The Age has a detailed look at identity fraud in social networking sites:
IT'S what makes you unique among the Earth's 6.65 billion humans - your identity. Your name, your date of birth, where you live, who you barrack for, even your pet's name - private details now so easily made public on social networking sites that attract 500 million users around the world.
To an identity thief, these personal details are all they need to flesh out a fake ID that can let them clean out your bank account or set up a false credit card, loan, welfare payments or even a passport.
With 200,000 Australians now on social networking sites such as Facebook, MySpace and Bebo every day, security experts and consumer groups are predicting this year will be a bumper one for ID fraud.
Security software company Symantec's global internet security report for the last six months of 2007 shows malicious attacks are now focused on trusted websites putting the attackers in our midst.
"We used to tell people not to go down the dark alleys of the internet, but that doesn't apply today," Symantec Australia chief Craig Scroggie says. "It's not the back alleys, it's the main roads like the social networking sites where the attackers are actively seeking us out."
...
Where it's happening is the most significant twist, with the latest data showing that trusted sites such as Facebook and Second Life are being infiltrated to strip individuals of their personal information.
...
The BBC's Watchdog program recently uncovered that murky truth with a Facebook experiment using a fictional character called Amba Friend. Watchdog set up a Facebook account for her and sent out messages to 100 random Facebook users asking them to be her friend. Of those, 35 strangers said yes, including 23-year-old Scott Gould. Watchdog used the personal details on Mr Gould's profile, including his date of birth, to apply for an online bank account and credit card in his name. Both were instantly approved.
Software security provider Sophos followed suit, fabricating a character called Freddi Staur, who lured 82 users into handing over their personal details, including their phone numbers.
A spokesman for the Australian Consumer Association Choice, Christopher Zinn, says there is a false sense of security online that leads people to behave more recklessly than they would in the real world.
"Would people stick personal details like pictures of themselves growing up on a lamppost outside their house or on a public bulletin board in the supermarket?" he asks.
"The exuberance and the excitement that these sites generate tend to work against the cautions. But once you give those details out, you've lost control of them forever."
Digital strategist and researcher Julian Cole did his thesis on the way young people use social networking. He says security just doesn't concern them.
"This generation is much more forward in the information they're giving over to sites like Facebook," he says. "There's no reservation in revealing date of birth, schools, football teams, even mobile phone numbers. They don't have that worry about security."
...
The Privacy Commissioner Karen Curtis says "it is likely that individuals posting information on social networking sites would be exempt from the coverage of the Privacy Act" as the act doesn't extend to individuals or organisations based overseas such as Facebook and MySpace.
In his recent report on identity crime, Federal Home Affairs Minister Bob Debus pushed for new laws against identity theft, including victim certificates issued by the courts to help undo damage done by identity thieves.
Only in South Australia and Queensland is it an offence to assume or steal another person's identity. By comparison, identity theft is a federal crime in the US with penalties of up to 15 years' jail and fines of $250,000.
AUSTRALIAN Privacy Foundation chairman Roger Clarke says that beyond companies and criminals, there's also reckless behaviour coming from individuals using social networking sites.
"We've always assumed fraud was a threat in big organisations," he says. "Now we've reached the stage where individuals are a threat to one another in handling data like disclosing photos of someone off their brain, which a boss might see before a job offer."
But Mr Clarke argues stricter laws aren't the answer.
"When somebody uses a social networking site, it's a consent-based arrangement," he says. "What we don't want to do is wreck the balance between freedom and protection."
Ultimately, he believes web users might find their own solutions. "As we get a bigger pile up of embarrassment and significant loss, we'll see a lot more use of pseudonyms, like spelling your first name in an interesting way, so that only your 'group' knows who you are."
Read more here.
Comments