The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Everybody knows there are certain things you can’t share on the Internet without the risk of serious consequences — photos of yourself in compromising positions, intimate details of your travel plans, or what you really think of your boss, for instance. But there are other morsels of information we share with regularity and without considering the consequences to our own detriment, as one of ZDNET writer Zach Whittaker’s colleagues found out recently after granting Whittaker permission to try and hack him.
What Whittaker found was that, with just a series of Google searches, a dash of Twitter data mining and some social media information, his colleague’s financial accounts could rather easily be compromised by somebody with an axe to grind.
So what should you stop doing online in order to better protect your identity offline?
Facebook, Instagram and Twitter all allow users the option to reveal (or redact) location data on posts — but sometimes the listed location is as specific as your exact address, not just the city. Given how much of social media is publicly available, it doesn’t require a great deal of effort for someone to match your Tweets or Instagram pictures from home with the address you call home, and your address is often one piece of data financial companies use to verify your identity.
You’d think this was obvious, but some people just can’t help sharing their excitement over a new driver’s license or credit card or even an old bill they’ve finally paid off. But in addition to revealing your name, account number and address to would-be identity thieves, you’re also providing easy access to information that someone could use to socially engineer their way into your accounts and disrupt your life.
Sites like Airbnb and Lyft encourage people to make money off their existing physical assets — cars, extra rooms or conveniently-located bathrooms. But they can also engender a false sense of security about having strangers around your stuff — like mail, car registration or insurance documents, financial data or even medical information (like your prescriptions in your medicine cabinet). If you’re going to invite strangers in, make sure you also lock them out of any information they could use to target you for identity theft — even if that means securely storing your important information or receiving your mail off-site.
In addition to letting burglars know you’re not home, checking in on Facebook or Foursquare lets identity thieves know where you are, where you’ve been (like a bank) or where you will be (like your regular gym). Any of that information could give them another source for potential data points to later use to access your financial accounts.
While birthday wishes from far-and-wide can make your special day even more special, it is one of those obvious data points that financial institutions use to authenticate you. From Facebook to dating sites, we often disclose at least the month and day of our birthdays (if not the year). Unfortunately, in concert with online resumes or a LinkedIn profile that shows our graduation dates, it’s pretty easy to figure out one’s entire birthday — let alone their hometown, home address, or the name of their high school, which are also common challenge questions for financial institutions. If you can’t contain your desperate need to leave it offline for whatever reason, make sure you don’t use it as your password or PIN to another account.
The amount that we share online makes us more likely to feel like sharing widely is a normal thing, online and off. But the ease with which we publicize seemingly harmless bits of personal information online and off is often what scam artists rely upon when they go phishing, like in the new Netflix user phishing scam, or when they try to convince a customer service person that they are us. You don’t have to make it any easier than it is, and you can make it a lot harder without going dark – just be smart about what you let into the light.
Image: William Perugini
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams