Saturday, May 22, 2010

Facebook: One stop shopping for identity theft

I've witnessed two camps emerging lately.  On one side we have "I'm closing down my Facebook account" mostly driven by those that have been turned off by recent articles in Time and elsewhere about how easy it is to data-mine other's Facebook profiles.  At the other end we have the "I'm not that private of a person, and anyone that wants to know what Grandma cooked us for dinner is fine by me..."

I'm somewhere in-between.  I consider myself technically savvy enough to configure my profile privacy settings and watch Google alerts to see when my name surfaces on 3rd party sites.  Recently I've watched friends post some fairly benign information, but in 2-3 clicks - I realized they'd given away more than they'd realized.

Here are just a few things you might not have thought about when it comes to why you want to be a little more private and a little more guarded about what you share on-line.

How many of your web site security settings use 'secret questions'? Credit card companies, on-line e-mail services like Gmail/Yahoo/Hotmail, cell-phone companies, your company's self-service password reset tool, your 401k, your brokerage account - all of these typically employ 'personal information' type questions as part of an identity scheme.


  1. Mother's Maiden name - Want to find out someone's mother's maiden name ? - Look at Facebook, find their aunts/uncles/cousins. - It's easy, that is the last name that's repeated 2nd to the person's last name. (Even easier are those that friend their mother that put's their maiden name in parentheses :-)
  2. Street you grew up on - When you look at the percentage of friends on Facebook that are from High School, you're already within the zip-code.  Now you just think about who rode what bus and a little Googling of their last name to see if their parents are still in the same house and you're there. - Many of my friends that didn't go to my high school list the high school they went to,, so just surf around that high school on Google Maps and for smaller towns - you'll find you are closer than you'd suspect.
  3. First Pet - Just browse those scanned in childhood photos. - Obviously not as common, but you'll be amazed if you surf some of those albums what you'll find.
  4. First Car - How about those famous "Notes" threads/chain-letters that go around from time to time ? - Heck, I think if you search my profile back far enough I even have a photo of it for you.
  5. Favorite Sports Team - Again, thank you Facebook for creating "Fan of" and "Groups" - it won't take long at all to identify their allegiance - that is assuming that they didn't go to a Big-10 NCAA school and have a front-license plate to give this one to you as a freebie.

So - What DO you do about this ? - I've discussed this with a few highly respected security folks that I know and I'm starting to consider using an alternate persona for my on-line security.  Someone that I know lots about.  Just as an example - What if I were to answer Mother's Maiden with "Bouvier", Street I grew up on with "Evergreen Terrace", and First Pet with "Snowball" ?

That's all for now. I gotta go update my Facebook status with the 3 digits off the back of my credit card.
-DS

5 comments:

Anonymous said...

http://xkcd.com/743/

My basic deal with Facebook privacy "invasions" is pretty much everything they reveal is part of the public record anyway. Anyone who really wants to know can find out far more than that with a trip to the county website or courthouse.

My basic test for social media is "Would you be willing to shout this out in the town square?" if the answer is no its probably best not to tell the rest of the world about it.

Edward fights Identity Theft said...

This is a good post, I never thought of this before. This is practically true. Identity theft is really widely spread all over the world.
If we cannot stop this, this will result to a big problem of our community.

James Morgan - Puritan Financial Advisor said...

I consider myself technically savvy enough to configure my profile privacy settings and watch Google alerts to see when my name surfaces on 3rd party sites.

urns for pets said...

facebook can also share about your personal information to the applications that you are installing within your facebook account.

Cremation Urns said...

Facebook is not really safe for every person. Most especially if they put all the informations on their profile.