A new study has shown how fraudsters are able to use information shared online on social networks to build detailed profiles of potential victims. Researchers interviewed one ex-offender to find out the techniques he and others use to garner details from online sources enabling them to steal others' identities.
He revealed that while users are often canny enough to withhold enough information on one site to foil fraudsters, resourceful crooks can collect enough data from various sources to apply for credit or make online purchases in their victim's name.
Online predator: Researchers interviewed one former offender to get an insight into how fraudsters gather information from individuals' various online profiles to collect enough data to steal identities
Chief among the top three online resources for collecting potential victims personal details was not a social media website at all, but was in fact 192.com. The directory inquiries website was noted as particularly useful for providing information on where potential victims live, their age, other occupants, and how long they have lived there.
Fraudsters can then flesh out the skeleton identity this crucial data provides by using Facebook for details on location, activities, friends and photographs; and LinkedIn, on which users often reveal their entire work and education history. ‘192.com was such a good resource – the information on there was so good,' the study's interviewee revealed. 'LinkedIn is good – the whole point of the website is to get everything you’ve done across to people you don’t know.’ He added: 'Photos are important. It can give you clues about a password or a security question – you may be asked favourite holiday place, or favourite football club – it’s a piece of information.'
Whose checking your profile? The research, conducted on behalf of online security company ALLOW, revealed fraudsters often mine Facebook profiles for information that could help them crack passwords
RANSOMWARE VIRUSES GROW INTO $5M-A-YEAR 'EXTORTION RACKET'
The ex-fraudster revealed how he would create fake Facebook profiles using pictures of attractive women to contact men in an effort to get them to reveal sensitive personal information. 'You’ve got to get in to the minds of people – most guys will add a pretty face even if they didn’t know them,' he said. 'One of my victims, I nicked someone’s phone, chose a pretty girl from a different social networking site, got some of her photos and made a profile on Facebook and added a few random people. This guy emailed me stuff, where he would be and what he was doing – he thought he had a chance with this fake person I had made up. He was giving me all this information but doesn’t really know who I am.'
On other occasions he merely hijacked the Facebook identity of an existing person to get their contacts to reveal information. People can hijack someone’s Facebook activity - I’ve known it to happen, say someone is called Peter, you can set up a new account using the name Pete, copy their image and information to the new account and add their friends and have conversations with them on Facebook. You can extract information, it's an avenue to exploit to get bits of information.'
The study, conducted on behalf of personal security company ALLOW, which offers services to keep internet users safe online, revealed how information collected by fraudsters was predominantly used to apply for credit or make purchases in the victim's name. This typically involved using personal details to create an identity at a particular address the fraudster had access to, then applying for credit cards or loans. Alternatively the offender could collate the details into a complete identity then sell them on to others to commit the fraud.
The fraudster said he felt social networks and social media sites 'didn't care' their services were being exploited by criminals. 'The more popular they are with everybody the happier they are,' he said. 'I think the thing they are worried about is if it became public knowledge that people can get defrauded through using them, I don’t think they would like it.'
'Common sense': Justin Basini, CEO and founder of ALLOW, said social media users can take easy steps to protect their identity online
Justin Basini, founder and CEO of ALLOW, told MailOnline that the application of 'common sense' can help social media users protect themselves against the fraudsters out to steal their identity. 'One in four people don't check privacy settings on Facebook,' he said. 'One in five people accept friend requests from strangers; and most people use the same passwords for all kinds of services.'
Source: Daily Mail UK