Social media platforms are all the rage. Everyone from corporate entities, major league sports teams, political parties, even your third grade teacher may have accounts of some form now. They’re a useful tool for everything from catching up with old or out of town friends to sharing information about a company’s products or brand. Unfortunately, there are a wide variety of platforms and they function in an equally wide variety of ways. If you don’t know what you’re doing, you can accidentally open yourself up to headaches.

As more novices take to social media, identity thieves have found easy ways to take advantage of these people’s lack of experience or understanding. Users can open themselves up to troublesome behaviors like account hacking or inadvertent sharing of malicious information. Some of the behaviors can even result in your computer being damaged or destroyed by a virus after clicking on an inappropriate link.

Typically, someone who hacks an average person’s Twitter account is not doing it to attack the individual, but is trying to gain access to the account holder’s contacts or friends list. This includes actively hacking into the account in order to send out mass tweets with a link or a ridiculous product sales pitch. From time to time you might even see these tweets happening to friends who come across your Twitter feed, and it can leave you scratching your head in wonder.

However, individuals can be targeted by hackers and it can have serious consequences.

Last December, Justine Sacco, an executive with a high-profile publicity firm, was headed home for the holidays. She sent out a horribly racist tweet in an attempt to be funny, just as the doors closed on her plane. Without access to wifi on her seventeen hour flight, she had no idea that her tweet had gone viral and that Twitter users angrily demanded action. When she landed, she was shocked to see an angry mob waiting for her in the airport, and had only been off the plane for literally a few minutes when her boss called to tell her she was fired.

In Sacco’s case, she actually engaged in the offensive online behavior, but a number of celebrities have said their accounts had been hacked after an incident like hers. Whether true or not, the damage to their reputations has lasting effects. Even every day social media users have found themselves victims of account hacking that leads to unbelievable tweets or posts on their behalf and the consequences, as Sacco demonstrated, can be severe.

If you’re account has been hacked, Twitter offers you some guidelines on preventing future problems. The first step is to change your password, but remember to look for the email with confirmation of your change. If the situation is more serious than that, you can contact Twitter support for help.

As in many cases of identity theft, prevention will go a long way. Make sure you spend some time each week looking back through your own tweets to make sure that no offensive remarks have been sent out under your name. Be sure to delete any of these tweets so that they don’t pop up when an employer decides to check you out online.

More important, though, is maintaining a spotless record of good behavior online; whether it’s sharing an offensive joke, rampant use of profanity, or engaging in “troll”-like behaviors that amount to bullying, your genuine social media traffic can make you look more guilty if a thief hacks your account. It will be easier to convince your boss that you were hacked when he calls you into his office if the rest of your Twitter activity doesn’t border on offensive.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Internet scams have become so commonplace in society that they’ve actually become a joke, a meme all their own. Popular television shows, movies, and even children’s programming have had light-hearted references to strange emails from deposed royalty, asking for help in moving some money out of the country in exchange for a cut of the proceeds.

Some of the scams are seemingly harmless, such as ones that circulate on social media that tell you a child will have his bone marrow transplant paid for by AT&T if only he can get one million people to click Like and share it. Those scams, while not directly impacting users’ bank accounts, do help wouldbe hackers access the unsuspecting do-gooders’ contact lists. But more and more sophisticated scams have come up as words of warning spread among online community members. In order to keep yourself safe, there are a few things to remember.

First, you are never going to receive money that you knew nothing about. Whether it’s promises from that aforementioned Nigerian prince, an email stating that a relative has left you money, or notice that you’ve won a lottery or been awarded a grant, it simply does not happen that way. If you had actually inherited money, you wouldn’t find out in a grammatically atrocious email.

More importantly, people who need your private information in order to process a transaction should already have it. These scams—called “phishing” in reference to their attempts to get you to take the bait—work by getting you to click an included link and provide sensitive identifying information to the hackers. It would be the same thing as walking up to a would-be burglar and offering him the keys to your home and a list of dates when you’ll be out of town. If an email that appears to come from your credit card company or online banking service asks you for information that they should already have, delete it immediately. If you are concerned that there actually might be something wrong with your account, simply call the number on the back of your card and speak to customer service about it, but do not handle it via email.

