Although social media is a great way to keep up with just how many pictures your Aunt Nancy can take of her dog, it’s not a good way to keep your personal information safe. Identity thieves are running rampant on social media websites like Facebook, Twitter, and LinkedIn. According to a 2016 study from Javelin, those with social media accounts are 46% more likely to experience account takeover fraud than those without.
Get educated about how your identity can be stolen through social media so you can safeguard your personal info against identity theft.
How Social Media Identity Theft Happens
Identity thieves who go through social media to get to their targets have plenty of methods to choose from. Here are a few of their main tactics:
- Impersonation. Since it’s so easy to create an account on social media sites, identity thieves impersonating people online is common. They can create accounts in others’ names, then add pictures and personal info they find elsewhere online to make the account seem as real as possible. If they pose as your friend, they can find ways to access your info, as well.
- Public Personal Information. Even seemingly innocuous information about your life can give criminals all they need to steal your identity. A warning you have likely heard before is not to post about your vacations because burglars could see it and know exactly when to rob your home. With identity thieves, you can never be too sure. Even things like your hometown or the name of the high school you graduated from can give them the clues they need to steal your identity.
- Direct Message Phishing. Just like email phishing, direct message phishing involves fake accounts and malicious links. An account (either fake or hacked) will message you with an unfamiliar link. If you click on it, identity-stealing malware might download to your computer. Be suspicious of any unfamiliar links you receive.
- Data Breaches. This is the method of identity theft that you have the least power to prevent. Data breaches happen when a company’s database of customer information is hacked. Social media websites are big targets for these hackers. If they get through, all of the info you have on your profile could make you susceptible to identity theft. Keep up with the news and check on your accounts if there is a data breach. If so, take prompt measures. At a minimum, change your password and check any other social media accounts you may have linked.
Preventing Social Media Identity Theft
There are many ways you can counteract the efforts of identity thieves on social media. Overall, use your common sense. If something doesn’t seem right, it probably isn’t. Here are some specific ways you can protect yourself:
- Increase your privacy settings. On every social media site, there are adjustable privacy settings. You can make your accounts as private as possible in order to conceal your personal info from the public eye. Be aware that this isn’t a watertight method, and you should still be cautious about what you post.
- Create strong passwords. “Password1” is no longer an acceptable choice for your social media accounts – not that it ever was. Your account passwords need to be unique and strong, in addition to not containing any personal info. For example, you shouldn’t set your password to be the digits of your birthday. That’s an easy password to guess, especially if your birth date is public.
- Don’t even think about your SSN. Under no circumstances should you type in your Social Security number on a social media site. If an app asks for it, don’t comply. Think your direct messages might be safe enough to share your SSN? Think again. Direct messages can be hacked or leaked, which was made obvious in recent news. Even if the message comes from someone you know, it may be a fake account.
- Post the least amount of personal info possible. It sounds obvious, but it can be more complicated than you think to decide which information is safe to share. Especially if your social media profiles are public, you need to think carefully before you post.
- Be wary of fake friends. Have you ever gotten a friend request from someone you thought you were already friends with? You may think, “Hm, maybe they got a new account,” and accept the request without giving it a second thought. Turns out, your friend probably never made a new account; someone is impersonating them. Identity thieves create these accounts to gain access to more people’s personal information. If you accept a friend request from one of these spoofed accounts, your privacy settings become useless. Be mindful of which requests you accept.
- Avoid apps that want your account info. Many of those little quizzes you see on Facebook ask for access to some of your profile information before they give you your results. Although you may really want to see which B-list celebrity your profile picture looks like, it’s best to skip out on these apps. You can never be sure what they will do with your profile information.
- Don’t click suspicious links. If you see a strange post or receive a weird message that contains a link, don’t click it. It is likely baiting you into downloading malware.
What to Do If You Are a Victim of Social Media Identity Theft
First, how do you know that you’re a victim? If an identity thief has figured out how to access your Social Security number, credit card number, or other info through your social media account, you can check for signs of identity theft.
If you are worried about impersonation, you can Google your own name or search for your name on social media sites to see if there are other profiles posing as you. You could also find out about an online impersonator if a friend tells you they got a strange message or friend request from an account with your name. Once you are certain you are being impersonated, you can report your identity thief.
In general, you should follow the same procedures you would for other forms of identity theft, including reporting it to the Federal Trade Commission. If that seems like overkill — or not enough — you can also report the problem to the social network itself.
How to report identity theft on Facebook
Here are the current steps to report impersonation on Facebook:
- Go to the Timeline of the impersonator
- Click the “…” button in the upper right and then select Report
- Click Report this account
- Click This person is pretending to be me or someone I know and then complete the on-screen directions
- Finally, click Submit to Facebook for Review
If you don’t have a Facebook account but know someone is impersonating you, use this form to report it.
Facebook routinely changes its layout, so you should always look for the latest instructions on the website itself. Go to http://www.facebook.com/help and click on Report an Issue for guidance.
How to report identity theft on Twitter
Twitter policy allows for “parody, commentary, or fan accounts,” but will remove accounts it agrees portray another person in a “confusing or deceptive manner.” To report an account:
- Go to the impersonation form. You don’t need to be logged in
- Select I am being impersonated
- Select A user is pretending to be me or someone I know
- Specify whether you are the user or an authorized representative of the victim. They will turn you away if you select the friend/fan option
- Provide information including your name, email, username, and a description of the problem including the offending account
- Click Submit
How to report identity theft on LinkedIn
LinkedIn does not have a specialized channel for reporting impersonation accounts. To report an account:
- LinkedIn asks that you first make sure the account is not a duplicate you accidentally created with an alternate email address, since this is a common problem. Use this FAQ to check and, if so, get help merging your contacts into one profile.
- If you are sure the account was not created by you, log in and click Get Help under Account & Settings in the upper right. The icon is your profile picture.
- Click on Help Forum in the navigation menu up top.
- Click on Contact Us in the navigation menu. (You have to pretend to look for help before the site will let you click there.)
- Fill out the form, using the issue type Privacy/Abuse and a subject line such as “Report Fake Profile.” Describe the situation and provide a link to the offending profile, then click Continue.
- A box will pop up to steer you back toward possible answers. Confirm your message by clicking Submit.
Safeguarding your information on social networks
In addition to the potential for thieves to impersonate you, there are other ways social networks can provide them with your personal information. Follow these tips to minimize your risk:
- Avoid posting photos of financial information or mail.
- Learn and understand your privacy settings at the account level and with each individual post you make to avoid oversharing. Understand the privacy impact of accepting a friend or follow request.
- Be skeptical of links to unfamiliar websites, especially ones that promise shocking video, photos, or gossip. They may be designed to hijack control of your account and information, and trick your friends into doing the same.
- If you log into social media on a computer other than your own, remember to log off before leaving. Avoid checking the box to remember your username or password.