Robert Siciliano Identity Theft Expert

For the past year I’ve been screaming about the trouble with social media as it related to identity theft, brand hijacking, privacy issues and criminals using the “know-like-trust” aspect of “friending” someone and using that against you to phish. I predicted long ago that the problem will get a lot worse before it gets better and there’s no question about it, criminal hackers have taken hold and are in full force.

Daily we are hearing about a new Twitter phish whether it’s via direct messaging or a masked short URL. My spam folder is filled with emails coming from Facebook phishers alerting me to a request for new login credentials or a friend who’s sending me a “funny” video that’s actually a virus.

Not to long ago it was big news when someone had their Facebook account jacked and someone would login as you saying they were in the UK and lost their wallet and needed you or one of your 250 friends to wire money so they could get home. Now I’m seeing a new story weekly from another major network doing a story on another victim.

Last numbers I’ve seen in regards to Facebook users is topping (approximate) 400 million users and over 50 millions users for Twitter. These numbers are jumping exponentially every month and old users are still being victimized and new users and none the wiser.

James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance Inc. says “Social media cybersquatting is where domain name cybersquatting was 10 years ago”.

Scammers aren’t just stealing identities or squatting to wreak havoc, spread malware or to open new accounts as in the traditional forms of identity theft, they are brand jacking in ways that are hurting companies bottom lines. While many may not have sympathy for the bottoms lines of billion dollar corporations, this is also hurting the little guy too. Knock off software, hardware, merchandise, movies and more, ultimately costs legitimate taxpayers jobs and hurts the economy when the money is heading to criminal hackers somewhere in the world.

Liz Miller, vice president of the Chief Marketing Officer (CMO) Council and as quoted in this Computerworld article says “Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy,”

MarkMonitor, a company that tracks online threats for its clients, determined phishing attacks on social networking sites increased by 164% over the past year. And in a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names. These are all stats that undeniably point to organized crime syndicates.

  1. Register names of your spouse and kids and yours on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday. You can do this manually or by using a very cost effective service called
  2. Register all your officers, company names and branded products on every social media site you can find to prevent twittersquatting and cybersquatting.
  3. Get free alerts. Set up a free Google Alerts for your name and get an email every time your name pops up online. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
  4. Implement policies: Social media is a great platform for connecting with existing and potential clients. However without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do to.
  5. Encourage URL decoding: Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
  6. Limit social networks: In my own research I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.
  7. Train IT personnel: Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
  8. Maintain updated security: Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  9. Lock down settings: Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
  10. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

Be Sociable, Share!