low-level opportunistic identity thieves are probably willing to go through, especially since they would need to recruit a patsy to fingerprint the application.

This would leave the FBI and other law enforcement much more time to deal with the more serious forms of identity theft.  It would also place the burden of proof and responsibility back on the financial institutions, which is where it belongs in the first place.  After all, if you were going to lend someone thousands of dollars, either as a credit line or in the form of a loan—you would be an idiot if you didn’t actually check to see that the person you gave the money to was actually the person whose identity was used to apply for the money.

1 Comment for 'Social Networking Sites and Identity Theft'

    March 21, 2010 | 6:09 pm

    Hi Dan,

    I found a review/setup instructions that you did on the Nanosation2 a while ago and I wanted to see if you can give me some more help. We actually have a mutual friend, Teresa aboard Daphne. We sailed with her down the SE coast of the US this fall.

    On to the Nanostation2. First of all, we have a Mac. I set everything up as you said and can only “connect” sometimes. Funny, I am online right now using my internal wireless thingy with a decent signal. When I hook up the Nanostation2, it will say it is connected with a strong signal, well into the blue but will not bring up any web pages. We use firefox as our main browser.

    Is this a Mac problem? If you are able to help me, I would greatly appreciate it. Right now we are in the Bahamas, heading from George Town tomorrow morning to Conception Island. I do not expect to have a signal for more than a week after tonight.

    Thanks for your time!

    Great Blog,
    s/v Anastasia

Leave a comment



Information for comment users
Line and paragraph breaks are implemented automatically. Your e-mail address is never displayed. Please consider what you're posting.

All comments are subject to review and approval
before being posted on this site.

Use the buttons below to customise your comment.

RSS feed for comments on this post | TrackBack URI