Keep in mind that a new type of threatening scam is circulating. In those cases, the caller or email alleges that there are charges being held against you. The contacting party threatens you with everything from being sent over to a collection agent, all the way to actually having you deported for failure to pay some tax or fine. It doesn’t work that way. If you’re being sent to a collections department, good! There will be an investigation into the financial situation and the matter can be resolved. Of course, the scammer doesn’t actually plan to turn you over to collections, and is hoping the very threat of something so ominous sounding will be enough to get you to turn over your financial information. Don’t get me started on the fact that the IRS does not have its own police force or the jurisdiction to have you picked up for failure to pay a tax you’ve never heard of. It’s not usually step one in these situations!

If it’s too good to be true, it is. Promises of work-from-home opportunities, easy money if you just act now, and similar scams have already swindled far too many people. These scams are banking on the hope that you don’t know that much about online business and the internet. Remember this: if you wouldn’t fall for it in person, don’t fall for it online. If someone approached you on the sidewalk and offered you the chance to make easy money, you’d laugh as you walked away. Treat so-called online opportunities with the same scrutiny.

In order to protect yourself, follow up on news of scams from sites like the Federal Trade Commissions’ scam alert reports (Consumer.FTC.gov/scam-alerts). This site updates consumers about new scams that have begun to circulate.

The most important thing you can do is report a scam if you fall victim to it. Too often, consumers feel silly for being easy prey and therefore don’t want to take action, but the only way your state’s Attorney General can work to put a stop to a scam—or even inform the public about it—is if you’ve reported it. In cases where you don’t fall for that email promising you half of the man’s ten billion dollar empire if you just help him get the money out of the country, pressing “Report as Spam” in your email inbox will also alert your email service provider, and they can take action as well.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Every once in a while, news comes out about a scary new internet virus or a widespread hacking that attacks a lot of important, high profile computers. It makes us all take a little closer look at our own computer accounts and our online behaviors. A new bug, called Heartbleed, has been two years in the making, having been identified as a flaw in OpenSSL, the security standard that most websites use to protect information. Unfortunately, Heartbleed stands to do some serious harm to our online environment.

Basically, connected computers or servers work by sending each other tiny packets of information, just to see if the other computer is still communicating. It’s kind of like testing the swimming pool with your big toe before jumping in. These packets, called heartbeats, are supposed to just ask for a response.But due to an error in the OpenSSL program, computers have begun sending back private information stored in their hard drives instead of that response.To put it mildly, this is a really bad development. Computers store all kinds of information, like user names, passwords, credit card numbers, and more. Even worse, Heartbleed has made it even easier for hackers to steal encryption keys.

Before you think that this won’t affect you because you don’t put private information on your home computer, please remember that Heartbleed is affecting web servers, those large electronic boxes that make it possible for a lot of computers to talk to each other. Your bank and credit card companies have servers, your doctor’s office probably has one, even your child’s school has one. If any of those places have any of your information, then you’re at risk.

The most important thing you can do—within reason—is to assume that your accounts have already been compromised. This programming error is two years old but has only just been discovered. Treat this situation as though you just got confirmation that your passwords to all of your accounts just got shared on the internet. Over the next few days as companies roll out software updates, be prepared to change your passwords, especially on sensitive accounts. Changing them right now might not help you since those bug fixes have to be put in place before your accounts will be secure again.

For the next several weeks, be aware of the bug and its possible effects on your content. Look over your sent email file, check your bank accounts and credit card statements securely and routinely, and make sure that if your computer wants to install an update that you don’t ignore it.

The problem with the OpenSSL programming has already been over the last few days (when the bug was first discovered), so now all that remains is for companies to release their updates to it and for you to download any updates from your service providers, operating system (like Windows), or accounts. For those of you who were planning to file your taxes online, the IRS has issued a statement that it was not affected by Heartbleed and that it is safe to go ahead and file. Other companies, like Yahoo, have said they were affected by the bug but that they have already repaired the problem.

When you do change your account passwords, remember to keep your passwords safe and protected, and share the news with other computer-savvy individuals who may not know what steps to take.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Is your computer audio-enabled? That might be enough to get it hacked, according to recent findings from German researchers with the Fraunhofer Institute for Communication, Information Processing, and Ergonomics. As revealed in a paper for the Journal of Communications, the researchers successfully hacked computers using nothing but sound.

Before you start worrying about your own machine, take a second to pity anyone you know in the computer security industry. The most secure computers in the world are completely isolated from other machines — protected by “air gaps,” with no Internet connection, no shared phone lines, nothing. Conventional wisdom goes that such computers are impossible to hack unless the hacker has direct, physical access to the machine. Or at least that was the conventional wisdom prior to the German discovery.

