12 Awful Reasons Why Impostors Commit Social Media Identity Theft

Imagine if someone used your name and image, or the name and logo of a business you own, to create a profile on Facebook, Twitter, or any other social networking website. Then they start posting blogs and sending out links while pretending to be you. They may contact your acquaintances, colleagues, or clients, or they may simply show up when others search for your name. Either way, their intentions are fraudulent. Establishing an online presence using someone else’s identity creates unlimited opportunities for a scammer.

Traditional phishing, in which scammers send a fake email that appears to come from a trusted entity, is no longer as successful as it used to be. So identity thieves are taking advantage of social networking sites to build a home base. Once established, they seem as legitimate as any other user. There are few, if any, checks and balances to prevent this.

Social media identity theft occurs for a number of reasons:

  1. An impersonator may be attempting to steal your clients or potential clients.
  2. He or she could be squatting on your name or brand, hoping to profit by selling it back to you or preventing you from using it.
  3. They could be criminal hackers posting infected links that, if clicked on, will infect the victim’s PC or network with a virus that gives hackers backdoor access.
  4. An impersonator may intentionally pose as you, and even blog as you, in order to damage your name or brand. Anything they say to the world that is libelous, defamatory, or just plain wrong hurts your reputation and can even make you the target of a lawsuit.
  5. He or she may be using your identity to harass someone you nkow.
  6. The impersonator may wish to harass you, perhaps as revenge over a percieved slight or because you sold them a defective product or service.
  7. They may wish to use a name or brand that has leverage, such as a celebrity or Fortune 500 company, as a form of social engineering, to obtain priveledged access.
  8. If you or your business sell products or services, identity thieves might pose as you and offer deals with links to spoofed websites, in order to extract credit cards numbers.
  9. They may pose as a government entity for the purpose of extracting data and committing new account fraud.
  10. An impostor may be obsessed with you or your brand, and simply want to be associated with you. Posing as you could yield attention and satisfaction.
  11. They could be parodying you or your brand, by creating a tongue in cheek website that might be funny and obvious, but will most likely not be funny to you.
  12. They could be posing as you to elicit contact from others for the purposes of a relationship, sexual or otherwise, either in person or virtually. A young man was recently caught posing as an attractive girl in his school. He contacted guys in his class through a fake Facebook account and requested naked photos of them. When he revealed who he was, he used the incriminating photos to extort sex from them.

Social media is just a baby. All of the above stems from real world examples over the past few years. Unfortunately, this list is going to keep growing. Varieties of fraud that can occur via social media are only up to the imagination of the thief. Submit your own findings. Let’s hear what other whacked out social media identity thieves are doing.

To prevent social media identity theft, register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube. (Disclosures)

8 Ways to Prevent Business Social Media Identity Theft

Robert Siciliano Identity Theft Expert

There are hundreds, or maybe even thousands of social media sites worldwide such as FacebookMySpaceTwitter, and YouTube. Social media networks are quickly becoming the bane of the IT Manager. Twitter phishing and Facebook jacking are growing rapidly.

Social media is still in its infancy and its security has been an issue since its inception. Facebook has been perceived as an ongoing privacy and security issue and Twitter has become a big target. Users are tricked into clicking links. Viruses enter the network as a result of employees downloading or simply visiting an infected page.

Computerworld reports that “Twitter is dead”. Twitter is dead because it is now so popular that the spammers and the scammers have arrived in force. And history tells us that once they sink their teeth into something, they do not let go. Ever.

  1. Implement policies: Social media is a great platform for connecting with existing and potential clients. However without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network.
  2. Teach effective use: Provide training on proper use and especially what not do to.
  3. Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  4. Limit social networks: In my own research I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
  5. Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
  6. Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  7. Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
  8. Prevent social media identity theft: Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting. You can do this manually or by using a very cost effective service called Knowem.com.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Twitter Phishing Leads to Identity Theft

Identity Theft Expert Robert Siciliano

Twitter phishing is a growing problem and is spreading through a virus. Twitter accounts that have been hacked are spreading a link with a request to click on and download a video.

