Who Has Access to Your Personal Info? The Answer Might Surprise You

Are you aware that many people probably have access to your personal info? If you have ever gotten an apartment, have insurance, or applied for a job, someone has done a background check on you, and you might be shocked by what’s in there, including your debts, income, loan payments, and more. On top of this, there are also companies collecting information on you including:

  • Lenders
  • Employers
  • Government agencies
  • Volunteer organizations
  • Landlords
  • Banks/credit unions
  • Insurance companies
  • Debt collectors
  • Utility companies…and more

Thanks to the Fair Credit Reporting Act (FCRA), you can get a copy of these reports every year for a small fee, and they are free if there has been any type of adverse action against you. You can also get this information from certain organizations including the following:

Credit Agencies

Most people know the main credit reporting bureaus, Experian, TransUnion, and Equifax. The reports that these companies give you can include your loan and credit card payment history, how much credit you have, info from debt collectors, and other information.

Employment Screening

If you have applied for a job, you might have gone through employee screening. These employers have access to things like your salary history, credit history, education, and even criminal history.

Housing/Tenant Screening

If you have ever rented an apartment or home, your landlord might have done a background check, too. This might include prior evictions and other negative information.

Banking and Check Screening

Your bank also might have information on you, which could include your banking history, such as negative balances on your checking account or unpaid bills.

Medical Insurance

Finally, if you have medical insurance, your insurance company has probably also done a background check on you. These policies include life insurance, health insurance, long-term care insurance, critical illness insurance, or disability insurance.

Lifehacker and the Consumer Financial Protection Bureau’s 2019 report compiled a pretty amazing list below. Check it out.

The nice thing about these things, however, is that you have a right to access all of these reports, too. In most cases, these reports are free. You can ask these organizations what background check companies they are using, and then you might be able to request a free report. Again, if there is any negative information on these reports that cause you to, for instance, not be hired by an employer, you will automatically get a free copy of this report so you can see the derogatory information for yourself, and then take any steps you can to change it.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Beware of Conference Invitation Scams

Conference invitation scams are those that involve a scammer sending invitations out to events with the intention of scamming the invitees. These might be real events or fake events, and the scammers target people including business professionals, lecturers, CEOs, researchers, philanthropists, and more. The goal here is to steal the identities of these people, and eventually get money by taking advantage of their victims.

Spotting a Scam

There are usually some pretty clear signs that you could be dealing with a scam involving a conference invitation. Here are some things to look for:

  • The invitation has typos or bad grammar
  • The invitation seems very random or out of no where
  • The conference name sounds like a conference you might be family with, such as Tech Crunch, but it’s spelled differently, like TekCrunch
  • The invitation asks that you pay a premium price to attend, which includes accommodation and transportation
  • Payment options don’t include credit cards
  • The invitation is overly flattering
  • There is a sense of urgency pushing you to send personal information
  • The greeting on the invitation is questionable, i.e. “Salutations.”
  • The invitation asks for sensitive information in return for “covering” your conference cost, accommodations, and transportation.
  • The conference is held in a different country, i.e. Asia or the Middle East
  • The landing page doesn’t have a physical address or landline number
  • The invitation sounds too good to be true

How Do These Scams Work?

In general, the scammer begins the scam by sending an email to a target victim and invited them to attend or speak at a conference. The scammer usually uses the victim’s social media pages to get information about them, which helps them to create a more personalized email.

The victim is told to register for the conference, which involves giving personal information. Additionally, they could be asked to pay a fee to attend, which could be over $1,000, depending on how long the conference is said to last. Usually, this is where the sense of urgency comes into play, as the scammer will say the conference is filling up or they need to know if they can count on the victim to speak. If not, of course, they must find another speaker, so the victim must confirm as soon as possible.

If the targeted victim complies with this and sends their information, the scammer may have enough information to steal the victim’s identity. Additionally, the scammer can use the name of the victim to promote the conference, especially if it is someone well-known in the industry.

If the victim goes through with all of this, they will quickly find out that they have been scammed. A scammer might also try scamming people who are actually going to a legitimate conference. They claim that they are part of the organization running the conference, and they need information and to collect fees. Of course, since the victim already signed up for the conference, it is easy to believe this scam without giving it a second thought.

