“Facebook is being used to gather intelligence to crack the code of a password reset,” said Robert Siciliano, a Boston-based identity theft expert and McAfee consultant.
The National Foundation for Credit Counseling warns that social media accounts can be ground zero for identity thieves.
Seemingly innocuous information like your birthday, where you went to elementary school or your pet’s name can be a gold mine for identity thieves.
Palin’s Yahoo! e-mail account was breached in 2008 after the hacker reset her password by getting answers to personal questions via Wikipedia and a Google search.
For example, when you open an online banking account, you’ll give answers to security questions the bank will ask should you forget your password. Queries like where you met your wife, your high school, your place of birth.
Ironically, picking off that information on Facebook is legal, and certainly not as exhaustive or dirty as rifling through somebody’s trash can.
In a sense, the computer has become the virtual trash can for identity thieves:
“Even listing daily activities can let strangers know your routine and put you at risk,” National Foundation for Credit Counseling spokeswoman Gail Cunningham said. “In other words, if you’re too revealing, you’re asking for trouble, as predators often cruise these sites hoping to steal your personal information for their gain.”
- And all somebody needs is your name, birthday and a few other pieces of information and they’re ready to open that new credit card account in your name.
Jeremy Miller, director of operations for Kroll Fraud Solutions in Nashville, Tenn., said a person’s birthday is one-third of what thieves consider the holy trinity of personal information, which can make it easy for a crook to open accounts, rent homes and gain employment under your name.
Even that tweet can be a thief’s friend
You’re at the bank one day. As such, you feel compelled to tweet that you’re making a deposit. The message also mentions the bank and branch.
The next day there is an e-mail purporting to be from your bank. There was a problem with your deposit. The e-mail includes the specific branch you were at and the time you made the deposit. It also asks for account information.
“Friend” people you don’t know: Treat your friends online like your friends offline — get to know them before you share your life.
- Ignore privacy settings: When your privacy settings are configured to share with everyone, the information you give to Facebook is publicly available, in some cases even to search engines
Overshare information: Understand that broadcasting pieces of information that are often the answers to “secret questions” asked by banks or other account holders.
- Compromise your Facebook user name and password: Once a thief can access your account, he can exploit the trust that exists between you and your friends for financial gain. Use a different user name and password for each of your key online accounts, including Facebook.
Click on a weird link sent by a friend: Thieves, who take over Facebook accounts, often post links to offers or deals intended to trick friends into providing information that they can then use to commit more financial crimes.