You are on Facebook during a break at work. A questionnaire published by a friend appears in your notifications: “What Game of Thrones character are you?” Boring and a little intrigued, click on the link. And once you're done you want to publish it on your wall immediately, so you must authenticate your Facebook account. The permissions are simple: the contest website has access to your data, public profile and friends list. You grant the relevant permits, tags your friend, and voila.
The next day, receive an email from Spotify. Your premium account will expire soon. Click on the link that takes you to a Spotify subscription page. Most of your billing information has already been completed since the last time you renewed your subscription on the music platform. You just have to add the security code of your card and the expiration date.
A few weeks later, you receive a friend request. You can't really remember if you've really met this person in real life, but the user in question has more than a dozen friends in common and you don't want to be rude. It seems to be a good option and you accept their friendship on facebook.
A month later, you are preparing your bags for a weekend trip to take a break and get out of the routine. Your travel companion publishes an enthusiastic update on the last places visited. While you upload a selfie to Instagram in the most normal way.
Three days later, you receive a message from LinkedIn. The founder of a new startup in your country has contacted you to see if it is available for any sporadic work. Over the next few weeks, you will communicate with this user through email and also through LinkedIn's own message system, dealing with the details of the work and the payment method.
Two weeks later. Receive an invitation to try a new website that lists interesting events, such as concerts, openings and events. The invitation came from that friend you added a few days ago. You are apparently performing public relations services for the new site. You decide to check it out. A Facebook Login is required for the website to verify your location.
In a cafe, your credit card has been declined, so you have no choice but to pay in cash. You call the bank when you get home, and it turns out that your bank account has a dozen charges you didn't make, for a total of almost € 3,000. Thats not all, You begin to receive charges for operations you did not do, and cash withdrawals that you did not perform. In addition, you notice an increase in spam in your email inbox. Danger !! ☠️ you are the victim of identity theft.
So what did I do wrong?
Identity theft or phishing can be an extremely difficult crime to track. Any of the above actions, if done without care, could have been a signal that caught the thief's attention. The Game of Thrones could have been a decoy to collect personal information about you and your friends on Facebook.
The friend you added on Facebook could have chosen that information and befriended some of your acquaintances. If many of your friends took the same questionnaire, that would explain the high number of friends in common. Then he sent you an invitation to a fake website. You probably use the same password for Facebook as for some of your other accounts. Gmail, twitter, paypal, payoneer or the app to access your bank accounts Did you write your Facebook password on that site?
Or was that email from Spotify? Was that link real? Spotify posts updates on what I'm listening to on Facebook. Since then you have deleted the email. Were those the last four digits of your credit card?
Your travel companion, with whom you have common friends posted about your trip on Facebook. People in your immediate environment knew you weren't home that weekend. Friends of others could have entered your home and found your personal documents, social security card, bank details, contract, etc.
Identity theft prevention
Social networks are a perfect hiding place for a specific type of hacker, a relatively new tribe in Internet domains called social hacker 👀. This practice consists of manipulating the results of social behavior through orchestrated actions.
Social hackers take advantage of technology and the consent of unsuspecting Internet users. They trick the victims into making mistakes, posing as a platform with a lot of authority (Spotify payments, Paypal, etc.) and / or someone who is known to the victims (your new Facebook friend 👍). In-depth investigation is needed to achieve credible staging and achieve a feeling of familiarity with the victim, so much so that the particular action that led to identity theft cannot be identified.
Caution is the key to preventing identity theft through social hacking. Here are some tips you can take to avoid as much as possible the Identity Theft.
Ask your friends in common if they really know a person before adding them to Facebook.
How to prevent identity theft or identity theft
- Do not log in to Facebook or other social networks on external websites unless you trust the source.
- Do not click on links in emails to websites through bookmarks or Google search.
- Always check that the certificates 🔒 HTTPS are trusted and belong to the platform.
- Check that the site you visit is an official site not a Clone password stealer
- Do not post status updates on Facebook detailing your next trips or your location.
- Do not post geo-tagged photos until you have returned from travel.
- Use strong passwords and do not use it twice. If you are still unsure if your password is good enough, use a password strength tester.
- Change your date of birth to get rid of identity thieves.
- Uncheck as many app permissions as possible when using social media authorization.
- Write false answers to password verification questions such as "What is your mother's maiden name?"
Companies that are related and present in the various social media benefit from the collection and sale of as much personal data as possible about the public that makes use of such platforms and tools, so we cannot depend on them for our protection. Most of this data is used for segmented and contextual advertising, but in the wrong hands the data could lead to Identity Theft.
The number of cases of Identity Theft is increasing. And with advice as simple as the ones we have outlined below, we are sure you can avoid them.