Identity Hack

It is not antisocial to limit who can access your social media account.

Here’s how to protect your identity.

By Victoria Lim

On her way to St. Thomas in the US Virgin Islands a couple of years ago, Valerie Ramsey’s journey included a stopover in Puerto Rico. Using the free WiFi, she logged on to Facebook at the San Juan airport before the second leg of her trip. By the time she landed in St. Thomas, her sister-in-law had messaged her, asking why Ramsey would try to “friend request” her when they were already friends.

In just a little over a half hour, someone had “spoofed” (duplicated) Ramsey’s account using her photos and information, and had “friend requested” everyone she was already connected to on her real account.

“I think it happened because I used an open WiFi,” she says. “I felt uneasy knowing a stranger could see my friends and family.”

This wasn’t Ramsey’s first problem with Facebook, nor was it her first account. She created the one that was duplicated after an incident in the early 2000s when she initially joined the social media platform. A coworker “direct messaged” her a link to a video. Or so she thought.

“He wrote, ‘Look at this video!’ in a private message, and it was sent to a group of us,” she remembers. “I clicked on it, and no video played. Then I started having problems with my computer.” A virus spread and “killed” her laptop. She was never able to recover her files or, most importantly, photos from years before.

Sadly, as most of us well know, this still happens. Both of Ramsey’s privacy violations are among the most popular ways cybercriminals steal your identity, according to the Identity Theft Resource Center. By creating a copy of Ramsey’s page, they could have linked her to a fraudulent site asking for her credentials, such as an email address and password, to capture her personal information. The fake video link was also a way to siphon personal information from her computer and automatically send the same link to her friends hoping they’d also click on the fake video.

More than two-thirds of Americans use social media, according to the Pew Research Center. Facebook is the second most popular platform, behind YouTube, followed by Instagram, Snapchat, LinkedIn, and Twitter. But less than 10 percent of users believe social media platforms protect their data—and with good reason. In the past two years, almost every platform has experienced a password breach. Earlier this year, it was revealed that political consulting firm Cambridge Analytica harvested raw data from 87 million Facebook profiles.

Ramsey, who does marketing for her family’s commercial properties, and Julie Beall, a wellness and business strategy consultant, are among the 13 percent of social media users who have had someone take over one of their social media accounts. Beall manages the Instagram account for her local animal hospital in Springboro, Ohio. The account usually features photos of the hospital’s canine patients. But in early June, the account was hacked.

“We were notified at 1:30 a.m. that somebody was messing with the account,” Beall says. “The hacker had sent out hundreds of emails from our account with job opportunities, and at some point Yahoo realized they weren’t legitimate and shut the account down.

The stranger who hacked the account changed the profile photo but never posted other new pictures. Rather, it appeared his only interest was to use the associated email address and contact list to spam the hospital’s customers.

It took almost three weeks for Beall to regain control of the account—and despite multiple attempts to contact Instagram for help, she says she never received support from the platform. “I had given up,” she says. “But I logged in as the hacker, played around with passwords, and all of a sudden I was in! I changed the name back and changed the pa

“Social media can be used to build your brand and connect with friends and family. It can also be used in ways you can’t expect,” warns Tiffany Schoenike, director of campaigns and initiatives for the National Cyber Security Alliance. “What identity thieves and hackers do is cast a really wide net, to gather as much information as possible, to gather information and sell it, and get the greatest benefit for the least amount of action or effort.”

Schoenike says many social media users overlook the additional ways the information they post can be used against them. In the Cambridge Analytica case, by having visibility into the stories or ads that unsuspecting Facebook users clicked on, and whom they messaged and when, and by tracking their activity such as regularly checking in to a local coffee shop or a child’s school, the firm could make assumptions about users and customize what they saw on Facebook, say, ads for a BMW.

Online stalkers can use that same kind of tracking to stalk you physically. Cyberstalking attorney and victim advocate Alexis Moore has a client—a real estate agent—who uses Facebook for business purposes. She accepted almost all friend requests, considering them potential home buyers. She posted open houses she hosted, fund-raisers she supported, and events in which she participated. Suddenly, a man started showing up everywhere she was.

