Social Networks and Your Digital Identity
Social Networks and Your Digital Identity
The web has forever changed the way we socialize. Twitter, Facebook, LinkedIn, MySpace, Blogs, and other less popular sites all represent you in the digital realm.
The bottom line is this: when the 1’s and 0’s start flowing across the ether, you are exposing yourself to all of the web’s vagrants. Paradoxically, if you decide not to participate in all these sites, you are exposing yourself.
Yes, not participating is perhaps more dangerous than participating at the minimum level. Odds are you have interacted with a fair share of folks online, perhaps here at ITS Tactical, that for whatever reason you’ve never met face to face. Maybe neither of you has seen each other’s picture, knows where the other lives, or has any other pertinent facts beyond some minor exchanges on the bulletin board. And therein lies the problem- the other party doesn’t know that the Facebook invitation that they just received isn’t actually from you, but someone pretending to be you.
Identity Theft
The lurid prospect of someone squatting your digital persona isn’t as far fetched as one might think. Last year, The New York Times reported in a story how 6 million personalized URLs were grabbed the first weekend after Facebook created the personalized option. Most of us fail to qualify for celebrity status, but that doesn’t stop the miscreants lurking around on the web from trying to become our digital doppelgangers.
Identity theft is a major problem, and unfortunately a determined criminal may only need to discover one chink in your digital armor. Javelin Strategy & Research released their yearly identity fraud report in February, and the disenchanting data showed another year led to another increase in both victims and cost: the highest rate yet since Javelin started producing the report in 2003. According to Javelin’s report, 11.1 million adults fell victim to identity fraud. If that number isn’t unsettling enough, consider that the average fraud victim spent 21 hours to resolve the incident. That’s a tremendous amount of time lost.
Worthless Information
As ludicrous as it sounds, one defensive option is to give a little bit of accurate, but worthless, information to these social sites. You can defend your digital persona by:
- Opening up accounts on the popular social network sites with your name. Your name appears on your mail, in the telephone book, and probably on paper found in your trash. Giving away this much information doesn’t increase your exposure. Your risk profile dramatically increases once you start to share your full name, birth date, pet names, familial relationships, etc.
- Create a novel and unique password for use at these sites- never use the same password from a social site at a site where you carry on financial transactions, especially banks. If the social site is cracked and the criminal is good at guessing your login name, suddenly your financial data is at risk because of a breach at a social network site.
- Put a plain photo or headshot of yourself on the account. Unless your some sort of secret squirrel who has managed to never be photographed, you mug isn’t going to lead to an identify theft on the web. The truly concerned may wish to ensure that the photo uploaded isn’t geotagged, something many smart phones do automatically.
- Resist the urge to “Complete your profile” by answering all of the personal questions these sites request from you. If the site requires these fields, you can always head over to http://www.lipsum.com and generate a couple of paragraphs of Lorem Ipsum!
- Before you log out, lock your account down to a level you feel comfortable with.
- Finally, some sites may require you to log in periodically to keep your account active. Consider setting a reminder to log into the sites every quarter or so just to ensure your account isn’t deactivated or deleted.
Active Participation
The allure of these sites lies in their ability to stay connected, or to re-connect, with friends. If you decide to more actively participate in one or more social network sites, be sure to always follow these rules:
- Closely screen anyone that wants to link to your account. Unless you categorize yourself as an “open networker” or “professional networker” and are trying to reach a 7-figure friend list, don’t accept invitations from people that you don’t actually know.
- Always vet requests, regardless if they are from purely online acquaintances or not, through a separate channel, like email or chat–don’t assume that the invite is legitimate. Spear Phishing is growing in popularity. Criminals have learned that people are more apt to blindly respond or click a hyperlink, answer some questions, etc. from a personal acquaintance than from a well-known company like Facebook, eBay, or PayPal. Multi-channel verification is one easy way to avoid a spear phishing attack.
- Be cautious uploading photos from your phone while on you’re on vacation. You can share your experience with your friends, but only after you return home. No one is going to de-friend you because you didn’t post photos in real-time while at Disney World.
- Finally, as Fox News reported earlier this year, you must actively take steps to protect yourself against the plethora of social networking scams that are circulating. Expecting the web site to protect you is no longer tenable.
- Always be skeptical of mail (that stuff that shows up in your postal mailbox, not your inbox) that is purportedly from one of your social network sites. The Javelin study reaffirms the fact that criminals may use regular mail to notify you of a “data breach.” The end goal for them is the same, getting you to login to a page and provide personal information that you otherwise wouldn’t share.
Notes
It is possible to safely participate in the social revolution occurring in your browser and on your mobile phone. In fact, total abstinence may put your identity, digital and actual, in greater jeopardy than not participating at all.
Educate yourself. The US Department of Justice provides an informative page and an online Identity Theft Quiz, in addition to educational materials about mass-marketing fraud that is worth reviewing, even if the content doesn’t explicitly focus on the web or social networks. With a little effort and some common sense, you can protect your digital identity and reputation from the digital hoodlums cavorting around the net.
Editor’s Note: Please join us in welcoming Jason Robert as a contributor on ITS Tactical. Jason is a former U.S. Navy Cryptologist, digital guru and ITS Plank Owner.
Discussion