Social networking sites a boon for identity criminals

Users of popular social networking sites such as MySpace, Facebook, Bebo and Friends Reunited are giving away too much information about themselves and opening themselves up to identity fraud, according to experts.

According to Neil Munroe, external affairs director at credit information company Equifax, criminals are taking advantage of the popularity of such sites to steal sensitive information.

"The problem is that people don't realise the significance of the kind of information they are putting out on the web and who may be accessing it, said Munroe. "More and more consumers are signing up to these sites every day and chances are they'll put on their date of birth, location, email, job and marital status."

He said that people can search for the name of an old friend and find out virtually all their personal details online.

"Unfortunately, the fact is that not everybody is searching for a friend. Fraudsters can use this information to steal an individual's identity and open accounts in their name," said Munroe.

He advised that while people shouldn't stop using these sites they should limit the amount of information they put on them.

"Announcing they're going on holiday could leave them open to burglary," he said. "Similarly, don't reveal the names of pets and children, as they're often used as passwords. And don't make it easy for fraudsters by listing all your networking addresses in one place."

Munroe said that users of such sites should use privacy filters where available.

Experts said that cybercriminals are getting to grips with the latest that the internet has to offer and this includes social networking sites and other web 2.0 entities.

"Many users may have only just made their first foray into this new and exciting internet 2.0 development - the last thing they will be expecting, and therefore not vigilant against, is that the same water which they treat as entertainment is already muddied with the kind of individual that makes a career out of identity theft spam and phishing," said Mark Sunner, chief security analyst at managed security services company MessageLabs.

He said that all the indications were that the same people who trawl public records to send spoof lottery win postal spams are now trawling these sites to either impersonate others and trick their way into information being divulged or simply plundering the data directly.

"Which is of course infinitely more up-to-date and more personal than public records. It is fair to say that we are at the dawn of a whole new level of social engineering confidence trickery via the internet, with the worst undoubtedly yet to come," Sunner warned.

Email to a friend

Print this page

Social Bookmark this article: What is this?

Digg

Delicious

Reddit

StumbleUpon

Slashdot

Google

Facebook