Sophos Cloud Optix
How much personal information are you giving fraudsters access to on Facebook? Are you giving them enough information to steal your identity?
Information Age reported recently that an online survey conducted by YouGov in the UK had found that almost 30% of adults with social media accounts “include their full name and date of birth on their profiles” – that’s two of the three key pieces of information a fraudster needs to steal your identity.
The third? Your address, as a recent post by Action Fraud in the UK reveals:
All it takes is your name, date of birth and address for fraudsters to steal your identity and access your bank accounts, take out loans or take out mobile phones in your name.
But deterring fraudsters might not be as simple as just hiding this information in your profile. They can still work out when you were born from the birthday messages posted on your timeline. And even if they don’t know where you live, they could be able to find that out from your name and date of birth. An article in The Telegraph reveals how.
Online directories hold huge quantities of information – from addresses, phone numbers and even a list of your past and present housemates. This can all be pieced together to assume your identity.
Armed with these three key pieces of information, fraudsters can obtain fake identification documents such as a replica passports over the internet. The Telegraph article reveals that “a fake British passport costs £550. Those who want an additional bogus driving licence can get both for £720.”
Fake documentation then opens the doors to loans, credit cards, mobile phones and more – all taken out in your name.
So what should you do?
Back in January we shared some tips on securing your social media profile in Social media security is not just for kids – how safe are your profiles? Robert Schifreen, himself an ex-hacker and the founder of SecuritySmart, shared some great tips in that post, including “It’s OK to lie about birthday and location – just keep a note of what you said in case you ever need to confirm with the network in question.”
We also talked about those links that tie you to other members of your family? They can reveal who your parents, siblings or nieces and nephews are – and that could make your mother’s maiden name easy to decipher. How many times you’ve been asked for that when you need to reset a password?
Too many of us are unwittingly putting ourselves at risk by sharing too much information on social media sites such as Facebook. We should all heed the sound advice shared by John Marsden, head of ID and fraud at Equifax in an article in the Belfast News Letter:
Be social savvy; avoid unnecessarily sharing personal details and risking your identity on platforms that can so easily be exploited. It’s always nice to receive well wishes on your birthday – but is it worth the risk?
If you don’t really know who can access your personal information on Facebook, do something about it today.
The trouble is not when I share information on the web (I don’t even have a facebook), but when friends and family give out my information without my even knowing or agreeing.
If all it takes to access my bank account or take out loans in my name is to know my name, date of birth and address then the problem isn’t what I share on social media, the problem is what banks require as authentication. You are telling me that anyone who is a minor celebrity has his identity stolen on a regular basis, because it is very easy to find those 3 “keys” out about them. It is ridiculous to expect people to hide such basic facts about them, when you should be shutting down banks and other institutions that get fooled that easily instead.
In the US ( I don’t know about other countries) to open a bank account it requires a valid ID presented in person, which is verified to ensure: it’s not a dead person/ not flagged as fraud/ isn’t on a ban list by the Fed/ is real/ and a few other items.
You should ask your bank what they are required by law to verify. Just having your data, will not get you an account where I work.
I have not checked the situation with my bank yet, but I was just referring to this article and the sources they quote. I do know however that no one can access my bank account if he doesn’t at least have my banking card and a valid ID identifying himself as me. But apparently somewhere you can trick a bank with just three pieces of information. And not only can you open a bank account in someone else’s name, it seems you can access their already existing accounts. And this all strikes me as very odd. As I understand it a fraudster would get himself a fake ID with my details, yet obviously his picture. So even if he did open a bank account under my name, and generate debt on it, how on earth would I ever be responsible for that debt? They have to have his ID on file, not mine. So it has to be very obvious that it wasn’t me opening that bank account or generating that debt, and that it is 100% the responsibility of the bank and that I have nothing to do with it. As this article quotes “Action Fraud in the UK” I guess in the UK you can steal peoples money if you just go up to a bank and tell them the name, dob and address of a random person.
True, yesterday I asked to enable online banking for my account, but changed my mind when the password requirement was a max of 12-digit of only numbers and non-case sensitive letters. Not good enough.
I have been saying some of this for a long time and have got myself a name for refusing to give info out unnecessarily. It isn’t just banks, there are some major organisations who really should have known better before now. I accidentally found out a celebrity’s address in London because one of his offspring had been rather naive. The link is closed now not that I would have had any interest in stealing anyone’s identity.
I had a FB and deleted and deactivated it and still it was stolen and they changed the password and put my image in porn and ruined my name, people think it was really me putting that smut on FB and I haven’t seen it, but when I do, what will I be able to do about it! NOTHING, FB needs to regulate their site better, I saw the 2nd in command on tv just the other day crying about having to raise he kids on her own, try doing it without the millions , like I did ! And now my life has been ruined! Because of FB not policing their site. I complained I guess too much and got banned. How’s that for justice
Having read the linked articles and YouGov stats, I question them especially if referring to Facebook as This is exactly the Information they ask for to set up a new account. Enter a name, so if this is a legitimate account you aren’t going to give a false one because if you did how would anyone find you unless the only way you allowed friends to connect is to provide them your details face to face or over the phone. In any case Facebook’s real name policy makes it hard to use a fake name unless you simply use a real enough looking fake name. Next it asks for DoB, now here yes I understand that you could put a false DoB as is it absolutely necessary for friends and family to wish you well on line or can they do it by phone, text or in person? To me this suggests that 100% of users are giving these 2 bits of information away every time, I believe more to the point is, are users then marking this information as private and not sharing it? name well obviously you can’t but DoB you can. And as mentioned in the article even if you do not share DoB, friends and family can indirectly anyway unless you specifically tell them not to and even then they may do it by accident. I agree with another commenter above, we need to get other organisations whom we have to share this information with legitimately rather than choosing to do so to enforce better ways of authenticating people when they come to perform actions.
Can I claim I am safe if I set my Facebook account to be seen only by friends only which I have done therefore I assume I safe.
actually, no, you can’t claim that.