“She was being relentlessly stalked,” says Moore. “He was harassing her. She contemplated bankruptcy because he kept following her and became friends with her friends. He knew exactly what to do below the threshold where law enforcement would get involved.” After the real estate agent contacted her, Moore advocated for her, noting that the law doesn’t require a death threat or evidence of physical violence to compel the authorities to investigate. Moore helped her file a police report, and the man was arrested, and ultimately convicted, of cyberstalking. DW

Victoria Lim is an award-winning investigative journalist, newsroom trainer, and communications consultant based in California.

SIDEBAR:
Privacy and Facebook

OK, you scared me. What should I do?
Review your privacy settings on every social media app and platform you use on a regular basis, as policies and steps are always changing. Here are some of the many steps you can take to protect your privacy on Facebook.

After you’ve logged in, click the downward triangle at the top right-hand corner, the same icon you select to log out. Select “Settings” from the drop-down menu. In the left column on the General Account Settings page, click on “Privacy.” Choose “Friends” for “Who can see future posts?”; “Who can see your friends list?”; and who can find you through the email address and phone number you’re using for Facebook. You can also change the settings so that previously public posts are now private. Clicking “Limit Past Posts” means the only people who can see them are your Facebook friends.

You have the ability to restrict and block other Facebook users from seeing you and your activity, or tagging you. In the left column on the settings page, choose “Blocking.” In the “Block users” section, you can fill in the name or email address of anyone you wish to block. On this page, you can also block messages, apps, and other features.

The “Activity Log”—included in the drop-down menu above “Settings”—enables you to see who is including you (tagging you) in their posts. If you don’t want a post to appear in your timeline, you can hide it—but it will still appear elsewhere on Facebook. If you don’t want it on Facebook at all, you may need to ask the poster to remove it.
You can do a “Privacy Checkup” anytime by clicking the question mark next to the downward triangle. A pop-up box will walk you through selections for “Choose Audience” (select “Friends”) and “Profile” (“Only me” means no one will see your email address, birthdate, current city, and work history). As the final step, you can adjust the settings for apps and websites—removing them or restricting who can see those you use and thereby have access to your Facebook profile. (Better yet, when you download an app, don’t link it to your Facebook page in the first place.)

Lastly, you can access, even download, all the information you ever created on Facebook, plus view all the advertisers who have access to your data. Get ready to go down the rabbit hole.—VL

SIDEBAR:
Eight more ways to protect yourself on social media

1 Share the least amount of information possible. If you don’t need to use your full name, choose a nickname or handle. Don’t add your birthday, photo, and current location if not required. You can let those you want to connect with know how to find you.

2 Don’t feel the need to friend or connect with everyone. Whether it’s your boss, an ex, or a stranger, you can decide if you want someone as a connection. Don’t forget—there are fake accounts. Be “friends” with friends in real life.

3 Consider two-step authentication to log in to your account. In addition to your password, activate this where possible. It will require a security question, confirmation through a code texted to your phone, or additional steps to log in.

4 Skip the quizzes. You’ve probably seen the ones that claim to predict your age, your favorite city, or where you really should have been born. They get access to your information, your connections, and your patterns when you participate, which can be a default agreement to their terms and conditions.

5 Click only on links you trust. Those headlines can be attention grabbing, but clickbait is rampant. A fake link could unleash malware that hijacks not only your account but your device. If you don’t know the source, don’t click.

6 Turn off your location on your phone. When you take a photo, it could be geotagged with the date, time, and coordinates of the location. Disabling that function keeps your exact location private.

7 Share with care. Obviously, posting a photo of your passport or driver’s license hands over all the information an identity thief needs to do some damage. Think about how a joke or a photo could be taken out of context. Is that something you want to have to explain or apologize for?

8 Remember: A post can last a lifetime. “No, you cannot erase a social media presence completely. Once it’s online, it’s there forever,” says Tiffany Schoenike of the National Cyber Security Alliance. —VL

Related posts