Some Twitter phishing involves Twitter porn. Today Ena Fuentes, who’s definitely a hot little number, started following me on Twitter and wants me to check out her new pics. Problem is Ena is probably controlled by a dude from some little village in an oppressed country who’s using dumb human libido to snare his intended victims.

The Register reports users who follow these links are invited to submit their login credentials via a counterfeit Twitter login page (screenshot via Sophos here). In the process they surrender control of their micro-blogging account to hackers, who use the access to send out a fresh round of phishing lures.

In the past, compromised accounts have sent pictures and links to spoofed websites. The new attacks mimick email address book attacks when the compromised account sends direct messages to the users followers. Twitter only allows direct messages to those who are following you.

When clicking links and downloading whatever intended multi media file, the unsuspecting victim may end up with a virus that spreads a keylogger and/or harvests user login details. Criminals know many internet users have the same passwords for multiple accounts.

Shortened URLs that are necessary to keep tweets within the 140 character limit help mask these scams. As explained by NextAdvisor:

“Whenever a complete URL is too long or cumbersome, many users turn to URL shortening services like TinyURL. Unfortunately, a condensed URL that appears harmless can easily lead to a malware download or phishing site, rather than the destination you were expecting. What appears to be a link to a friend’s home video may actually be pointing you toward the Koobface virus. Hackers can target a single URL shortening service and intentionally misroute millions of users.”

How to protect yourself:

  1. Don’t just click on any link no matter where it’s coming from. Attackers understand a person is more likely to click a link from someone they know, like and trust. If someone direct messages you requesting you click something, their account may be in control of a criminal.
  2. Before you click on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  3. Install McAfee anti-virus protection and keep it updated.
  4. Change up your passwords. Don’t use the same passwords for social media as you do for financial accounts.
  5. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  6. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing hacked accounts on Fox News

Cybersquatting Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Ever click on a link in an email or while browsing online, and something just wasn’t right? The domain name in the address bar was off by a letter or two? Or a word was misspelled? Maybe there was a number tossed in for good measure? This is either cybersquatting or typosquatting, and it’s a problem.

Cybersquatting is the act of procuring someone else’s trademarked brand name online, either as a dot com or any other U.S.-based extension. Cybersquatters squat for many reasons, including for fun, because they are hoping to resell the domain, they are using the domain to advertise competitors’ wares, stalking, harassment or outright fraud. Social media identity theft, or grabbing someone else’s given name on social networks, is another form of cybersquatting or, when it occurs on Twitter, Twitter squatting.

In particularly malicious cases of cybersquatting, identity thieves will use a domain similar to that of a bank in order to create a spoofed website for phishing. If the domain isn’t available, typosquatting is the next best option. After Annualcreditreport.com launched, more than 200 similar domains were quickly snapped up.

This is just one more reason to actively protect yourself from identity theft.

This week, Computerworld discussed the havoc that cybersquatting can have on a brand’s reputation. Sometimes, criminals copy a brand’s entire website in order to collect usernames and passwords from unwitting visitors. Then, the hackers will test those names and passwords on other websites. Cybersquatting increased by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor’s annual Brandjacking Index report.

Intellectual property owners can sue cybersquatters under the federal Anticybersquatting Consumer Protection Act, but it’s expensive and damages are limited to $100,000. They can try to shut down sites containing copyrighted content under provisions of the Digital Millennium Copyright Act, and in some cases, they might be able to pursue violators for trademark abuse under provisions of the Lanham (Trademark) Act.

I’ve written before about the time I was accused of cybersquatting. I wasn’t, I swear! It was the early 90’s, and I had an IBM PS1 Consultant 3.1 Microsoft operating system and a rockin’ 150 MB hard drive. I bought myself some domains. I sold some, others I regrettably gave up. And there was one that will haunt me ’till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin was and is my band, and as a fan, I bought the domain as a keepsake. I would get emails from people all over the world, saying things like, “I am Paulo from Brazil, I love the Led Zep!”

Then, when Clinton passed a law later making cybersquatting illegal, I knew it was only a matter of time. I had it for five years before anyone from the band’s team of lawyers approached me about it. And when they did, I didn’t know how to handle it. And my lawyer at the time, even less so. Ultimately, I gave it up without a fight, but I’m sure the band’s lawyers billed them for the one inch thick book of a lawsuit I was served with. Sorry, dudes. My bad.

In this case, the lawyers saw an opportunity to build a case against me, a fan who would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked out and called them, yelling that they could take it, that I never wanted that.

One of few regrets. But I have a nice one inch thick souvenir all about me and the band and why I’m an idiot.

Anyway, with cybersquatting on the rise, it makes sense to claim your name, your brand name, and your kids’ names on social networking sites and domain names as soon as possible. Just in case you get famous, you don’t want to have to fight a twit like me.

Protect your identity too.

  1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing stolen domain names on Fox News

Scams Happen to Smart People Who Do Stupid Things

Robert Siciliano Identity Theft Expert

Most people are too smart to fall for a Nigerian 419 scam. But plenty of smart people fell for Bernie Madoff’s investment scams. Madoff was far more subtle than your average scammer. But in this day and age, people ought to be more alert to potential scams than ever before. And yet this wolf in sheep’s clothing was able to bilk so many investors. So it looks like we aren’t as savvy as we should be.

The root of the problem is the sheer number of scams. There are investment seminars, smoke and mirror charities, phishing emails and even text messages. I got a “phext” (phishing text message) from “r.yahoo.com” that said, “changed secret question, log in to update, or text HELP or to end STOP.” Naturally, this raised my suspicions, so I did an online search which led me to a forum discussion of this particular scam. Apparently, any response to this text message would have allowed hackers to access plenty of proprietary data.

A prominent security and privacy researcher emailed me to describe an attempted Craigslist scam:

“Robert, so, I registered on Craigslist and posted our above ground pool for sale. Within minutes got a reply from someone asking some basic questions (most of which could have been answered if they had read the advert). Their reply to my answers raised an immediate red flag. This individual claimed to be from Miami and was willing to write me a check for the full amount, plus shipping charges for their shipping company that would pick up the pool. In other words, I deposit a check (in context it seemed to be either a business or personal check, either way I would have had to wait for it to clear) and when it clears, I keep my asking price and give the difference to the shipping company when they arrive to pick up the pool.

I’ve ceased communication with this individual, but this just stinks to high heaven. First, if it is their own shipping company, why should I have to pay them? Second, no way I’m going to deposit this check into my account and risk having my bank info show up on their statement. Third, why would someone in Miami (above ground pools aren’t all that popular down there, it seems to me) want to pay to have a used above ground pool shipped all the way from New England? Fourth, I’m just nervous about stuff like that anyway.

Ever heard of/encountered that kind of situation before?”

This is an advanced fee scam! Now, since I am obsessively screaming about this stuff all day, I can see this coming from a mile away, as did my friend. But those who are less tuned in to the variety of potential scams might easily fall victim to this type of crime.

Financial troubles are forcing people to seek out new opportunities. When we are searching for jobs or attempting to sell our belongings online, or simply spending more time using social networking sites, we become more susceptible to the latest scams. But the biggest danger is our own egos and our complacency, as we foolishly believe that we are all too smart to become victims.

According to The Wall Street Journal, many scam victims are pretty smart. Three recent studies showed that victims of investment fraud tend to be better educated and have higher incomes than nonvictims, and that most have been investing for a decade or more. Because they are so confident in their own judgment, they fail to seek out professional advice.

Years ago, the Better Business Bureau conducted a test in which they planted a man dressed in normal street clothes outside a store during the holiday season. They gave the man a plastic pumpkin and a bell to ring. He spent twenty minutes ringing the bell, and during that time, people kept dropping money into the pumpkin. When the people were questioned, most believed that they had just donated to the Salvation Army, simply because the man was ringing a bell. Like Pavlov’s dogs, they opened their wallets.

Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. You need to take steps to protect your own identity, because while you are smart enough to inform yourself about these issues, you can’t prevent some company from stupidly compromising your sensitive personal data. Prevent new account fraud by getting a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief. And invest in Intelius Identity Theft Protection. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.