Protecting Yourself from Invitation Scams

Here are some tips and tricks that you can use to protect yourself from these types of scams:

  • If you get an email similar to ones described here, don’t respond.
  • You should investigate any invitation that you are not sure of.
  • Do not agree to send money, and only pay with a credit card.
  • Don’t agree to give any personal information; a conference organizer doesn’t need to know your Social Security Number
  • Research the event and try to match up the information that you were given in the invitation email.
  • Copy and paste some of the email into Google to see if others have reported that this is a scam.

What to Do if You are a Victim If you have become a victim of a conference invitation scam, there are steps you should take immediately. First, get in touch with your financial institutions, like banks and credit card companies, and make them aware of this. Next, you should contact the location police and authorities in the area where the conference is allegedly supposed to be held. You should also get in touch with the Better Business Bureau about the company, and you can report the scam online via the BBB’s Scam Tracker or the Federal Trade Commission’s Online Complaint Assistant.  Finally, you can also report the scam to the FBI through its Internet Crime Complaint Center.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Robert Siciliano on FOX Nation

I recently had the opportunity to join a panel discussion on FOX Nation. We talked about the grid, and how cyber threats could be the next medium for global warfare. I was able to share opinions with fellow experts on privacy, information security and cybersecurity. Please watch and learn why it is so important to take control of your own security, and ultimately your life.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

WARNING: You or Your Members Could be Targets of List Scams

There are scammers out there targeting conference exhibitors and attendee. What are they looking for? Credit card numbers, money wires and personal information that they can use to steal identities. One of the ways that scammers get this information is by using invitation or list scams. Basically, if you are registered for a conference, speaking at a conference, a conference vendor or just “in the business”, you might get an email…or several emails…that invite you to a conference or offer to sell you a list of attendees, and their contact information, which may be beneficial to you…but is it too good to be true? Definitely.

Robert Siciliano, CSP, SAFR.ME

These Lists are Lies

Along with conference invitation scams, many associations are targets of list scams. A quick search of “Attendee List Sales Scam” pulls up numerous associations whose members and anyone interested in marketing to these members are being targeted by criminals to purchase non-existent lists.

Though it might sound great to get a list of all attendees of a conference, including their contact information, you might be surprised to know that these lists are lies. On top of that, getting this information might not even be legal.

Think about it for a second. When you signed up for a conference, did you choose to opt-in to have your personal information shared with others? Probably not, and that also means that most of the other attendees did not do this either.

To find out if the list is possibly legit, take a look at the show’s policies. Do they give information to third parties? Do they rent or sell lists of attendees? Is the name of the company that contacted you on the list of their third-party vendors? If this checks out, the list could be legitimate. If not, it’s probably a lie.

If you think you are dealing with a liar, the first thing you should do is plug the company that contacted you into the Better Business Bureau’s website. If it is a scam, you should certainly see information proving that. If not, but you aren’t interested, just unsubscribe. If you think that you are dealing with a scammer, don’t reply or even unsubscribe. Instead, just delete the email and don’t take any action. Many of these scammers are simply looking for active email addresses.

More Conference Invitation Scams

Another scam involves telling attendees about exhibitors that don’t even exist. This can push you into wanting to sign up for the conference, but in reality, the conference, itself, might not even exist, and in this case, you could just be giving your hard-earned money to a scammer.

So, if you find yourself in this situation, the first thing you want to do is research. One step is to look up the person who contacted you online, such as on LinkedIn, and see if they are who they say they are. Another thing to do is to contact the conference venue and ask if the event is being held there. You can also check the contract for refund or cancellation information. You also should do some research about the reputation of the contactor company. Finally, always make sure that you pay for any conference with a credit card. This way, with zero liability policy’s, you can get your money back, and every legitimate conference company is happy to accept credit cards. 

But Wait…There’s More

Another scam associated with trade shows and conferences is to contact attendees about hotel reservations, but once you pay…it’s all a scam. Usually, these scammers will contact the attendees and say that they represent the hotel for the conference. They will tell you that rates are significantly rising or that it is sold out, so you must act immediately…however, they will say that they need the full amount up front.

