Facebook identity fraud is up and you need to be careful

if youre not careful you could be the next victim of identity fraud on facebook idfraud

Social media juggernaut Facebook is the primary online fixture for a lot of folks (1.15 billion monthly active users as of June 2013, to be exact) – this is probably why it’s constantly under attack or serious scrutiny. The social network is not only plagued by lawsuits, viruses, catfishers, money lenders, and the government’s watchful eye… with the amount of people freely offering all sorts of pertinent details about their personal lives on Facebook, a rise in identity fraud on the site is bound to happen.

A report from The Japan News details many scenarios wherein Facebook users are duped into surrendering personal information through fake posts that solicit likes, votes, or link clicks. Messages have been found to lead to a page that asks users for contact details (like a phone number), and since these links are believed to be sent by a “friend,” they think nothing of it and acquiesce, ending up the unwitting victims of identity theft.

These fraudsters and hackers are known to take advantage of the relationships people build on Facebook, banking on the fact that most users mindlessly peruse their News Feed out of habit. Sometimes, scammers even take great lengths at fooling users by venturing out of Facebook and reaching out to targets via other methods. Greg Boyle, senior global product marketing manager for antiviral software company Trend Micro, recently wrote about his experience: He had received an email notification claiming a person (who was not on his Facebook friends list) tagged him in photos. At first glace, the email looked legitimate and similar to one that’s generated by Facebook when you have email notifications set up in your settings, but upon further investigation, Boyle found that the email he received was fraudulent and was actually an attempt at a Blackhole Exploit Kit (BHEK) spam run: Links in the email redirect the user to a different page, causing malware to be automatically downloaded into their system. “Evidence of past BHEK runs show they generally use financial institutions, e-commerce and global events as lures that get users to click on links and secretly install malware that steals banking credentials and personal information etc.,” Boyle wrote.

If you’ve seen the movie Catch Me If You Can, then you know it’s based on a true story about the person Leonardo DiCaprio portrays in it – conman turned FBI security expert Frank Abagnale. Earlier this year, Abagnale made an appearance at the Advertising Week Europe conference in London and spoke to The Guardian about the dangers of identity theft on Facebook.

“If you tell me your date of birth and where you’re born [on Facebook] I’m 98 percent [of the way] to stealing your identity,” Abagnale warned. “Never state your date of birth and where you were born [on personal profiles], otherwise you are saying ‘come and steal my identity’.” Additionally, he recommends never using a passport-style photo as your Facebook profile picture – group photos are deemed much safer – and refrain from making comments that reveal too much. “What [people] say on a Facebook page stays with them,” he said. “Every time you say you ‘like’ or ‘don’t like’ you are telling someone [things like] your sexual orientation, ethnic background, voting record.”

Abagnale also commented about U.K. privacy laws, which he has “tremendous amount of respect for” and believes to be more advanced compared to the laws in place in the U.S. This may be true, but it doesn’t stop the U.K. from experiencing its own troubles with identity fraud, which is still on the constant rise – 82 percent of all cases happen on the Web. Similarly, out of 700 U.S. teens surveyed, 75 percent have been found to be careless with their personal information, making themselves susceptible to online crime.

Be vigilant, keep your Facebook account safe

Should a user be locked out of his or her Facebook account, the social network has an advisory available on what could be done to confirm identity and recover access. Additionally, under Facebook’s Security settings, users have an option to add Trusted Contacts, or three “friends that can securely help you if you ever have trouble accessing your account”; these contacts will receive security codes which they need to send to the user, and if all codes are accurate, the user can confirm their identity and reset their password. While this may be a suitable fail-safe for some, any experienced hacker or fraudster may be able to easily pretend to be you and make contact with your trusted friends. We’ve reached out to Facebook and asked if this is possible and will update this story once we hear back.

In the end, the only person responsible for your information security is you. In the same way technology advances, so do the security issues that go with them. Apart from choosing a hard-to-crack password (which rules out birthdays, middle names, pet names, and the word “password”), there are other things you can do with your Facebook account settings to make it increasingly harder for identity stealers to target you.

Review your Privacy settings. Restrict your profile to Friends Only. Where it says “Who can see my stuff,” choose anything EXCEPT Public. Click on “Limit Past Posts” to change the setting of your old posts to Friends Only. This is important if you’re not sure if any of your old posts (which may contain personal information that can be used to steal your identity) were ever set to Public.

facebook privacy settings

While you’re there, set “Who can contact me” and “Who can look me up” to Friends or Friends of Friends to limit the number of people who can find you using your email or phone number.

Check out your Security settings. Click on Secure Browsing and enable the option. Also enable Login Notifications so you can be told through email or text message whenever a new computer or mobile device is used to log into your Facebook account. Click on Login Approvals and check the option that requires a security code before giving account access on unknown Web browsers – this will pull up a step-by-step on how to set it up on your mobile phone (Note: For this to work, you need to have the official Facebook app installed on your phone).

facebook security settings

As an added precaution, make a habit out of checking Active sessions. If you see any activity that wasn’t initiated by you, click End Activity.

facebook security settings - active sessions
Social Media

Twitter suffers privacy scare as bug reveals tweets of protected accounts

If you set your Twitter account to private and you have an Android device, you'd better check your settings now. Twitter says it's just fixed a four-year-old bug that flipped the privacy switch to make the account public.

How to use iOS 12’s Passwords and Accounts tool to autofill passwords

Keeping track of all your passwords and accounts can be a real chore. If you use an iPhone with iOS 12, then you don't have to. Here's how to use iOS 12's own password manager to autofill passwords.

Having trouble logging in? Here's how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Social Media

No yolk! A photo of an egg has become the most-liked post on Instagram

Until this weekend, the most-liked post on Instagram was of Kylie Jenner's baby daughter, which has around 18 million likes. It's now been knocked off the top spot not by a stunning sunset or even a cute cat, but by an egg.
Social Media

Invite your friends — Facebook Events can now be shared to Stories

Facebook is testing a way to make plans with friends to attend an event -- through Stories. By sharing an event in Facebook Stories, users can message other friends interested in the event to make plans to attend together.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.

Starting your very own vlog? Here are the best cameras to buy

Any camera that shoots video can be used to vlog, but a few models stand out from the crowd thanks to superior image quality, ergonomics, and usability. When it comes to putting your life on YouTube, here are the best cameras for the job.
Social Media

Twitter extends its new timeline feature to Android users

Twitter users with an Android device can now quickly switch between an algorithm-generated timeline and one that shows the most recent tweets first. The new feature landed for iPhone users last month.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.
Social Media

Nearly 75 percent of U.S. users don’t realize Facebook tracks their interests

Did you know Facebook tracks your interests, including political and multicultural affiliations? According to a recent Pew study, 74 percent of adult users in the U.S. have no idea Facebook keeps a running list of your interests.

It’s back! Here’s how to switch to Twitter’s reverse chronological feed

Twitter has finally brought back the reverse chronological feed, allowing you to see your feed based on the newest tweets, rather than using Twitter's algorithm that shows what it thinks you want to see. It's easy to switch.
Social Media

Nearly a million Facebook users followed these fake Russian accounts

Facebook purged two separate groups behind more than 500 fake accounts with Russian ties. One group had ties to Russian news agency Sputnik, while the other had behavior similar to the Internet Research Agency's midterm actions.