Facebook Paving the Way for Identify Theft

IDTheft-ScammedHey will you give me the username and password for you email account, how about your contact manager account? Hopefully your answer to this question would be a resounding NO. Applications like Facebook are asking you to consolidate your contacts from the different applications you use to manage these contacts. Consolidation of these contact lists only make sense, the idea is easy access and interaction with these people.

It is this consolidation that is the chink in your online identity armor. To consolidate these contact managers, these applications need your username and password for access, and typically people willingly hand them over. This is where the problem can begin.

Chris Clark of Deploying Web 2.0 in the Enterprise posts Spreading Fear Uncertainty and Doubt about Web 2.0 technologies that scams are not new to Web 2.0 technologies, scams have just been updated to take advantage of the new Web 2.0 functionality.

In his post How Facebook Makes Identity Theft Easier Dare Obasanjo of Carnage4Life writes

Last month there was a press release published by Sophos, an IT  security company, with the tantalzing [sic] title Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves

The post from Dare with the statistics is a real eye opener. These stats are from information gathered using a fake profile created on Facebook, sending friendship requests to individuals chosen randomly across the globe:

Sophos Facebook ID Probe findings:
  • 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41% of those approached)
  • 72% of respondents divulged one or more email address
  • 84% of respondents listed their full date of birth
  • 87% of respondents provided details about their education or workplace
  • 78% of respondents listed their current address or location
  • 23% of respondents listed their current phone number
  • 26% of respondents provided their instant messaging screenname

Jeff Atwood of Coding Horror writes in his post You’re Probably Storing Passwords Incorrectly, that people are losing the importance of usernames and  passwords when it comes to entering information in Facebook.

The web is nothing if not a maze of user accounts and logins. Almost everywhere you go on the web requires yet another new set of credentials. Unified login seems to elude us at the moment, so the status quo is an explosion of usernames and passwords for every user. As a consequence of all this siloed user identity data, Facebook and most other web apps encourage us to give out our credentials like Halloween candy.

These authors warn of adding username and password to any Facebook app just because it is requested. For Facebook’s to synchronize your contacts from numerous accounts your username and passwords is needed to perform this synchronization. Are you sure the app you are adding is from Facebook, or is it a third party application? Is this app from a verified source?

This is post is to serve as a warning to remind you, when you are entering your username and password for your email account, or contact manager, are you sure you know who you are giving this information to?

Warning – Take care with your username and passwords, no matter what system you are interacting with – Trust but verify.

Technorati Tags: , , , , , , ,

Advertisements

10 Responses to “Facebook Paving the Way for Identify Theft”

  1. fabiolacastillo Says:

    If you want to maintain security over your personal information or that of your customers or friends especially with Outlook, do NOT under any circumstances send or receive mail using MS Outlook.

    The reason for that is that any mail you send out is stored in a sent folder, and if you forget to erase it, the next person who uses the computer and read any personal information you put in that e-mail. This holds true for computers in the corporate setting or in the household.

    I always prefer to use a web based e-mail system so that copies of my e-mail are NOT stored on my computer and I can retrieve e-mails from ANY computer around the world provided that the computer is secure.

    This should help curb identity theft.

    Fabiola Castillo

  2. teeni Says:

    Good tips in this post and also from Fabiola above. I was just asked recently to join Facebook and I have declined so far as I just already belong to so many things I can barely remember all my usernames and passwords as it is. 😉

  3. Thomas Says:

    Fabiola – You bring up an excellent point. Scott Hanselman wrote a great post The Developer’s Quitting Your Job Technology Checklist about the steps one should take when returning a laptop. It is a very thorough post about the steps to take.

    teeni – As I mention in the post I think we sometimes get lulled into a false sense of security because of the application we are using, such as Facebook. Third party developers start taking advantage of this brand recognition and create add ons, that people assume are Facebook apps.

  4. Opal Tribble Says:

    I’m way too paranoid to trust a third party source that I don’t know so I don’t give out the info. I use 1passwd when I log into websites. I’m really glad I purchased that service. There are quite a few services that offer that feature.

    I read your link to Scott’s list I did everything he mentioned on that list for the last two jobs I left.

  5. Opal Tribble Says:

    I should have said there are quite a few services that allow you to install an application if you supply the associated password.

  6. Thomas Says:

    Opal – I see that 1passwd is for Macs, I wonder what type of services they have like that for PCs. I will have to look into this type of service more, it sounds interesting.

    Scott is an excellent technical blogger. I find the content he writes interesting, and that post was helpful and right on target.

  7. Opal Tribble Says:

    Hi Thomas,
    I believe I have a similar application for my HP. My daughter uses that almost every day. I’ll check it out later today and let you know.

  8. Thomas Says:

    Opal – I would definitely be interested to see what application it is that you are using. I would like to know more about these types of applications.

  9. Beware Links in Emails « Thomas - Technical Blogger Says:

    […] As technology becomes more sophisticated, traditional scams become more sophisticated. I wrote about security and Facebook with my post Facebook Paving the Way for Identify Theft. […]

  10. internetiq Says:

    Stupid Password Scam…..I really don’t like FaceBook they are making it way to easy to Screw around with really important information..that can really damage u and your family….If you want to read my blog about it..it is at internetiq.wordpress.com……

    Thanxs,

    Se7en


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: