3/18/2013 6:15 PM ET|
Secrets to yank off Facebook -- now
You have left a trail of bread crumbs on social media, and the bad guys are patient and persistent. Here is how to keep them at bay.
Let's make one thing clear: You can't prevent social media-related identity theft. Even if you delete your Facebook account, turn off Twitter and cut yourself off from all other social media, there's still enough information about you out there to help the bad guys access your financial life.
It's in the stuff you've already posted, other people's posts about you and in huge databases that have been tracking you on- and off-line.
"There's no such thing as preventable identity theft," said Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. "People have put out so much information, there are so many sites that are tracking you and so many breaches have occurred."
Even Michelle Obama may have been hit by hackers who apparently were able to pull credit reports on celebrities by piecing together publicly available information.
What you can do is to try to make yourself less of a target -- and know what to do if you get hit.
Making yourself less visible isn't easy in a world where your something as seemingly innocuous as your Facebook "likes" can reveal your political and sexual orientation and readily available facial recognition software can not only track you from site to site but can figure out your Social Security number.
The bad guys are very patient, and they cast a wide net. They're tapping public information databases and matching that with the information they find on Facebook and elsewhere. They're looking for the tidbits of information to figure out where you bank, what your credit accounts are and how they can masquerade as you.
"Fraudsters spend a great deal of time pulling together a portfolio of the person they're targeting," said Ron Green, a former Secret Service agent and deputy chief security information officer at FIS, a company that provides banking software and information technology.
"They're very patient," Levin agreed. "They cobble together the information . . . and then remake your bed, except with them in it."
The puzzle pieces that used to be private are no longer very hard to get.
"Social media is making a lot of people just provide that information freely," Green said.
Levin made the same point more colorfully: "We can't help ourselves . . . people just wholesale spew information about themselves."
Here's what you need to do:
Scour your timeline for "personally identifiable information." Anything that could be used to guess your password, or your answers to security questions that authenticate you on financial sites and elsewhere, would be of prime interest to an identity thief. That includes, but isn't limited to:
- Your full name (including middle name).
- Your full birth date.
- Your children's names.
- Your pets' names.
- Your hometown.
- Your mother's maiden name.
- The names and dates of schools you've attended.
- Your home address.
Security experts recommend purging as much of this personally identifiable information as possible -- with the understanding that it's probably cached somewhere or may already have been accessed by a thief.
"It would be worth doing because you've probably lessened the 'threat surface,'" or the amount of readily available information that could be used against you, Green said. "But you really can't put the genie back in the bottle."
Using a handle or nickname is better than using your real name, although Facebook discourages that (and it's tough to change your name after you've established your account).
If you do nothing else, though, take your birthdate under wraps since that date is used to confirm the other information a criminal may have compiled about you -- not to mention that people often use birthdates in their passwords. If you really need to get birthday greetings on your actual birthday, rather than a few days before or after, at least conceal the year you were born.
Also know that many phones and cameras can "geotag," or embed information in photo files that show where the pictures are taken. A savvy criminal could access that information and figure out your address, so Levin recommends turning off geotagging, also known as "location services".
Practice good password hygiene. You're supposed to use different passwords at every site, but, at a minimum, you shouldn't reuse your Facebook password at email and financial sites. If you're having trouble keeping track of multiple passwords, consider programs such as LastPass or 1Password that can store them in encrypted form.
Beware of apps. Free games and quizzes seem like fun, but typically their purpose is to suck up information about you and your friends. At best, your information will be used to spam your friend list, or sold to marketers. At worst, the programs might be designed by identity thieves. That "personality test" you took could be just a cover for extracting clues to your passwords or security questions. You can turn off Facebook apps by clicking the little gear on the top right of your screen; select "privacy settings" and then look on the left side for "apps."
More from Liz Weston:
- Your adviser could be a psychopath
- What you need for your IRS audit
- 5 fixes the credit bureaus must make
Be a lot less friendly. Make your privacy settings high, so only friends can see what you post, and then cull “friends” list of anyone you don't know well (or at all).
That can prevent direct access to your life, but it's not a bulletproof shield.
