Our investigation into ID theft saw information from social media sites used to obtain a credit card under false pretenses. Ken helped us mine the user profiles – here are his tips for preserving your privacy online.
Social media sites make it easy to update friends and family on what’s happening in our lives. But that same information could be used against you. User profiles typically document names, birthdays, hobbies, family members, when and where you went on holiday, and where you live and work.
This presents a mine of information to hackers that could be used to impersonate you, running up debts in your name, hacking your bank account or destroying your online life.
So here are my easy-to-do tips, so you can stay secure on social media:
1. Activate privacy settings
Double check that your profiles are private, so that you have control over who can see your information. Social media networks have improved their privacy settings but these are often opt-in. You can manually adjust your settings on your profile page, restricting who can see your posts, photos and user profile, and it’s even possible to restrict the visibility of past posts.
Bear in mind that social networks often make money from your data, so they don’t always make securing your profile that easy. It’s not just Facebook, LinkedIn and others – don’t forget older social networks – they might be out of fashion, but your data may still be on them.
2. Be choosy
Go through your friends list and make sure you personally know all of them. Avoid tagging people in photos to help protect others’ identities. Be suspicious of friend requests from people you don’t know, even if they say they know family or friends or met you in a location you know. You could look at creating a separate work and personal profile.
3. Be selective when posting
Think about what information you are sharing. An innocent birthday photo could tell hackers when your birthday is, even if you have obscured this information in your profile. Think about whether posts divulge a place or event (such as your front door in the background of a photo) and deactivate geolocation settings. If you’re far from home, an attacker might just decide it’s an opportune moment for a burglary.
4. Maintain your machine
Use and update anti-virus or security software for both fixed and mobile devices. Protect access to your mobile and tablet by setting up a PIN. Otherwise, if your device is lost or stolen, your social media account could easily be hijacked and the attacker can masquerade as you, potentially compromising not just you but also your friends and family.
5. Think physical as well as virtual
Ensure you are on the edited version of the electoral roll to prevent hackers from obtaining your home address. Shred or burn physical documentation to avoid personal details being stolen from your bins – many organisations ask for a utility bill as proof of address
Has your social media profile ever been compromised? Have you ever suffered from ID theft? Do you have any further advice to share?
Which? Conversation provides guest spots to external contributors. This is from Ken Munro, a senior partner at Pen Test Partners, the ethical hackers who helped us in our investigation. All opinions expressed here are Ken’s own, not those of Which?.