The Fraunhofer researchers started researching audio hacks after considering how malicious hackers might break into these highly secure systems and computers. In their paper’s introduction, they note that hackers of the past often used “parts of the operating system that were not considered for communication” to insert malicious data into otherwise highly secure systems.

The researchers adopted the mindset of a hacker when designing a sound-only hack for stealing data from deliberately isolated computers. Audible noises could in theory be used to pass data between such computers and the “hacker” computer, but the researchers, wishing to remain as inconspicuous as hackers, instead chose to use sounds at a frequency inaudible to human ears (similar to the noise made by dog whistles).

Building upon preexisting technology used to transmit data under water by sound waves, the researchers were able to use the microphone and speakers in an unmodified Lenovo T400 personal computer to transmit small amounts of information — keystrokes in the test case, though the hack could also transmit encryption keys, small text files and even passwords — from an isolated computer to a compromised one.

The researchers also tested the range of audio hack, and found that on unmodified computers, the method worked for distances up to 65 feet — a range which can be expanded almost indefinitely with use of special “mesh networks,” which can wirelessly transmit audio long distances.

The conclusion? According to the study, “acoustical networking as a covert communication technology is a considerable threat to computer security.” For high-security computers that require audio, the researchers suggest sound-filtering as a way to block covert acoustical attacks. For everyone else, simply disable your machine’s audio.

“Your Computer Could Be Hacked Using Only Sound, Study Says” is a guest post written by Betsy Issacson.  Betsy is a technology writer for The Huffington Post and a graduate of Harvard University. This article was originally posted on The Huffington Post  and was republished with the writer’s permission.

There’s been a lot of attention paid to Facebook and possible links to identity theft over the past year.  Facebook now claims a Billion (with a B) users worldwide and users share information about their lives to a greater or lesser degree, based on what they post on Facebook.

 Each user also may have a varied understanding of Facebook privacy settings and how they may affect the distribution of our information.  Something to consider: where else can identity thieves go to potentially gain access to 1 billion user identities?  What this means to criminals is that any effort they expend to exploit Facebook users can then be used successfully many, many times.  Facebook is a big target, and worth the effort.

First, please understand for your own benefit, that hacking a Facebook account is a crime.  California Penal Code 530.5 makes it a potential crime to unlawfully access person’s account to produce changes to the account, including profiles, comments, and other information posted by the owner.  This law also makes it a crime to obtain personal identifying information of a person and then use that information to obtain services, property, or another benefit (identity theft).  Many other states have similar statutes.  So, changing your friend’s Facebook profile because you happened to become privy to the password may have consequences far more costly than expected.  Keep in mind that your access and modification of a profile is potentially a criminal offense.  So, both access/modification and use of information found on a Facebook profile not belonging to you may result in criminal charges against you.

So how can identity thieves attack you through Facebook? Here are some examples:

  • Realize that each person you “friend” now obtains access to significant information about you, as well as ability to interact with you in a manner that may make exploits against you possible.  Just because they are a “friend of a friend” does not mean that person is somehow legitimate to be your friend.
  • Malware injection is that procedure where a “friend” in some way convinces you to click a link or run a program that installs malware on your computer.  Your computer and possibly your FB account can now be partially controlled by external users, and they will use this control to send spam, advertise illicit products, or otherwise, interact with your friend’s list.
  • Linkjacking is a Facebook threat where the account is hijacked in a manner that allows the thief to “message” other users with viruses, ads, links, etc.
  • Social Engineering is common on social networking sites and a common outgrowth of the spread of your personal information.  It is human nature to be more likely to respond to an email when the sender includes information that shows they know a lot about you.  A phishing email sent to you that gets you to respond, and compromise your security, is much more convincing when it appears that the sender knows you in some way.
  • Account Access is when criminals obtain access to Facebook accounts using brute force tools to guess the password, or using compromised credentials.  Regardless of how it’s done, the criminal now has access to your friend’s list, and an authentic cyber identity that can be used for cons, scams, and other exploits, all based on the fact that the targets would not expect that of you.
  • Cloning – It is often far too easy to collect images and other information from your Facebook user profile in order to create a new Facebook account that is similar in many ways to your current account.  Then all those appearing on your friend’s list are sent a new invitation from the clone account, and some of those will reply, due to the familiarity of the images and information.  They are then open to use by the criminal.