When in doubt about this type of scam, you should always contact the trade show organizers yourself, and then ask who the booking rep is. You should also give them the name of the company that you believe is scamming you so they can advise others of the scam.

Know Your Options

  • It is very important when you are signed up to present or attend a conference that you only engage with the company that is running the conference
  • If in doubt, confirm with the company that the offers from third-party claims are correct.
  • You can also get an official exhibitor list of official vendors.
  • Keep in mind that these legitimate companies might have your personal information, but they would not release your personal contact information with third-parties.
  • Some exhibitors might get the mailing address of attendees, which you can opt out of. Most of this is harmless, of course, but that doesn’t mean that all of these lists are.

Wi-Fi Hacks

Finally, you want to watch out for wi-fi hacking. This is a common scam for conference goers. When you attend a conference or trade show, you probably just expect that you will get free wi-fi, right? This allows you to take care of business and ensure that your booth runs smoothly. Hackers know this, of course, so they set up nearby and create fake networks. Once you connect to these networks, they can come into your device, take your information, and even watch everything you are doing online.

Keep in mind that these fake networks look remarkably similar to the legitimate networks set up by the conference. So, always double check before connecting, and if you are ever in doubt, make sure to ask one of the conference or trade show organizers. They can confirm that you are on the right network. There are always going to be scammers out there, especially when you are attending a trade show or conference. There are just too many opportunities for scams, and they can’t say no. Fortunately, by following the advice above and by reporting any suspicious activity, you can not only make sure that you, yourself aren’t falling for these scams, but also help others to not fall for this type of nefarious scheme.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Protect Your identity When Buying or Selling a Home

If you are in the process of buying or selling a home, at some point, you are going to have to disclose personal information when you go through the process. Because of this, a home buyer, especially, is much more likely to become a victim of identity theft.

Here are some ways to protect your identity when buying or selling a new home:

Ask if Communication is Secure

One thing to do is to make sure your mortgage and real estate professionals are using secure electronic communications. If they can’t articulate their security, such as they use two step verification, etc, then they aren’t generally secure. Otherwise, you should drop documents off in person.

Ask How Personal Info is Handled

Another thing to do is ask your lender how they will handle your personal info after the loan is complete. Are documents able to be stored securely? Will they be shredded when no longer needed?

Ask About Security Policies

You should also ask about the security policies of your lender and/or real estate professional. If they don’t have a security policy, they aren’t secure.

Get a Referral

Ask people you know for referrals for mortgage and real estate professionals. Verify that their licenses are current. Do business with those who others know, like and trust.

Choose a Real Estate Team That You Trust

Buying a new home takes a full team on both the sides of the buyer and the seller. So, you have to make sure that you trust them and that all of their credentials are up to date. You should also do your best to read reviews online.

Be Aware of Frauds

Fraudsters are always out there, and they take advantage of people looking to buy a home. For example, according to investigators, a California woman would offer to buy a home on behalf of the buyer because the buyer was under funded or an illegal immigrant. After the buyer provided the deposit, she would never be heard from again.So keep your eyes open as you go through the process.

Recognize Money Wire Scams

When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

Nearly 10,000 people reported being victims of this kind of fraud in When looking at the home buying process, a report by the FBI’s Internet Crime Complaint Center said email fraud involving real estate transactions rose 1,110 percent in the years 2015 to 2017 and fraud dollars lost rose almost 2,200 percent.

Nearly 10,000 people reported being victims of this kind of fraud in 2017 with losses over $56 million, the FBI report said. Real estate is only now tightening its belt and fighting back., the FBI report said. Real estate is only now tightening its belt and fighting back. The moment a wire transfer is requested via email, tell your agent or broker you want to meet them at the office to discuss. End of story.

Be Cautious on the Internet

During this process, you will be filling out a lot of forms and giving out a lot of your personal information. So, to help prevent any identity theft, you should only use a secure device on a secure network. You also have to make sure that you are using strong, varied passwords, and if you have to print out copies of documents, you should hide any account numbers or Social Security numbers.

Use Credit Monitoring or ID Theft Protection

When making a large purchase like a new home, you should make sure to have real time credit monitoring and identity theft protection.

Freeze or Lock Your Credit Until Making an Offer

You also might want to consider freezing or locking your credit until you are required to have your credit checked. Both options prevent a creditor from accessing your credit report, which stops a criminal from opening a new account.