Social Media Banned, Creates Identity Theft Risk

Robert Siciliano Identity Theft Expert

The Marines recently banned soldiers from using social media sites such as MySpace, Facebook and Twitter. This is for two reasons. First, because they fear that these sites’ lack of security may allow malware to infiltrate government computers. And second, they’re concerned about the potential for leaked military data. Military personnel are often prohibited from informing friends and family of their locations or missions, regardless of whether they’re communicating with handwritten letters, email, or the telephone. These measures are necessary to prevent leaks that would impede the soldiers’ missions and safety.

It’s no surprise that they have now banned social media.  I recently reported on Sir John Sawers, the incoming head of MI6, the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. Military personnel should held to a higher standard. We are talking about national security here, and we can’t risk leaks that could jeopardize lives.

Anyone who thinks this is absurd need only look at sporting events for confirmation of why this type of communication should be banned. Every time I watch a baseball or football game, when I see the coaches talking to players, or the pitcher talking to the catcher, they cover their mouths with a hand, glove or paperwork. Why? Because there are thousands of “lip readers” watching the event who are happy to report on what was just said in order to give the opposing team an advantage. You’d think after all these years covering their mouths, lip readers would just give up. But no, that’s not the case at all. There’s always someone watching, waiting, hoping for someone to screw up so they can give the other team an advantage.

Today, social media gives scammers an advantage. Somebody is always watching and waiting for an opportunity. Social media is built on trusting relationships. Scammers can exploit that trust to gather information that could be used in password attacks. If you ever forget your password and have to reset it, the answers to several of the security questions might already be available in your profile. And in many cases, the default privacy settings leave profiles open to anyone.

Security professionals were able to create a virus called ZombieSmiles, which gains control of the victim’s browser and allows the hacker to access supposedly private data through the Facebook API, including friends, groups, wall postings and applications. Facebook applications allow a third party to access your data, which opens a Pandora’s box of possibilities for hackers. So if you send me a Facebook application and I refuse, it isn’t because I’m being rude, it’s because I think that the potential risks simply outweigh the benefits. No offense. I just don’t want my identity stolen.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discusses a Facebook Hack on CNN

Social Media Privacy and Personal Security Issues

Robert Siciliano Identity Theft Expert

Privacy issues and identity theft in social media are a growing concern. Most people who post their personal information about themselves do not recognize the potential consequences of their actions, or maybe they simply don’t care if their entire life is an open book.

Ask yourself, should the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA, have a Facebook page? Should his wife? Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple’s London apartment and the locations of their children and Sir John’s parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network.

Patrick Mercer, Conservative chairman of the Commons counter-terrorism subcommittee, has pointed out that these types of Facebook postings leave Sir John Sawers open to criticism and potentially, blackmail. “We can’t have the head of MI6 being compromised by having personal details of his life being posted on Facebook,” Mercer told The Times. “As a long-serving diplomat and ambassador, his family have been involved in his line of business for decades. I would have hoped they would have been much more sensitive to potential security compromises like this.”

Would it be okay for U.S. CIA director Leon Panetta or his wife to post their addresses, vacation photos, childrens’ names and other personal data on Facebook? No! Is it okay for you to do it? You say, “Well, I’m not the director of the CIA.” While you may not be a high profile target, you can still be a target on some level, and the more intelligence you make available to potential attackers or criminal hackers, the easier you make it for them to harm you. Nobody ever considers themselves a target until it’s too late. I’m not a paranoid freak, I’m a grounded, down-to-earth, conscious being with an awareness of what’s going on out there. And when I see you post information that someone sinister could use against you, I worry.

