Fake Social Network Profiles: a New Form of Identity Theft in 2009
Forget credit cards and social security numbers, a new lot of identity thieves will soon come after your web profiles, or says security firm Aladdin in their Annual Threat Report. According to the firm, if you don't own and control your online persona, it's relatively easy for a criminal to aggregate the known public information about you in order to create a fake one.
Those Without Social Network Profiles Could Have Online Identities Stolen
This new type of identity theft was listed among other predictions for 2009 in the firm's annual report and was based on previous trends which included a rise in attacks distributed through social networking channels. For example, in 2008, we saw worm writers (like those behind Koobface) taking advantage of the growing popularity of social networks as a means of distributing their worms. As these sites continue to grow, the potential for criminal activity surrounding them will grow as well.
According to Ian Amit, director of research at Aladdin's Attack Intelligence Research Center, the potential damage for this new type of identity theft will be "devastating, both on the personal level by creating difficulties in employment, ruining social and professional connections, damaging reputations; as well as on a financial level, such as stealing customers, corporate data,"
To test their prediction, his team was able to set up fake online identities which ended up connecting to the real network of friends and acquaintances easily.
What started as a benign "fun" way to socialize, grew into a professional way to maintain one's network and make new connections, the report notes. Unfortunately, this new type of identity theft, being dubbed "identity hijacking," will become more of an issue in 2009 unless social networking sites come up with better, more trustworthy ways of connecting an online persona to a real person.
Fake Identities Already an Issue
We've already seen some high-profile examples of people creating fake online personas over the past year, the most notable case being that involving Lori Drew and MySpace. In this instance, a mother created a fake online identity to bully her daughter's rival. Now, imagine how much worse things could get if, instead of using fake identities, the person or persons involved in criminal activity were doing so while impersonating you.
The security firm warns that the best method to keep yourself safe is to go ahead and create your own social network profile on the major networks "before someone else does." They also advised caution when accepting friend requests in case the profiles in question are fakes.
Share
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Well, good news for Facebook if people have to have profiles to protect themselves.
The mom who bullied the girl who committed suicide, made up a fake id. She did not steal one. That is an entirely different problem.
Someone else claiming to be you can damamge your rep. However, if you monitor your self on google then you would know what is going on. 99% of people do not have to worry about his problem. They are not famous enough for anyone to even bother doing this.
I think you lumping 2 different things together, the second one is NOT an issue. You can easily alert the social media sites and they can SEE who is who and what is what because they have all the information behind the scenes.
Now... Lets solve world hunger.
Dr Wright
The WRight Place TV Show
www.wrightplacetv.com
www.twitter.com/drwright1
This is a problem we will have to deal with more and more in the future.
Someone forged a Facebook account of Mike Trivisonno and he found out about it on the show. Listen Here.
We run into this issue a fair amount on CafeMom (you'd be surprised). We have a lot of ways of dealing with it, but it's still a bit timesink. I think it will be more of an issue on networks like ours where you don't always have a strong real-world connection with the people on the network, so it's not easy for you to really know who your "friends" are.
Sadly, it really is "Trolling 2.0", it's the same people who cause trouble on message boards and whatnot, but now they have decided that they can cause more havoc by pretending to be someone else. And as always, the best way to deal with them is ignoring them..giving them attention is all they want.
Something like this just happened to a friend of mine on LinkedIn last week. My strategy: I "claim" my profile on lots of networks, but it takes a lot of time and energy. I also check out a bunch of people-search services on a regular basis to see where my name shows up -- like yasni.com and pipl.com. Moreover, I get a daily email from tools like Techrigy's SM2 and others which finds places my name shows up on the web. I expect to see a link to this comment tomorrow. Crazy new transparent world.
I agree, if someone is not famous or well known, it does'nt bother at all. However morally Social networking sites should take measures to avoid fake id or duplicate profiles. What if some one is not really interested in having a social profile?
Thanks for sharing another side of the picture!
@Dr Wright-
"99% of people do not have to worry about his problem. They are not famous enough for anyone to even bother doing this."
That is like saying only rich people have to worry about getting their credit cards stolen! Obviously, that is not the case.
