Jean Chatzky
“This Kansas City native is donating her birthday to charity this year — if you’d like to join me today in giving, email me at [email protected].”
You’ve probably seen messages like this one pop up on Facebook and thought, “What a terrific, generous way to celebrate.” In fact, it’s all-too-generous — a way of giving unwanted information to identity thieves for whom data points like hometowns, birthdays and email addresses are as irresistible as Scooby Snacks. And that goes double if your privacy settings are on “public.”
What’s the risk?
The problem isn’t in the thieves knowing your birthday or hometown itself, but in what having that information can allow them to access elsewhere. “Ninety percent of all cybersecurity threats occurring today are financially related,” says Jerry Irvine, security expert and CIO of Prescient Solutions — meaning the identity thieves’ end goal is accessing your money. Armed with the personal information you share on social media, a thief could visit the website of one of your financial institutions, enter your email address, click “forgot my password” and opt to use security questions to reset it. These are often answers to questions like, “Where were you born?” “What’s your birthday?” or “What’s your mother’s maiden name?” Depending on how much you share on your profiles, answers to these questions could be readily available to hackers.
Using the same strategy, they could access your Facebook account, then send messages to your friends with malware (malicious software) links or attachments. If your friends clicked, the software could auto-download onto their computers to track user activity and collect their usernames, passwords and other information. It’s a frightening idea, but there are some fairly simple steps you can take to keep your information safe.
Tighten up your login settings.
Take a look at the privacy settings for all of your social media accounts — and make it a habit to check on them once a month or more. (It’s possible for updates to reset your settings.) On Facebook, make sure only “friends” — not “friends of friends” — can view your posts. On Twitter and Instagram, turn on the setting that requires your approval for people to follow you and view your profile. It’s a good idea to only approve follower requests from people you know personally. If your account allows you to create a username instead of using an email address to log in, consider doing so. That adds an extra layer of security between you and someone trying to access your account.
Make sure your passwords are strong and unique to each platform — at least eight to 10 characters and including uppercase letters and special characters. You can keep track of them in a password manager (like PasswordWallet or Dashlane.) Finally — and this is vital — turn on multi-factor authentication for both your social media and financial accounts. This can head off hacking attempts by alerting you any time someone tries to access your account from a new browser or reset your password.
Think twice before sharing.
Know that once you share something online, it can always be retrieved — even if you delete the post or your entire account later. That’s why it’s important to ensure everything you post is both safe (no personal data) and appropriate (you’d be okay with anyone in your life seeing it). Keep in mind that 70 percent of employers check candidates’ social media before making a hiring decision — and 54 percent found content that caused them not to hire someone, according to a survey by CareerBuilder. Additionally, avoid sharing straight-on, passport-style photographs of yourself on social media. They make it easier for identity thieves to capture those digital images and use them for fraudulent purposes to pose as you, says Frank Abagnale, CEO of Abagnale and Associates.
Watch out for phishing scams.
Finally, never underestimate the power of a click. Abagnale says 99 percent of malware and ransomware (another type of software attack) comes from clicking the wrong thing online. Every day, identity thieves are getting smarter when it comes to phishing attacks (when hackers pose as someone you trust online and urge you to click on a malicious link or attachment). One example could be an email that looks like it’s from a friend you had lunch with that day, who says she’s sending you a link you might enjoy, says Abagnale — especially if you shared who you were lunching with on social media. Be vigilant with your email account, and if anything seems at all fishy, don’t open the email or click on the link. Instead, call or text the supposed sender to ensure the communication is actually from them.
With Hayden Field
Chris O'Shea