If you use social media and regularly update your status or profile with pictures, video, or information about your whereabouts or daily routines, please keep the following advice in mind:

  1. Before you post anything online, think about what a hacker, stalker, employer, or potential employer could do with that data. Could an ex, who’s fighting for custody, use the data against you in court?
  2. Don’t give away specifics. Don’t post your address, date of birth, kids’ names, pets’ names, phone numbers, or any account numbers or financial information of any kind. You really shouldn’t even post childrens’ photos online.
  3. Do not tell the world you are going on vacation! Or if you’re just going to dinner or the beach and won’t be at your house for several hours, why would you let potential burglars know that you’re away?
  4. If you’re a “partier” and like to imbibe, informing the world that you just smoked a joint is not only one of the worst things you could do for your career, it also makes all your friends guilty by association. And don’t announce that you’re hungover, because after the age of 23, you ought to know better.
  5. Before posting pictures or videos, consider what a criminal or potential employer might see. Could they be used against you in any way?
  6. If you let your kids use social media, you must monitor every aspect of their Internet activities. Pick up McAfee’s Family Protection software and take control of your childrens’ Internet use.
  7. Take advantage of privacy settings and lock down your profile, so that only those who you approve can view everything.
  8. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Social media is less than six years old. This is a brand new medium, and we are just now beginning to recognize its potential consequences. Something as harmless as a picture of a baby in a tub could be traded online by pedophiles. The world is changing. Be aware of your social media use, and be smart about it.

Robert Siciliano, identity theft speaker, discusses social media on Fox.

Identity Thieves Gather Data From Social Networks

Robert Siciliano Identity Theft Expert

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. Apparently, they see no reason to distrust. Generally, your “friends” are people who you “know, like and trust.” In this world, your guard is as down as it will ever be. You can be in the safety of your own home or office, hanging with people from all over the world, in big cities and little towns, and never feel that you have to watch your back.

PC World reports that a third of social networkers have at least three pieces of information posted on their pages that could lead to identity theft. Names, addresses, birth dates, mothers’ maiden names, kids’ names, pets’ names and phone numbers are among the various types of data that could help a criminal piece together your identity. Social networkers are simply making it too easy for thieves.

Almost 80% of those polled are concerned about privacy issues on social networks, yet almost 60% are unaware of what their privacy settings are and who can see their data. One third of social networkers admitted that they use the same password for all their social networking accounts.

Most social networks have privacy settings that many users never venture to manage. It is imperative to spend a few minutes and lock down your profiles so they can’t be seen by everyone in the world.

It is not unusual for a potential identity thief to “friend” a potential victim. The thief poses as someone the target may know, or someone who is known within the target’s social circle. Once the thief has been accepted as a friend, he or she is in the target’s inner circle and gains a great deal of insight into the target’s daily life.

People often try to “friend” me, and I can see that they are “friends” with people I know. But I don’t know them. And the mutual friends often tell me that they don’t know the person, but were “friends” with someone else they knew, and they accepted based on that! That’s nuts! Next thing you know, they are trolling through your “friends” and befriending people in your network, who accept based on their trust in you! Dizzy yet? The point is, stop the madness! Don’t allow these trolls into your life. Mom told you not to talk to strangers. I’m telling you not to “friend” strangers, because they could be scammers.

Scammers are watching. They know that once they are on Facebook, your guard goes way down.

Regardless of all this craziness protect your identity.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection and Prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;

Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity theft speaker discusses Facebook scams on CNN

Social Network is Accused of Identity Theft

Robert Siciliano Identity Theft Expert

The state of New York, Office of the Attorney General plans to sue the social-networking site Tagged.com for allegedly using deceptive e-mails in order to gain new users.

It is alleged that the social-networking service stole the identities of more than 60 million Internet users by sending e-mails to people saying that members of the site had tagged them in photos but the photos did not exist and that Tagged raided their private accounts.

The e-mails that people received appeared to come from their friends via the website as an offer to look at the friends pictures and join in. It is believed that Tagged, would then illegally get access to those new users’ e-mail address books and send out more messages without those users’ knowledge. Tagged will be sued for deceptive e-mail marketing practices and invasion of privacy, the office said.

In a statement by their CEO he said “Simply put, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.”

I received the same emails from friends, people who were “duped”. I spoke to those people and understand it to be true that, it was too easy for people to quickly go through the registration process and unintentionally invited all their contacts.

I don’t believe identities were stolen at any level and that anyone using terms such as “stolen Identity” or “identity theft” are grossly mistaken, but “email harvesting” and a degree of spam and questionable marketing may have occurred.

