Be Cautiously Sociable on Social Networking Sites

by Glenn Harrison

Innocent online chats, blogs, videos, and other interactions are like breadcrumbs that identity thieves can follow to the feast. That makes social networking sites such as Twitter and Facebook a 24-hour buffet. The thieves will keep coming back for more, as long as most Americans continue to ignore some simple precautions.

According to a 2012 Javelin Strategy & Research study, one conspicuous example is that 45% of people who did not have private profiles posted their email address and complete birth date on social networking sites. Sixty-eight percent posted just the month and day. And these are adults, remember, not the stereotypical trusting teens many of us think of as the social networking demographic. In fact, 63% of social network users are adults.

Other dangerous things to post on social media are the high school you graduated from; relatives', children's, and pets' names; telephone numbers; home addresses; and your mother's maiden name.

Why be vigilant among "friends"?

Why do social networkers break such obvious security taboos? Perhaps it's the curious mix of familiarity and anonymity on the Web.

Facebook and the like have added a new dimension to friendship. People from across the world talk, share photos, videos, and music, and introduce one another to an exponentially growing list of real and virtual acquaintances—often using unprotected wireless devices.

Identity thieves thrive in this environment.

Any unknown file you download may contain a Trojan horse, a program disguised as something worthwhile that actually is intended to harm your computer. Some of these programs open a backdoor to your computer, through which a thief can extract key personal information such as your Social Security number, credit union and bank account numbers, passwords, and the like.

Information you share on blogs also can open doors for thieves. For example:You mention on your blog that you're going on vacation for 10 days. Seems innocuous, right? But sleuths can combine that with information on your profile, such as your first name, hometown, and photo. Blog entries by people on your "friends" list also can contain clues about where you live.

In 10 minutes or less, the thief could have your address. If the thief is targeting nearby victims, he or she could have easy access to your mailbox for 10 days—a potential treasure trove of account numbers, credit card offers to activate, and more.

Welcome to phishing and pharming paradise

While studies show that most ID theft occurs when thieves get information by stealing from mailboxes or trash, be smart online. If you get an unsolicited email asking for money, requesting account information, or anything else that seems "phishy," don't answer it.

Returning a phishing email or clicking on a link or attachment dramatically increases the chances that the phisher will succeed, and that you'll be phished again and again.

Social networking sites also are fertile ground for "pharming," mimicking a legitimate website that requires users to enter personal information. For example, say you're browsing Facebook and you click on a link to see someone's photos. A pop-up appears, telling you to sign in. You do it without thinking, even though you're already signed in. But the pop-up was bogus. Now an identity thief has your email address—because that's your user ID—and your password.

According to a 2011 National Cyber Security Alliance (NCSA) study, 37% of adults use the same password for all of their online accounts.

Other pharming sites you encounter by clicking on links within social networking sites may appear to be legitimate e-tailers offering incredible deals—just enter your credit card number and...you can guess where it ends up.

Five steps to protect your identity online

Identity theft can be devastating. Your credit score and history can be trashed for years, severely limiting your ability to get affordable credit. Stores may stop accepting your checks. You can spend hundreds of hours to set your record straight. Authorities may come after you by mistake.

In short, your financial identity is worth protecting, and you must be especially vigilant if you're active on social networking sites or posting your résumé online.

Start with these precautions:

1. Assume that everything you post on social networking sites will be visible to everyone: your family, your boss, police, college admissions staff, neighbors, predators, and thieves. And don't assume they won't know it's you—at the very least, adjust your profile so your blogs and other materials are available only to "friends" to whom you grant access. That doesn't guarantee security, but it's a start.
   You tell a friend on Facebook that you're going on vacation for 10 days. Innocuous?

2. Don't click on links or attachments in emails unless you know what they are and who sent them. If you get unsolicited email asking for personal data such as your Social Security number or financial account numbers—for any reason—report it to fraud.org. The Federal Trade Commission's identity theft website also has useful information.

3. Use only trusted, secure websites when you enter sensitive personal information online. Rather than cut and paste links from emails, type the Web address in your browser directly. Once there, look for "https" in the URL and a locked-padlock icon in the frame of your browser window.

4. Use a spam filter, virus scanner, and firewall on your computer, and keep them updated. If you work from a wireless router, secure it with a password.

5. Know what your children are doing online. If they are active on social networking sites, visit their sites regularly to see what's going on, and insist that they guard their identities and restrict access to anything that contains personal information.

Published May 28, 2007, Reviewed August 2, 2012

Tweet

  Home & Family Finance® Resource Center
  Copyright © 1997-2013 Credit Union National Association Inc.