There are several reasons why some one would want to impersonate a "regular" person online. The motivation can range from just plain mischief to something more sinister, but its dangerous to discount the potential risks of online identity theft since they are real.
Good article Sarah, I just saw a report of this on MSNBC about a guys facebook profile being stolen and then the person sent out e-mails to his friends requesting funds. You are spot on with this.
While this type of identity theft is possible it's not as destructive as other types because there's only so much you can actually DO with someone else's social network profile.
It DOES represent an opportunity for identity thiefs to purport phishing scams. But that's a secondary threat. They'd have to get your identity AND leverage your identity to convince someone in your network to give you something of material value.
The other main risk this poses is to a person's reputation. Which is certainly important.
But it's not like you can open a credit card account with someone's MySpace identity.
Although not personal identity theft, I recently hijacked Burger King's brand on Twitter. I feel that it is very much related. Here is what I learned in the process:
http://tinyurl.com/ahtsxg
Odd statement:
The security firm warns that the best method to keep yourself safe is to go ahead and create your own social network profile on the major networks "before someone else does."
This is wrongheaded thinking on quite a few levels - where in the report does Aladdin say that?
We are covering this very topic on http://SocialStalking.com it is bigger than most people think
Excellent article. I think this raises a number of issues about the distribution and fragmentation of identity information. As people have mentioned already, at present one must claim accounts at all major social web platforms to instigate an occurence of that identity, therefore no allowing it to be duplicated on that service.
I think this case throws up the need for more reliance on a persistdent identity used by the service to verify the person signing up. This should contain my biographical information, along with an OpenID, and also my social network, so that my credentials can be trusted. Technologies such as OAuth would allow access to my online identity from another service and would therefore enable it's reuse for verification.
Also @Paul Bannister, I like the term 'trolling 2.0'. I think this sums up the fake profile using identity theft well. :-)
Thanks for raising your concerns. This is something awful situation, how it is possible for someone to have account all over networks? they are too many. there must be some solution to this. I remember some one from Phillipines used our established brand create a free wordpress.com account and it is just showing less creativity of the person who did this.
Just as Gil Yehuda mentioned above, finding a dependable place to run an instant
background check is a great way to check the validity of a profile.
As the original author of this, it's great to see the overall positive response to this. Re some of the comments above I'd like to clarify a few statements and add a few ideas:
1. "Claiming" your identity is indeed a recommendation that I would make. Even if one is not inclined to participate in a certain social network, a basic profile should be created and preferably linked to/from a more active profile on a another network. That would make faking the same profile on the said network much more difficult.
2. The damage potential extend from Trolling 2.0 (which I love as a term, but is not covering all the possibilities here). As noted here direct financial gain has been known to be sought after using other people's profiles, and basic yet effective corporate espionage has also been proven to exist for business related profiles.
There should be a way to verify a persons online profile whether it be on a social networking site, blog, or other sites. Especially on Myspace or Facebook when really anyone can create fake profiles or even steal real peoples identities. Think about it, if someone asks a medical question on a blog and 15 people comment back claiming they are doctors and start dishing out medical advice how do you know they are actually licensed doctors? Where is the proof that these people are really doctors. I think it would be important to do a background check on questionable people you friend on a social website or blog. Also its important to do a digital footprint of yourself to make sure the sites you signed up for are accounted for and that someone has not signed you up for something you didn't.
I smell a Web 2.0 security and reliability gateway that both makes use of Web 2.0 sites like Facebook, Twitter, Myspace etc... safer and could easily have a built-in query mechanism to keep tabs on fakes?
Jeff
Thanks for raising your concerns. This is something awful situation, how it is possible for someone to have account all over networks? boya they are too many. there must be some solution to this. I remember some one from Phillipines used our established brand create a free wordpress.com account and it is just showing less creativity of the person who did this.
China MHIE is a leading Material Handling Equipment provider in China. After several years’ development, we had ranged our
products from warehouse material handling equipment to logistics equipment, including [url=http://www.chinamhie.com/]
Forklifts[/url], Electric Stacker, Electric pallet truck, Hand manual stacker, Aerial work platform, Crane, Dock lever, Jack,
Lift table, Shelf, Electric truck, Drum equipment, Rolling