Here is exactly what happened. A person receives an email saying their friend wants to show them a picture. They have to visit the site, sign in, and register to view it. In that process they are asked for their user name and password from their web based email account to invite more friends to their new account. Many people have done this in Twitter, LinkedIn and Facebook. The lie told is there is no picture to be seen. That’s deceptive marketing, not identity theft.

Criminal hackers have been using the same ruse to get people to log in to a spoofed Facebook account for the past year. Once logged in the user is requested to download a file to watch a video. This download has a virus that allows a full takeover of their account. It almost looks like Tagged took a page out of the criminal hackers book using the same ruse, but without the virus or the spoofed site.

The fact is whenever you register for a social networking site you are asked to plug in your credentials and invite your address book. Doing this is not a bad thing, unless the company you are trusting is a bad corporate citizen. That said; don’t provide any website your log in credentials to your web based email account if you don’t believe them to be 100% legit. Further, when you have web based cloud accounts that contain email and also have proprietary documents or files within that account NEVER GIVE THAT DATA TO ANY COMPANY.

All that said, regardless, you should still protect yourself from real identity theft.

Here is how;
1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.
2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Robert Siciliano Identity Theft Speaker discussing social network is accused of identity theft.

Sarah Palin Victim of Social Media Identity Theft, LaRussa Drops Suit

Robert Siciliano Identity Theft Expert

Since the beginning of the presidential campaign, Sarah Palin has used Twitter and Facebook to communicate with the public. Impostors have taken every opportunity to jack her persona, even hacking into her personal email account.

Now, hackers and impostors are chiming in on Sarah Palin’s resignation. The Twitter profile for ExGovSarahPalin snags and reuses graphics, photos and tweets from Sarah Palin’s “Verified” Twitter acount, AKGovSarahPalin. This fake Palin account is still live as of this writing. In one tweet, a Palin impersonator invited followers to her home for a barbecue. Her security staff was reading these tweets and quickly dispatched security personnel to her home to intercept unwanted visitors.

Twitter has a “parody impersonation policy” that permits impersonation, as long as the parody is clear to readers. It’s puzzling to me that they would allow this, particularly in the case of the fake Sarah Palin account, which is plastered with Governor’s likeness.

Social media is not prepared for this type of use. And Twitter should rethink its policies.

Meanwhile, USA Today reports that St. Louis Cardinals manager Tony LaRussa, who has also fallen victim to social media identity theft and has sued Twitter, claiming damage resulting from “cybersquatting” and misappropriation of his name, has now dropped his lawsuit. One report mentions an out of court settlement that compensates LaRussa for his legal fees and includes a donation to his favorite charity. Twitter co-founder Biz Stone blogged a denial of such a settlement.

Financial identity theft is impossible to prevent 100% of the time, and so is social media identity theft. However, there are ways to lock down your name and protect yourself, or at least to mitigate the potential damage to your name and reputation.

As we spend more time online, meeting people, posting photos and offering glimpses into our personal lives, here are some action steps to keep Social Media Identity Theft at bay:

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
2. Set up a free Google Alerts for your name and get an email every time your name pops up online. Go to iSearch.com by Intelius and search your name and any variations of your name in what would be a screen name.
3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
4. Consider dropping a few bucks on Knowem.com and other sites like them. These online portals go out and register your name at what they consider the top social media sites. Their top is a great start. The user experience is relatively painless. There is still labor involved in setting things up with some of them. And no matter what you do, you will still find it difficult to complete the registration with all the sites. Some of the social media sites just aren’t agreeable. This can save you lots of time, but is only one part of solving the social media identity theft problem.
5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. This is a combination of online reputation management and search engine optimization for your brand: YOU.
6. If you ever stumble upon someone using your likeness in the social media, be very persistent in contacting the site’s administrators. They too have reputations to manage and if they see someone using your photo or likeness they would be smart to delete the stolen profile.
7. Despite all the work you may do to protect yourself, you still need the Intelius Identity Protect service I’m working with and recommend coupled with Internet security software.

Robert Siciliano, identity theft speaker, discusses scams.