"That protects you from the world, but not from the weaknesses of your friends," Green said. In other words, anyone who successfully hacks a friend's account could get a good look around in yours.
Just savor that for a minute. You're only as secure as your least-secure friend on Facebook. The aunt who keeps sharing hoaxes and urban legends, thinking they're real? The buddy who doesn't even know Facebook has privacy settings? Yeah. Your security is in their hands. Great.
Click less -- a lot less. OK, maybe you know better than to click on the link that purports to be a friend saying, "I just saw you in this video LOL."
Any link or photo or video you click on can load malware onto your computer. Common types of malware include keyloggers that record everything you type, including user IDs and passwords, and programs that enslave your computer so you can inadvertently help spam or defraud somebody else.
Even the experts get fooled. Green got an email about an eBay purchase he hadn't made; the second he clicked on the link he realized his mistake. "Damn it, they got me," he said.
Green spent the next few hours wiping his hard drive, reinstalling his operating system and restoring his files from backup. Which brings us to the last bit of expert advice:
Be vigilant. That means doing all of the following, regularly:
- Installing, updating and running anti-virus software.
- Backing up your computers.
- Checking your credit reports.
- Monitoring your bank accounts.
None of these steps will necessarily prevent incursions but they should allow you to discover problems more quickly.
Have a cleanup plan. If your Facebook account is compromised or you otherwise become a victim of identity theft, your very first move should be to change your email password, Levin said.
That's because you'll be changing other passwords, and the confirmations will come to your email address, Levin said. If the criminal accessed your email account as well as your Facebook or financial accounts, he or she will be able to watch all the changes and then undo them.
If the identity breach is widespread, you may want help counteracting it. Your employer, insurer or bank may offer "identity theft resolution services" as a free perk, said Levin, whose Identity Theft 911 provides recovery services to about half the property and casualty insurers in the country as well as to employer assistance programs and financial institutions.
A good site to bookmark is The Identity Theft Resource Center, which has tons of information on recovering from this crime.
Think twice about everything you post. Privacy policies are constantly evolving. What a site assures you is private could become public. So the best policy is not to post anything you wouldn't share in public, since that's what you may be doing.
"Remember the fact that (Facebook founder Mark) Zuckerberg said the era of privacy is over," Levin said. "Everything you do you have to evaluate against that statement. . . . You should be limiting the information you provide in a public forum."
Liz Weston is the Web's most-read personal-finance writer. She is the author of several books, most recently "The 10 Commandments of Money: Survive and Thrive in the New Economy" (find it on Bing). Weston's award-winning columns appear every Monday and Thursday, exclusively on MSN Money. Join the conversation and send in your financial questions on Liz Weston's Facebook fan page.
More from Liz Weston:
VIDEO ON MSN MONEY
1st rule about facebook:
DON'T GET ON FACEBOOK !!
2nd rule of social media:
DO ALL NETWORKING FACE TO FACE ! (social or business)
I don't want too get that personal with Facebook.
Sign up for facebook!
Screw over your friends and family with ease!
Be sure to leave security options unused
Be double sure to use all those apps that harvest your information
Remember, there are hackers starving out there that need your money!
This article spends so much time pointing fingers at Facebook that it detracts from the real problem. It isn't Facebook that is the problem, but ALL websites where you provide information. If you are using a password that is based on some aspect of your life, then the smart thing to do is change the password. If you're unwilling to do that, then make absolutely sure that you're not providing that information on any site. As long as your passwords aren't related to anything that is posted online somewhere and as long as you use a different password for financial accounts and email from what you use for other things like website logins, you'll be fairly safe from hacking. At least as long as you use current and good antivirus software. That still leaves identity theft and you simply can't prevent that. Everything important about you is already available online even if you've never used a social media site. And crooks already have access to it. So having it also on Facebook really doesn't matter. All you can really do is monitor your credit to make sure nothing unusual happens. You can do that yourself or pay for a service that does it for you. Even then, the identity theft will still happen. You'll just be able to do something about it before it goes too far.
Perhaps the first thing YOU should do is ask yourself "WTF am I getting on one of these sites for in the first place?"
Copyright © 2014 Microsoft. All rights reserved.
Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.