The list above is not intended to be all-inclusive, rather it is to show that criminals do want your information, and will use it in many ways you probably have not thought of.  It is important to protect your user credentials, limit your friends to those you really do know, and be suspicious of links, games, and other enticements which may be linked to security problems.  Clicking that link to the Free Grand Prize might be an expensive trip.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

Snapchat is an app that helps users connect by allowing them to send pictures which will quickly disappear after sending.  However, on New Year’s Day, they shared a lot more than they wanted to when their databases were hacked and information of 4.6 million users was leaked.

This information included the phone number of these users, which in itself would be difficult to use for identity theft.  However, any security breach needs to be looked at carefully because it means that there are flaws in the in the security of the breached entities.  In addition, criminals could use social engineering scams coupled with this personal information, to commit identity theft.

This is not an isolated incident.  Recent reports cite that 100% of top 100 paid android apps have been hacked.  For consumers that believe this issue doesn’t pertain to them because they have an iPhone, be aware that 56% of the Apple iOS top 100 paid apps have been hacked.  This issue merits attention from all app users because according to these statics , there is a 78% chance of app users having an interaction with an app that has been hacked.

The case with Snapchat is interesting for a few reasons.  One is that the hackers admitted to the hack immediately and stated that they had only performed the task to force Snapchat to fix the security flaw that they had pointed out to the company previously.  Second is that initially the company did not apologize for the breach, but instead chose to explain to consumers how it happened.  I think most people, who like me do not have a degree in Information Security, would be more concerned with preventing future breaches, rather than with how it happened.

That being said, the company did finally come out a week after the security breach and apologize for it.  In that communication Snapchat also stated they had new security measures to in place to prevent future security lapses.   Users can now also opt-out of having their phone number linked to their account. Giving your phone number to the application to use was always optional, but, like many applications, providing your phone number helped users connect with people in their phone book.  This is yet another example of convenience vs security.  It is very convenient to be able to find your friend on an application by handing over personal information, but your security is then at risk because you no longer have complete control over how your information is protected.

In the end, there is a lesson to be learned from the Snapchat hack which is that consumers need to understand the risks of mobile apps before agreeing to use them.  The best way to avoid such problems is to read and understand the permissions required for use , and that  that any information you provide to them is absolutely necessary for the application to work.  Otherwise you’ve given over control of your information.

“Why You Should Care About the Snapchat Hack” was written by Nikki Junker.  Nikki is the Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

Security analysts have been warning us for a while now that malware is an issue of concern on the Android Smartphone platform.  The operating system from Google is the most popular operating system in todays’ smartphones.

Hackers can do more than just spam your contact list with free offers for pharmaceuticals or deals on your next vacation.  They can gain access to months of your personal life history or in extreme cases even potentially turn your phone into a spying tool, by remotely taking over your phones microphone or camera to capture data without your knowledge.  Don’t underestimate the appeal for smartphone hackers.  There are 1.4 billion smartphones traveling around in our purses and pockets and most consumers still think of them primarily as phones, rather than a treasure trove of their personal information.

While many people spend more time worrying about the loss or theft of a wallet or purse, it’s important for consumers to realize that these days there is far more personal information to be harvested from a Smartphone than from a wallet.  A hacker with access to a phone and a password essentially gains access to everything you’ve done and have stored in that device.   Every call you’ve made, every text message or email you’ve sent, potentially even those messages you’ve already deleted are all now potentially at the hands of a criminal.  Cell phone hacking will continue to be appealing until people start recognizing the very personal nature and value that our smartphones carry and to take steps to mitigate their risk accordingly.

The first and simplest step to protecting yourself is to establish a password or code to access your phone.  Even a 4 digit code is better than nothing, but for added protection a longer password (8-10 digits) is recommended. Secondly, never allow your phone to auto-connect to WiFi or blue tooth. Connecting to free WiFi is a quick and easy method for a hacker to gain access to your phone.  If you use your Bluetooth or hands free device in your car, be sure to turn it off when you’re done using it because hackers will look to tap into your phone that way as well.

