Friday, April 16, 2010

Exposed – How Secure is Your Identity on Web?

   Among the benefits they bring, social or professional networks like Facebook or LinkedIn bring also some considerable issues, the most important of them being the identity theft. Defined by Wikipedia as a “form of fraud in which someone pretends to be someone else in order to steal money or obtain other benefits” [2], the identity theft extended naturally also to the internet. Given the fact that each person from such an online network provides personal information, photos and day-to-day activity statuses, it becomes thus exposed to the online identity theft, being easier for a person infiltrated in the circle of friends or professionals to misuse the respective information.

    I wanted to write about this issue several weeks ago though I preferred to wait for later, when I was supposed to have more time in order to do some research on this topic, especially from the point of view of the social networking platforms and how they fight against identity theft. I haven’t had the time to do that until now, however today I received an email from a friend asking for help, though the story from the email was questionable. Scammers and identity thefts might have a really good story, though no story is perfect. It might look as the below email story I received today though it might be even more elaborated (I hope I won’t be sued for copy rights by its creator):

     “How you doing? We made a trip to London (United Kingdom) unannounced some days back,Unfortunately we got mugged at gun point last night! All cash, Credit card and phone were stolen, we got messed up in another country, stranded in London, fortunately passport was back in my hotel room. It was a bitter experience and i was hurt on my right hand, but would be fine. I am sending you this message because i don't want anyone to panic, we want you to keep it that way for now!
Our return flight leaves in a few hours but I’m having troubles sorting out the hotel bills, wondering if you could loan me some money to sort out the hotel bills and also take a cab to the airport about ($2000). I have been to the police and embassy here, but they aren't helping issues, I have limited means of getting out of here,  we canceled our cards already and made a police report, I won’t get a new card number till I get back home! So I really need your help.
     You could wire whatever you can spare to my name and hotel address via Western union

    This was not the first message of this type I received in the past, though it was the first time I received such a message from a friend. Given various circumstances I suspected that the story can’t be right, in addition the formulation from the email was raising additional doubts. Knowing that my friend is using one of the social networks, I sent a message, and surprise, some minutes later I’m contacted back by the person certifying the validity of the email message, in plus having a nice discussion. While discussing with the respective person, I finally decided to give a call to a close relative of the respective friend, certifying me that I’m dealing with an identity theft.

     Many people think: “no, that won’t happen to me, who will spend so much time longing for my few bucks I saved in my bank account?!”. The internet is the perfect environment for faking an identity, and that’s quite easy to do. Is enough to save some photos from the sites you visit, collect some information about some people and you’re ready to pursuit your criminal goals. For example Facebook allows you to see the photos of the friends of your friends, now it depends also on the privacy options they have chosen, however for many people is possible to see their date of birth, city, children, education, employer, etc. In a recent study made by Sophos was found that 46% of Facebook users accepted friends requests from strangers, 89% of users in their 20s divulged their full birthday, nearly 100% of users post their email address and between 30-40% of users list data about their family and friends [1]. The numbers might not be that high, though there is an issue even when we talk about 1% of the users.

     A fact is that your personal information could be further used to collect other details about you, for example by crosschecking the profile against other sites. Some of the users even provide the links to the other social networks they belong to. Of course, that could be useful not only for friends but also for thieves to follow them, and it’s so easy to build such a profile. A courageous thief might even contact the persons and find out thus more information about them, and in theory it’s so easy to do that, it depends also on credulity of the people. 2-3 weeks ago I was watching in the news  how a couple discovered they were robbed by one of their new acquaintances from one of the social networks they were using. 

     On the other side direct contact might not be necessary, a psychological social profile could be built upon the information provided by the people on their hobbies and other interests, preferences, things they are looking for on the web, etc. Of course, for this are need some skills and eventually a good story to sell, though people nowadays become more and more inventive and anything is possible. Sure is that each time you are making public information about you on the internet you should think also how the respective information could be used against you, on whether they could be used to guess any of your passwords or as a start to access other information. The users shouldn’t forget that there are many people who got fired because of the information posted on social networks.

    Even if social networks and professional networks are based in general on the principle of friendship, collegiality and professional collaboration, in theory such networks could be easily penetrated by a skilled criminal by creating an adequate profile and interacting eventually with people. In networks of thousands of people catching such criminal could become quite difficult. Who’s responsible for protecting us against online criminality?! Is it the site owners? In many cases site owners run from responsibility or just do something to save their image. It would be great if there would be some governmental or global organizations responsible for that, attempting to monitor and protect users/people’s rights in the virtual world. On the other side even if there are a few organizations of this type (e.g. Identity Theft Resource Center), given the huge amount of virtual users and issues, it’s almost impossible to handle all the issues and be proactive. In the end it’s in users’ interest to minimize the risks! For more information on identity theft and how to protect yourself you could check also www.Combat-Identity-Theft.com or www.justice.gov.

References:
[1] Sohpos. (2009). Facebook: The privacy challenge. [Online] Available from: http://www.sophos.com/security/topic/facebook.html (Accessed: 16 April 2010)
[2] Wikipedia (2010) Identity Theft. [Online] Available from: http://en.wikipedia.org/wiki/Identity_theft (Accessed: 16 April 2010)

No comments:

Post a Comment