It is remarkable how much information about a person can be picked up by a trawl through through the Internet.
Thanks to the likes of LinkedIn, Facebook, Twitter and Instagram, it is often not difficult to work out with just a few minutes’ work where they last went on holiday, the names of their closes relatives, their car’s registration plate (if they have posted photos of the vehicle), which school they attended and where they work.
As Professor David Chadwick, a professor of information systems security at the University of Kent in the United Kingdom puts it, “people are very happy to release information on their Facebook pages.”
“People give names and other information, and [other] people [go through] the internet and pick that information up,” he says.
“You have to assume that most of the information that you put into [a profile] is going to be made public in one way or another. That’s behaving in a safe manner. Don’t post anything to a Facebook page or Tumblr or email that you’re not prepared to be made public.”
Given the fondness that many people have for sharing their lives online, it is no surprise that identity theft is soaring, with a reported doubling in its frequency taking place between 2007 and 2017.
The UAE is among the many countries to have experienced growth in identity theft.
“Research … suggests that due to the speed at which social-networking sites are fluorishing, it has become a lot easier to steal content and conduct identity manipulation,” Dr Zeenath Reza Khan, Salma Rakhman and Arohi Bangera, from the University of Wollongong in Dubai, wrote in a 2016 paper entitled “Who Stole Me? Identity Theft on Social Media in the UAE”.
Presented at the 4th Global Conference on Business and Social Sciences in Dubai, the paper highlighted the vast scale of the problem. In 2015, more than 5 billion dirhams were said to have been lost by individuals in the Emirates because of cybercrimes like social media identity theft (SMIDT).
In a survey by the researchers, a remarkable 59 percent of respondents (of whom there were 128) reported falling victim to one type of SMIDT or other, with young people particularly at risk.
“Instances of SMIDT are high among student victims, particularly in the age bracket above 18. Furthermore, the impact of SMIDT on the student victims reported was quite grave, from humiliation to trust issues to feeling violated,” the researchers wrote.
Studies have also indicated that “victims of SMIDT are left with permanent wounds and the constant lingering of an irreversible experience”.
The vast majority of identity theft takes place online and, where once bank accounts and credit cards were the key target for fraudsters (whether through “new account fraud”, in which a new account is set up, or “account takeover fraud”, involving an existing account being compromised), today more is said to centre on the likes of online shopping accounts or mobile phone contracts. These tend to have less rigorous security controls than bank accounts.
The type of material that could prove compromising when posted online can be surprising, as it goes well beyond the obvious, such as passwords, banking details and date of birth.
Some experts advise users against posting where they were raised, their workplace, where they live and their family members’ names. Such information may be used to answer secondary security questions required to gain access to a bank or other type of account.
Simply giving details on a Facebook page of a forthcoming, current or previous holiday could open up a line of attack for fraudsters by helping them, for example, to masquerade as a friend, either through email or a fake social media account. This could lead to confidential details being divulged.
Details that might be safe to post on their own could cause problems when added to information available elsewhere, and privacy settings on social-media accounts are not a foolproof way of preventing the wrong people from getting viewing online posts.
Login information for compromised social media accounts is traded on the dark web, with prices starting at just a few dollars for the credentials for a dating site account, which could be used by fraudsters to gain the confidence of other users to extract money from them.
No wonder, then, that extra caution is advised when using online accounts.
“When you do anything that requires authorisation, that requires security, then make sure you use strong credentials – a very strong password and do not give it out to anybody,” says Prof Chadwick.
Given the pitfalls, it begs the question as to why people are willing to share so much online, whether it is what they had for breakfast, their relationship status or their thoughts on the latest political controversy.
One reason is that individuals “seek social connection in a fragmented world”, according to Professor Jonathan Freeman, managing director of i2 media research and a professor of psychology at Goldsmiths, University of London.
“[They are] trying to portray an image of themselves, even if it’s subconscious … Most of it is to curate the image of themselves that they’re happy with, whether that’s a political stance, an environmental stance, an equality stance, how cool and trendy they are – a kind of personal branding,” he explains.
Although such online sharing is seen by some as narcissistic, Freeman argues that social media use has many upsides.
“There’s a lot of data out there that demonstrates positive effects of engaging with social media and sharing and feeling that you have a wide network of people that you’re keeping in touch with and [from whom you are] getting positive responses to your posts,” says Freeman.
Balancing this out, he cites research indicating that “image-based sites” can have a negative effect on body image and well-being. Also, seeing the endless positives associated with the lives of others – users tend to detail the best aspects of their lives on social media – can make others feel down.
“It’s a question of moderation and being aware of the pitfalls and being mindful of your reactions,” says Freeman, whose company has carried out scores of research projects for clients including social media companies.
Although often regarded as being keener to share more about themselves online, and despite reports that they in particular are more often targeted for identity theft, young people, who have grown up with social media in a way that most adults have not, may be more savvy about what not to share than might be thought. Freeman says that they will often have been educated at school about what not to do online.
“I would expect older and less tech-savvy [people] may be more likely to post more risky content online in terms of identity theft,” he adds.
A final thing users are advised to remember when going online is not to unthinkingly follow the example of others. The social media herd may be exposing themselves to risks without realising it.
“When something becomes the norm – posting your whereabouts on Instagram or Facebook hoping for as many likes as you can – when everyone else is doing it, it probably spreads the perception of it being safe even when it may not be,” says Freeman.
“In lots of situations it may well be safe, but it is important to stay smart to enjoy the upsides of engaging on social media while avoiding risk.”