If you suspect that someone has gained access to your phone or accounts, the best option is to select a “factory data reset.”  It’s also a good idea to install a wiping program on your phone so you can erase stored personal data in the event that your device is lost or stolen.  Additionally, Android phones can be outfitted with an app that tracks the location of your phone when activated remotely (in the event of a theft or loss). Just be certain that the app you install is legitimate.   Taking proper precautions while using your Android will go a long way to mitigating your risk of being victimized. For additional questions or concerns regarding smart phone safety, contact the ITRC toll-free at (888) 400-5530 or visit online at www.idtheftcenter.org.

“Cell Phone Hacking – Android Platform” was written by Matt Davis.  Matt is Director of Business Alliances at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

Being that I handle all of the ITRC’s social media, I come across scams all the time.  Usually they are pretty obvious and fit into a category which I have pointed out before.  However, this morning I came across something that made me shake my head with amazement.

Cyber criminals have gotten so sophisticated and ahead of the curve that they almost wrangled me into a phishing attack. Now I’m not saying that only dummies fall for phishing attacks.  It is quite the opposite actually and I have spoken with many very intelligent people who have fallen for a phishing scam. However, I literally wrote about phishing scams on Twitter two weeks ago.  I post about it on a daily basis on our social sites to warn others.  I really thought I would have an eye for every Twitter scam out there. I was wrong.

Unless you have been in non-Internet land, you know that Target recently had a data breach which compromised 40 million accounts.  Here at the ITRC our call center went crazy with people who knew that they had shopped at Target during the time stated in the breach announcement and wanted to know how to protect themselves.  People were frightened and confused. This made for a population which would be vulnerable to phishing scams.  We warned people about this and told them to be careful with any emails they received from “Target”. Okay, so we covered the phishing angle of the attack backlash, moving on, right? Not so fast there chief.

The attacks grew and moved to social media which brings me to the part of the story which made me shout a little Touche’ at the cyber criminals preying on victims of the Target Breach.  I received this tweet directed at the ITRC:

The tweet came from a seemingly concerned citizen who had seen our efforts to help the victims of the Target breach.  I almost retweeted it. I mean, it seemed so custom made for us; our subject, directed at our handle and something we would really want to share with our followers. That is if this list actually existed. I then went to look at the profile of the person who tweeted it and found it odd that this tweet was the first thing that had been posted in English (all preceding were in Spanish) and that the same tweet had been sent out every hour to other people covering the breach. I did a preview of the link and saw that it was going to redirect me to a site that told me I had to log back in to Twitter.

That was the key, I knew it was a phishing scam and had I clicked on the link and entered my login information then the ITRC’s Twitter account would have been hacked. Now that would have been very embarrassing. I tweeted at the profile owner that her account had been hacked and that she needed to change her password.  I then posted the alert on all of our social networks in hopes that no one would become a victim to this rather intricate phishing attack.  I have not heard back from the account owner and I hope she is able to reclaim her account. As it is, this stands as just one more example of why we need to stay on our toes when dealing with tricky cybercriminals.

“Phishing for Targets” was written by Nikki Junker.  Nikki is the Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

A significant amount of attention has been focused recently on the Adobe data breach incident involving millions of passwords, user names, and in some cases, customer credit card records.

The terms “encrypted”, “salted” and “hashed” have been bandied about by the media when explaining what Adobe did or didn’t do in regard to password storage and protection.  To truly understand and determine the potential risk for harm, one needs to understand these terms.

According to TechTerms.com, encryption is the coding or scrambling of information so that it can only be decoded and read by someone who has the correct decoding key. Encryption is often used on secure Web sites as well as other mediums of data transfer. Think cryptograms for example:  Take my name Karen and swap the letters out based on a backward alphabet.  Karen then becomes “pzivm”.  In the world of global hacking attacks, simple encryption is no longer accepted as an industry best practice for storing passwords.  This was clearly made evident in this Adobe breach…

Today, more stringent efforts need to be implemented to protect stored user names and passwords.  That is where “salting” and “hashing” come into play. According to one expert (Joe Siegrist, LastPass), salting means adding a secret code to every password after it is scrambled (encrypted) and before it is stored in the database.  Utilizing this process, multiple salted versions of the same password never look the same.   Unfortunately, an analysis of the encrypted passwords exposed in the Adobe breach revealed quite clearly the top 50 passwords used by Adobe users.

The next step in the process is “hashing”.  According to one source, password hashing is one of the most basic security considerations that must be made when designing any application that accepts passwords from users. Without hashing, any passwords that are stored in an application’s database can be stolen if the database is compromised.

