Print

ITRC Fact Sheet 138
Social Networking and Identity Theft

This fact sheet covers:

What is a Social Networking Site?

Social networking sites are a place for internet users to come together, often in groups sharing common interests. These websites may require a minimum amount of personal information in order to join. Profile pages, telling other users about yourself, are another standard. Once you are granted access to a social networking website, you can begin to socialize. This socialization may include reading the profile pages of other members and possibly even contacting them.

What is Identity Theft?

Identity theft occurs when an imposter gains access to personally identifying information (PII) and uses it for personal gain and exploitation.

How Identity Theft Might Happen through Social Networking Sites

Because you must divulge some level of personal information in order to use and fully benefit from social networking sites, the risk of identity theft exists for people who use them. Below are some of the ways that you might put yourself at risk of identity theft:

Here are some examples of how people may become victims of identity theft through social networking sites:

Example 1: A man receives a message from one of his friends which has a link to a funny video, so he clicks on it. The link does not bring up a video. The friend’s profile had been hacked, and now a form of malicious software is being downloaded onto the man’s computer as a result of him clicking the link. This software is designed to open a way for an identity thief to take personal information from the man’s system. It additionally sends a similar email to everybody he is connected with on his profile, asking them to “view the video.” Downloading free applications and software can be sources of this type of malicious software, too.

Example 2: Someone has hacked a woman’s social networking profile to harass her and sabotage her online reputation. They are posting embarrassing photos and rude comments on her profile. These photos and comments appear to be from her and are directed to her network of contacts, when in fact they are not. Although she has used the highest level of privacy settings, she has shared too much information online with others. Someone used her posted information to fraudulently access her profile. Always remember, that even though your profile may be set to “private,” treat everything you post online as public.

Example 3: Cybercriminals sometimes will create a page that looks just like the introductory page to a social networking site. This page will ask you to re-enter your password. These criminals will get you to this page from a link in an email or private message or public post with a link to a fraudulent site. If you are already logged into a networking site and then asked to log in again, be aware that it is a red flag and it is probably a scam designed to make you divulge a lot of personal information to someone with bad intentions.

HOW TO PROTECT YOURSELF: 

 

This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to This email address is being protected from spambots. You need JavaScript enabled to view it..