Credit locks are available from consumer credit bureaus for a small fee, and you can lock or unlock your credit whenever you want. A credit freeze is free but slightly cumbersome. Go free and learn it.

Get a Copy of Your Credit Report

It’s also a good idea to get a credit report if you are going to finance a home. Checking this report will give you a good idea of what you can afford each month, and it will allow you to see if there are any mistakes or unusual behavior on the reports.

Stay Safe During the Closing Process Finally, remember that fraudsters are always out there, especially when people are using large sums of money. The Federal Trade Commission estimates that people lost about $1.48 billion to fraud last year, alone. So, it’s imperative that you keep yourself safe by avoiding things like phishing schemes, and if something sounds too good to be true, it probably is.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The “Mother of All Data Breaches?” It Could Be Here…

You have probably heard of one data breach after another these days, but this is one that you should really pay attention to: more than 772 million unique emails, along with more than 21 million unique passwords, have been exposed.

data breach

Troy Hunt, who runs the website “Have I Been Pwned,” first reported this breach, and he says that a huge file (87 GB) was uploaded to MEGA, a cloud service. This data was then sent to a popular hacking site, and now hackers have access to all of these passwords and email addresses.

This data breach, known as “Collection #1,” is very serious. However, it could just be the tip of the iceberg. There are claims that there are several more “collections” out there, and it could be as much as one full terabyte worth of data. This could be the newest “mother of all data breaches” if this is found to be true.

So, what does all of this mean for you? It not only means that your information could be part of this breach, but it also could mean that these password and email combinations could be used in a practice known as “credential stuffing.” What is this? It’s when a hacker uses known email and password combinations to hack into accounts. Basically, this could have an impact on anyone who has used an email/password combination on more than one site.

This, of course, is concerning because this particular breach has about 2.7 billion email/password combinations. On top of that, around 140 million of the emails, and 10 million of the passwords, were brand new to the hacking database, which gives the hackers even more ammunition to wreak havoc. The big lesson to be learned here is that you should always use good security practices when you create accounts online. You should never use passwords from one account to another, and you should definitely use two-factor authentication if it is available. If you don’t have a password manager, you might want to set that up, too.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Youra Sheethed: My Dalliance Scambaiting a Nigerian Con

I put an ad on Craigslist to sell a refrigerator that I no longer need. Within a few minutes I’m happy to report Micheal responded to buy it!

SCAMMER:Hi am Micheal I like to ask if this item is till available for sale and what the present condition it.

ME:Still for sale, someone is interested tho, its like new, 5 months. 

SCAMMER:Thanks for the  information Joshua I am interested in buying and closing this deal before anybody else  the easiest mode of payment  for me is by sending you a cashier check directly from my bank account  to you overnight via USPS , Kindly send me your full name and address to send the check out if you are interested . I also promise to handle the shipping myself once you have the cash at hand 

ME: Awesome! Thank you Michael! Please send the check to:

Youra Sheethed

15 Deerfield St #15145

Boston MA 02215

Sincerely with love respect hugs and kisses

Youra Sheethed 🙂

SCAMMER:The check will be mailed ASAP,please note that the amount on the check will be shipping and handling charges inclusive so you will have more than $640on   the check from which you will deduct $640for  the payment , will counting on you make the rest available to my shipper because I have other things he will be picking up for Me , I will notify you once the check is sent.kindly confirm the name.YouraSheethed

ME: Yup, that is correct.  Youra Sheethed.  It has been a pleasure to do business with such a professional person as yourself.

Few days later…….

SCAMMER:The Usps man just confirmed to me the check has delivered now and The amount i wrote is $2340,As our agreement that i have promised that iwont cause you any financial problem regarding the shipment, The extra fee payment on the check is to cover the shippers fee pick up for your item and they have other items they are picking up for me , So that can cover all fee..

SCAMMER: Have you received/deposited the check already??

Hey, it’s me Robert, so the SCAMMER didn’t get an immediate reply from me because I was on an airplane. In the course of an hour, probably in a panic, Scammer then sent another 8 messages and called another 12 times every, 2 minutes.

ME when I got off the plane: You seem to have ants in your pants.  You should have that checked.  They can bite you know.  Especially the red ones.  One time that happened to me. I was VERY ITCHY.  Are you itchy?

SCAMMER: Excuse me ?

ME: Ants in your pants.  You called and texted like 20 times.  Maybe it’s me but that tells me you have ants in your pants.

SCAMMER:The USPS confirmed to me check already delivered,so I wanted to be sure you’re in procession of it..i apologize for the inconvenience and would like to proceed

ME: I deposited it.  It’s a lot of money!!!!! Thank you for the big tip.  Youra said she will use the extra money for her hemorrhoid surgery.  She’s very itchy.

Hey, it’s me Robert, so the SCAMMER didn’t respond to this message at all, I think maybe he caught on??!! So I messaged him 2 days later….

ME: When are the movers coming?

SCAMMER: I HAVE YOUR COMPLETE NAME AND ADDRESS,I WILL BE TAKING A SERIOUS LEGAL ACTION AGAINST YOU…. you will be hearing from my lawyer soon!

ME: Why? I thought we were friends? I like you.  We have lots in common. We both are itchy!

SCAMMER:Oloriburuku!

Hey, it’s me Robert, so I didn’t know what Oloriburiku was, so I googled it. And the Urban Dictionary provided this definition: “Oloriburiku; Direct translation to bastard head meaning someone stupid or crazy with mad thoughts don’t use it around Nigerian parent unless u want to die”

Apparently I’m not selling a refrigerator to Micheal. But at least I have a nice big fat check!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Youth Suicide on the Rise…is Social Media to Blame?

A startling new study shows that youth suicide is on the rise, and it has risen in dramatic fashion.

Data from the National Poison Data System shows that there were more than 1.6 million cases of kids from 10 to 24-years old attempting suicide by poison during the time between 2000 and 2018. A shocking 70 percent of these attempts were done by females. There was also a huge spike in the rate of attempts at suicide among those aged 10 to 15.

When we look at the individual years from 2000 to 2018, we can see that suicide rates were fairly steady…up until 2011. However, from 2011 and beyond, there has been a huge increase. In some cases, it is as much as 300 percent. So, we have to look at reasons for this.

During that time, there were several societal changes, which certainly could impact these numbers, specifically social media and smartphones becoming something that youth are using every day. There are several studies that can correlate this theory. In simple terms, these studies show an increase in suicide among youth aged 12 to 17 and an increase in social media screen time. However, this was no correlation between the two when looking at suicide rates among adults.

This author personally knows, or sadly knew many who have committed suicide and they range in ages from 10 years into adulthood. All had one thing in common, and insatiable appetite for social media use. There is article after article that links social media use with depression. When many of us are on social media, our inclination is to compare ourselves to others. A quote that rings true is “Comparison is the thief of joy” which is so sadly true.

This study does not totally nor unequivocally establish that social media use causes suicide, of course, but there is certainly a clear connection. When you are looking at more than a million kids who are at risk of suicide, it is important that parents understand this. Everyone has a tough time in their teen years, which parents understand, but what they don’t understand is being a teenager and totally connected to their peers via digital devices 24/7 with many of their peers being MEAN to them!  Doctors, who are supposed to help, don’t understand the digital aspect of this, either.

The findings of these studies are also in line with other research on suicide, which is the second leading cause of death for people from age 10 to 24. A tween or teen will full unfettered access to a smartphone and social media is the equivalent of handing them the keys to the car prior to knowing how to drive or even giving them a loaded gun.

A separate study as reported by HuffPo shows a great correlation to all of this, too. In this study, which looked at emergency room records, it was noted that suicide attempts as well as suicidal thoughts doubled from 2005 to 2017. More than 40 percent of these were for children from 5 to 12-years old.

All of these studies also show that parents are pretty clueless about this. In fact, research shows that about 50 percent of parents who have children who have considered suicide are totally in the dark about it.