In many cases, the best practice for storing passwords and users name is to take the encrypted password, add salted random data, and then apply additional algorithms to further mask the user names and passwords. The end result from this process yields a much more secure password.

It should be noted here, however, that some entities “hash” before they “salt”.  Unfortunately, this practice yields the same end result for anyone with the same password (i.e. 12345678 or password).  This is frequently made clear to us when analysts are able to “decipher” passwords which have gone through this hashing before salting process.  As such, only by salting this data first would you then arrive at a unique “password” for each individual. 

Adam Levin, Chairman and Co-Founder of Credit.com and Identity Theft 911, recommends to victims of this breach to, “be really careful with what files you open right now, with what links you click and even with what emails you read….Also, change your passwords –right now. Don’t use the same password for different accounts, especially for your financial and email accounts.”

Social media is all about sharing. We post updates about how our day is going, share what our children are doing, show off pictures from family vacations, and even take pride in the cuteness of our pets.

There’s a feeling of community in social media, and that community continues to grow every day. In fact, Facebook adds more than 250,000 new users to its network daily, which makes it the fastest growing social networking website in the world today. But all of this sharing opens the door to the possibility of malice, as well as fun.

Sharing your information comes with risks. A really good hacker can skim a website like Facebook and extract information like your name, email address, location and even phone number simply viewing your profile. If your information is public, a hacker can access it with ease. Think you’re not at risk? Take a look at this simulation for a realistic look at the information someone can gather about you by hacking into your Facebook account: http://protectyourprofile.org

In social media, it’s more important than ever to take personal responsibility for the privacy settings you choose. Although each social media company has a privacy policy, it’s ultimately up to individual users to take precautions that keep your identity safe.

“Protecting yourself from online identity theft goes beyond awareness of making sure a site is secure before making a transaction or steering clear of strange requests in email,” says David Anderson, identity theft expert and director of product at global insurance company Protect Your Bubble.com. “It’s up to individuals to take commonsense precautions like restricting sensitive data on social sites.” He has several tips for keeping your personal information safe online.

Top 5 Ways to Proactively Prevent Your Data From Being Accessed:

Update your privacy settings on social media. Many privacy settings are set to share rather than hide your personal information by default. Take the initiative to update your settings and choose what you share and with whom. Also, pay attention to notices from social media channels saying privacy settings have been updated. When these notifications come through, take a quick peek at your account and make sure your profile is set up appropriately. Never include personal contact information, addresses or especially your bank account details in your social media profiles.

Create strong passwords: Make sure you choose passwords that are hard to guess. Never use the name of your favorite sports team, children or pets for passwords, and don’t use family birthdays or anniversaries as PINs for bank accounts.  Hackers can find this personal information on social sites like Facebook and use programs to guess your passwords. A combination of letters, numbers and symbols unrelated to your personal life is best.

Disable location-based services on your phone. According to the 2013 Javelin Strategy & Research Identity Fraud Report, smartphone owners have a 33% higher rate of ID fraud than that of the general public. If you auto upload a photo to social media from your phone with location services turned on, you just posted your whereabouts. Hackers can use that information to monitor your travel habits.  Think twice before allowing third parties access to the location services on your device.

Be careful about the apps you use. If you use apps to manage online banking or financial accounts, make sure the app is from a trusted source. Scammers are adept at creating official looking apps to collect data and use it maliciously or sell it on the black market. Double-check the source of your app before downloading.

Monitor children’s profiles. Kids that have grown up in the world of social media have no inhibitions about sharing their lives with the world. From announcing their activities to keeping their profile public and posting personal and sensitive data, they open themselves up to becoming victims of identity theft. Even worse, it often takes years to find out a child’s identity has been stolen because they don’t apply for credit and don’t have as much activity around their bank account.  Hackers know this and target children for this reason. By the time a compromise becomes apparent, a child’s credit may be ruined. Check your child’s credit at least once a year to make sure nothing funny is going on.

According to the National Cyber Security Alliance, no business, or government entity is solely responsible for securing the Internet. We all have to work toward foiling thieves by becoming aware of the ways personal information can be compromised in social media. Please take steps to protect yourself and share this information with others to help fight against identity theft.

“Protect Yourself Against Identity Theft in Social Media” was written by Stephen Ebbett. Stephen is the President of Protect your Bubble for Europe and North America. He often speaks and writes about the risk of identity theft.