These days, no one is posting her social security number and mother’s maiden name online (right?). But users have plenty of other ways to get their identities stolen in cyberspace. Even if you're engaging in seemingly innocuous behavior, identity thieves can pounce on personal information and create a new financial identity for you -- or just impersonate you and ask your friends for money.
It's bad enough when personal information is compromised, but enterprise information is also at stake. Think of all the users creating passwords for online services like Dropbox, where they store sensitive documents (against company policy, of course) or just access paid databases. Even if users don't choose their own passwords, the mechanisms used to retrieve lost passwords may be compromised when end users engage in risky behaviors. Additionally, for enterprises, when an end user is impersonated, it may reflect poorly upon the company.
One way to combat this cyberthievery is to present it to end users in an unusual way, such as “If you want your identity stolen, here’s what you can do…” Below are a few suggestions you can give in this regard:
- Play the name game. You know those silly games where you post your middle name plus the name of the street you grew up on, and that’s your stage name? They're all over Facebook, and people love seeing that their stage name is Stella Elm. Identity thieves also love these games. When someone posts the results of those combinations online, they’re posting information usually needed to answer identity verification questions. It’s like opening up the blood bank to a gaggle of vampires, who can then use this information to retrieve lost passwords, hack into accounts, and impersonate end users.
- Use the same password for everything, and make it really easy to guess. When a user deploys the same, easy-to-guess password, like a firstborn’s name or a pet’s name, for all applications and accounts, they’re laying out the welcome mat for identity thieves. Tell them to pick something harder to guess, add in some numbers and special characters -- and pick a different password for each site.
- Register on every single site, even sketchy ones. The rule of thumb is that if it’s too good to be true, it probably is. No one’s going to get a free iPad or Coach bag; at best, they’ll get spammed, and at worst, get scammed. If there’s a compelling news article on a site that requires registration, look for an alternate way to access the site, like with a Facebook or Twitter log-in or by using a service like BugMeNot.com, which provides passwords to Websites that require registration but are otherwise free. As a last resort, set up a free email account with Gmail, Yahoo, even Hotmail, to be the account you use to register for all these random sites and services; use a password that is very different from online banking passwords; and give a fake birthday.
- Friend everyone who asks on Facebook. Clearly, Facebook friends aren’t always who they seem to be. In addition to doing users bodily harm, thieves and imposters can break into bank accounts and corporate applications. Or they can impersonate users, ask their friends and family for money, and spread all sorts of nasty viruses. The lesson is, sharing can be dangerous. Even posting things like a childhood landmark (“Picture of the house I grew up in on Wisteria Lane – they cut down the avocado tree!”) can cost a user and any apps and locations on her network money, goodwill, or both.
- Click on every link. Click on that link from a grammar-school friend posted on Facebook, even if the words are misspelled and the infinitives are split. Click on the link in that email from a distant cousin, even when her subjects don’t agree with her verbs. There’s no way those sites could have malware, right? And most definitely click on the links sent by scammers purporting to be PayPal, Amazon, or your bank, and be sure to enter as much personal information as possible. Or don’t, because identity thieves love setting up these traps to catch unsuspecting, trusting people and their personal information.
Of course, no one actually wants his identity stolen. It can take years to repair damage from data breaches brought on by user negligence. It can take users themselves years to repair credit and reputations damaged by identity thieves and online impersonators. To avoid all this, the above reminders are useful to everyone.
The message in a nutshell for anyone online: Guard personal information, think twice before posting -- and click with caution.
— Christine Parizo is a freelance writer specializing in business and technology.