Something has got to be done about this, of course, before it gets out of (actually it already is) control. Support and awareness about mental health is certainly a step in the right direction, but parents also must be aware of the great increase of suicide and attempted suicide rates among teens and realize that their child is just at risk of this as any other children. Parents can also do things like limiting their children’s access to medications in the home. It is also important for parents to learn the warning signs and understand that even young kids, who are not yet teenagers, can still have thoughts of suicide. Talking to your kids about it is always a good idea. Taking their phone away is a better idea. Adults too. Stop the madness!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

The Surveillance Seller: The Latest Concern for Real Estate Buyers and Agents

Imagine that you are looking for a new home with your spouse and children, and while at a showing, the agent gets a strange call. It’s her listing agent who informs her that the sellers are watching all of you on a camera, and they want to make sure your children are careful around the china cabinet…

What? This happens? It most certainly does, and it’s definitely freaky. Plus, it raises some legal and ethical questions, too. This has become more of an issue than ever before with real estate, and agents are really dealing with something they have never had to worry about before.

In general, there are laws out there about recording people without their knowledge, but these laws vary by state, and what is covered in one place might not be covered in another. On top of that, most real estate agents aren’t aware of what is legal and what is not. Some states, for example, only require that one person knows that the surveillance is happening, but in other states, both parties must be aware. Other states require that a notice is posted if recording is happening.

The majority of agents believe that they have an obligation to tell their clients if they know that there is recording equipment in a home, but at the same time, they might not know either. This can also, of course, cause some legal issues during a negotiation, as potential buyers might be discussing strategy during the showing, while a seller could be listening in, giving them the upper hand. Some agents have even told their clients that they shouldn’t talk about what they are thinking about a house until they are outside and away from any potential recording equipment.

On the other hand, some sellers believe that they have an absolute right to record in their own homes, and they very well may have that right. Again, in general, things are quite cloudy here, and they are only set to get cloudier as time goes on.

At this point, it’s not even just traditional surveillance cameras that homeowners are using. They also are using smart-home technology to keep an eye on their homes including video game consoles, smart door bells, and even devices like Amazon’s Alexa-enabled devices. Of course, there are also a number of privacy concern associated with these things, too. As these devices get cheaper than ever before, more and more homeowners are jumping on the surveillance bandwagon. So, if you are a in the market to buy or sell a home, make sure you talk to your realtor about this, especially if you are a seller who has these devices in the home.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Want to be a Cybercriminal? Try Facebook

When you think of a cybercriminal, you probably picture someone in a black hoodie in a dark room on the dark web, but most cybercriminals are out there in plain sight, including on Facebook.

facebook security

Talos, a cybersecurity firm, found that people can easily join Facebook groups, and then participate in cybercrime including buying and selling credit card info, obtaining spamming tools, or even getting account logins and passwords. All in all, these groups have almost 400,000 members.

Though that does sound like a lot, and it is a lot, you also have to remember that Facebook has about 2 billion users logging into the site each month. With that number of people, it is difficult for the social media giant to deal with these groups.

The failure of Facebook to remove these cybercriminals shows that it is struggling to keep bad online behavior at bay, and this also include hate speech, inciting violence, and sharing false information. This also, of course, show how this behavior can be amplified by the algorithms that Facebook uses.

These groups are easy to find on Facebook. All you have to do is type things like CVV or spam. Once you join one of these groups, Facebook’s algorithms come into play and suggest other groups that are similar in nature. Plus, Facebook doesn’t have a great way to catch these criminals, as it relies on reports from other users to stop this type of behavior.

Because of this, Facebook really has a long way to go before it stops relying on the reports of its users. It’s also true that these reports aren’t always taken seriously, and they often fall through the cracks.

One such example of this is with the recent terrorist attack in Christchurch, New Zealand. The gunman who was responsible for the attack streamed his murderous act on Facebook Live. Though Facebook eventually took the video down, it was seen by thousands of people. However, Facebook said that it had no report of the video during the attack, which is why it took so long to remove it.

Knowing all of this, Talos tried to take on some of these crybercrime groups through the reporting system at Facebook. Some of these groups were, indeed, removed from the platform, but others were not. Instead, only specific posts were removed, while the group itself was able to live another day. Talos kept reporting these groups, however, and eventually, most of them were removed. However, new groups are now popping up to take the removed groups’ places. Facebook has acknowledged that there is a problem, and it admits that these groups have violated its policies. It also said that it knows that more vigilance is required and that it is investigating all types of criminal activity on the platform.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.