Skip to main content

Facebook identity fraud is up and you need to be careful

if youre not careful you could be the next victim of identity fraud on facebook idfraud
Image used with permission by copyright holder

Social media juggernaut Facebook is the primary online fixture for a lot of folks (1.15 billion monthly active users as of June 2013, to be exact) – this is probably why it’s constantly under attack or serious scrutiny. The social network is not only plagued by lawsuits, viruses, catfishers, money lenders, and the government’s watchful eye… with the amount of people freely offering all sorts of pertinent details about their personal lives on Facebook, a rise in identity fraud on the site is bound to happen.

A report from The Japan News details many scenarios wherein Facebook users are duped into surrendering personal information through fake posts that solicit likes, votes, or link clicks. Messages have been found to lead to a page that asks users for contact details (like a phone number), and since these links are believed to be sent by a “friend,” they think nothing of it and acquiesce, ending up the unwitting victims of identity theft.

These fraudsters and hackers are known to take advantage of the relationships people build on Facebook, banking on the fact that most users mindlessly peruse their News Feed out of habit. Sometimes, scammers even take great lengths at fooling users by venturing out of Facebook and reaching out to targets via other methods. Greg Boyle, senior global product marketing manager for antiviral software company Trend Micro, recently wrote about his experience: He had received an email notification claiming a person (who was not on his Facebook friends list) tagged him in photos. At first glace, the email looked legitimate and similar to one that’s generated by Facebook when you have email notifications set up in your settings, but upon further investigation, Boyle found that the email he received was fraudulent and was actually an attempt at a Blackhole Exploit Kit (BHEK) spam run: Links in the email redirect the user to a different page, causing malware to be automatically downloaded into their system. “Evidence of past BHEK runs show they generally use financial institutions, e-commerce and global events as lures that get users to click on links and secretly install malware that steals banking credentials and personal information etc.,” Boyle wrote.

If you’ve seen the movie Catch Me If You Can, then you know it’s based on a true story about the person Leonardo DiCaprio portrays in it – conman turned FBI security expert Frank Abagnale. Earlier this year, Abagnale made an appearance at the Advertising Week Europe conference in London and spoke to The Guardian about the dangers of identity theft on Facebook.

“If you tell me your date of birth and where you’re born [on Facebook] I’m 98 percent [of the way] to stealing your identity,” Abagnale warned. “Never state your date of birth and where you were born [on personal profiles], otherwise you are saying ‘come and steal my identity’.” Additionally, he recommends never using a passport-style photo as your Facebook profile picture – group photos are deemed much safer – and refrain from making comments that reveal too much. “What [people] say on a Facebook page stays with them,” he said. “Every time you say you ‘like’ or ‘don’t like’ you are telling someone [things like] your sexual orientation, ethnic background, voting record.”

Abagnale also commented about U.K. privacy laws, which he has “tremendous amount of respect for” and believes to be more advanced compared to the laws in place in the U.S. This may be true, but it doesn’t stop the U.K. from experiencing its own troubles with identity fraud, which is still on the constant rise – 82 percent of all cases happen on the Web. Similarly, out of 700 U.S. teens surveyed, 75 percent have been found to be careless with their personal information, making themselves susceptible to online crime.

Be vigilant, keep your Facebook account safe

Should a user be locked out of his or her Facebook account, the social network has an advisory available on what could be done to confirm identity and recover access. Additionally, under Facebook’s Security settings, users have an option to add Trusted Contacts, or three “friends that can securely help you if you ever have trouble accessing your account”; these contacts will receive security codes which they need to send to the user, and if all codes are accurate, the user can confirm their identity and reset their password. While this may be a suitable fail-safe for some, any experienced hacker or fraudster may be able to easily pretend to be you and make contact with your trusted friends. We’ve reached out to Facebook and asked if this is possible and will update this story once we hear back.

In the end, the only person responsible for your information security is you. In the same way technology advances, so do the security issues that go with them. Apart from choosing a hard-to-crack password (which rules out birthdays, middle names, pet names, and the word “password”), there are other things you can do with your Facebook account settings to make it increasingly harder for identity stealers to target you.

Review your Privacy settings. Restrict your profile to Friends Only. Where it says “Who can see my stuff,” choose anything EXCEPT Public. Click on “Limit Past Posts” to change the setting of your old posts to Friends Only. This is important if you’re not sure if any of your old posts (which may contain personal information that can be used to steal your identity) were ever set to Public.

facebook privacy settings
Image used with permission by copyright holder

While you’re there, set “Who can contact me” and “Who can look me up” to Friends or Friends of Friends to limit the number of people who can find you using your email or phone number.

Check out your Security settings. Click on Secure Browsing and enable the option. Also enable Login Notifications so you can be told through email or text message whenever a new computer or mobile device is used to log into your Facebook account. Click on Login Approvals and check the option that requires a security code before giving account access on unknown Web browsers – this will pull up a step-by-step on how to set it up on your mobile phone (Note: For this to work, you need to have the official Facebook app installed on your phone).

facebook security settings
Image used with permission by copyright holder

As an added precaution, make a habit out of checking Active sessions. If you see any activity that wasn’t initiated by you, click End Activity.

facebook security settings - active sessions
Image used with permission by copyright holder

Editors' Recommendations

Jam Kotenko
Former Digital Trends Contributor
When she's not busy watching movies and TV shows or traveling to new places, Jam is probably on Facebook. Or Twitter. Or…
Facebook vs. Facebook Lite: Which is best for you?
galaxy s6

Love it or hate it, Facebook has become an integral part of many people's online lives. One way you might be able to improve your social media experience is to look at Facebook’s Lite app (available for Android and iOS). Both the primary Facebook and Facebook Lite apps offer all the main features of Facebook, but the later version is designed to use less network data and will work well on low-end devices. We look at both applications to see which is best for you in this Facebook versus Facebook Lite battle.
Facebook
 
Facebook Lite

Features
Let’s start with the features of each application. Both Facebook and Facebook Lite offer the social network’s main features; however, Facebook doesn’t address what it considers its main features, so you will need to discover what is missing as you use the app. Our testing found that most primary features were available, including the News Feed, Marketplace, Stories, and Groups. If you’re comparing the two applications, we recommend downloading Facebook Lite and giving it a try for yourself to see if anything you consider vital is missing.

Read more
What’ll happen to your WhatsApp account if you don’t agree to new privacy policy
WhatsApp

WhatsApp recently announced it would be changing its privacy policy, in a move that has many users worried about how much of their data will be shared with WhatsApp's parent company, Facebook. Now, the service has revealed what will happen to the accounts of users who don't agree to the new policy by the May 15 deadline.

TechCrunch contacted WhatsApp for more details on what would happen to users' accounts if they didn't agree to the new privacy policy. It reports that WhatsApp will "slowly ask" its users to agree to the new privacy changes, warning that they need to do so to continue having full access to the app's features. Users who decline to accept the new policy will be able to continue using the app for a few weeks, but only in a limited way. “For a short time, these users will be able to receive calls and notifications, but will not be able to read or send messages from the app,” the company told TechCrunch.

Read more
TikTok boss calls out Facebook, Instagram to team up against Trump ban
Tik Tok app

A top TikTok executive is telling Facebook and Instagram to put their money where their mouth is.

TikTok interim global chief Vanessa Pappas called out the social media powerhouses after the Trump administration announced that TikTok would be banned from being downloaded from U.S. app stores starting Sunday.

Read more