3/18/2013 6:15 PM ET|
Secrets to yank off Facebook -- now
You have left a trail of bread crumbs on social media, and the bad guys are patient and persistent. Here is how to keep them at bay.
Let's make one thing clear: You can't prevent social media-related identity theft. Even if you delete your Facebook account, turn off Twitter and cut yourself off from all other social media, there's still enough information about you out there to help the bad guys access your financial life.
It's in the stuff you've already posted, other people's posts about you and in huge databases that have been tracking you on- and off-line.
"There's no such thing as preventable identity theft," said Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. "People have put out so much information, there are so many sites that are tracking you and so many breaches have occurred."
Even Michelle Obama may have been hit by hackers who apparently were able to pull credit reports on celebrities by piecing together publicly available information.
What you can do is to try to make yourself less of a target -- and know what to do if you get hit.
Making yourself less visible isn't easy in a world where your something as seemingly innocuous as your Facebook "likes" can reveal your political and sexual orientation and readily available facial recognition software can not only track you from site to site but can figure out your Social Security number.
The bad guys are very patient, and they cast a wide net. They're tapping public information databases and matching that with the information they find on Facebook and elsewhere. They're looking for the tidbits of information to figure out where you bank, what your credit accounts are and how they can masquerade as you.
"Fraudsters spend a great deal of time pulling together a portfolio of the person they're targeting," said Ron Green, a former Secret Service agent and deputy chief security information officer at FIS, a company that provides banking software and information technology.
"They're very patient," Levin agreed. "They cobble together the information . . . and then remake your bed, except with them in it."
The puzzle pieces that used to be private are no longer very hard to get.
"Social media is making a lot of people just provide that information freely," Green said.
Levin made the same point more colorfully: "We can't help ourselves . . . people just wholesale spew information about themselves."
Here's what you need to do:
Scour your timeline for "personally identifiable information." Anything that could be used to guess your password, or your answers to security questions that authenticate you on financial sites and elsewhere, would be of prime interest to an identity thief. That includes, but isn't limited to:
- Your full name (including middle name).
- Your full birth date.
- Your children's names.
- Your pets' names.
- Your hometown.
- Your mother's maiden name.
- The names and dates of schools you've attended.
- Your home address.
Security experts recommend purging as much of this personally identifiable information as possible -- with the understanding that it's probably cached somewhere or may already have been accessed by a thief.
"It would be worth doing because you've probably lessened the 'threat surface,'" or the amount of readily available information that could be used against you, Green said. "But you really can't put the genie back in the bottle."
Using a handle or nickname is better than using your real name, although Facebook discourages that (and it's tough to change your name after you've established your account).
If you do nothing else, though, take your birthdate under wraps since that date is used to confirm the other information a criminal may have compiled about you -- not to mention that people often use birthdates in their passwords. If you really need to get birthday greetings on your actual birthday, rather than a few days before or after, at least conceal the year you were born.
Also know that many phones and cameras can "geotag," or embed information in photo files that show where the pictures are taken. A savvy criminal could access that information and figure out your address, so Levin recommends turning off geotagging, also known as "location services".
Practice good password hygiene. You're supposed to use different passwords at every site, but, at a minimum, you shouldn't reuse your Facebook password at email and financial sites. If you're having trouble keeping track of multiple passwords, consider programs such as LastPass or 1Password that can store them in encrypted form.
Beware of apps. Free games and quizzes seem like fun, but typically their purpose is to suck up information about you and your friends. At best, your information will be used to spam your friend list, or sold to marketers. At worst, the programs might be designed by identity thieves. That "personality test" you took could be just a cover for extracting clues to your passwords or security questions. You can turn off Facebook apps by clicking the little gear on the top right of your screen; select "privacy settings" and then look on the left side for "apps."
More from Liz Weston:
MORE ON MSN MONEY
VIDEO ON MSN MONEY
1st rule about facebook:
DON'T GET ON FACEBOOK !!
2nd rule of social media:
DO ALL NETWORKING FACE TO FACE ! (social or business)
I don't want too get that personal with Facebook.
Sign up for facebook!
Screw over your friends and family with ease!
Be sure to leave security options unused
Be double sure to use all those apps that harvest your information
Remember, there are hackers starving out there that need your money!
This article spends so much time pointing fingers at Facebook that it detracts from the real problem. It isn't Facebook that is the problem, but ALL websites where you provide information. If you are using a password that is based on some aspect of your life, then the smart thing to do is change the password. If you're unwilling to do that, then make absolutely sure that you're not providing that information on any site. As long as your passwords aren't related to anything that is posted online somewhere and as long as you use a different password for financial accounts and email from what you use for other things like website logins, you'll be fairly safe from hacking. At least as long as you use current and good antivirus software. That still leaves identity theft and you simply can't prevent that. Everything important about you is already available online even if you've never used a social media site. And crooks already have access to it. So having it also on Facebook really doesn't matter. All you can really do is monitor your credit to make sure nothing unusual happens. You can do that yourself or pay for a service that does it for you. Even then, the identity theft will still happen. You'll just be able to do something about it before it goes too far.
Perhaps the first thing YOU should do is ask yourself "WTF am I getting on one of these sites for in the first place?"
Copyright © 2013 Microsoft. All rights reserved.
Quotes are real-time for NASDAQ, NYSE and AMEX. See delay times for other exchanges.
Fundamental company data and historical chart data provided by Thomson Reuters (click for restrictions). Real-time quotes provided by BATS Exchange. Real-time index quotes and delayed quotes supplied by Interactive Data Real-Time Services. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by SIX Financial Information.