FDIC Consumer News - Winter 2016
Using Social Networking Sites: Be Careful What You Share
A lot of people use social media sites — such as Facebook, LinkedIn, Twitter, Google+ and Instagram — to stay in touch with family and friends, meet new people and interact with businesses like their bank. However, identity thieves can use social media sites in hopes of learning enough information about individuals to be able to figure out passwords, access financial accounts or commit identity theft.
Identity thieves create fake profiles on social networks pretending to be financial institutions and other businesses, and then lure unsuspecting visitors into providing Social Security numbers, bank account numbers and other valuable personal information. Identity thieves also have created fraudulent profiles and then sent elaborate communications to persuade “friends” to send money or divulge personal information. “They might claim to work at the same organization, to have attended the same school, or share similar interests and hobbies,” said Susan Boenau, manager of the FDIC’s Consumer Affairs Section. “They know that communicating a false sense of trust can be easy on social media.”
“Valuable pieces of information to someone seeking to steal your identity include, for example, a mother’s maiden name, date or place of birth, high school mascot or pet’s name,” explained Amber Holmes, a financial crimes information specialist with the FDIC. “Fraud artists use social networking sites to gather this kind of information because it can help them guess passwords to online accounts or answers to ‘challenge questions’ that banks and other businesses frequently use for a second level of authentication beyond a password. Someone who has your password and can successfully answer challenge questions may be able to access your accounts, transfer money, or even reset passwords to something they know and you don’t.”
What safety measures can you take with your social media accounts?
Check your security settings on social network sites. Make sure they block out people who you don’t want seeing your page. If you have doubts about your security settings, avoid including information such as your birthday or the year you graduated college. Otherwise, though, experts say it is OK to provide that kind of information on your social media pages.
Take precautions when communicating with your bank. If you want to communicate with your bank on social media, keep in mind that your posts could become public, even though you can protect your posts to some extent through your account settings. You should not include any personal, confidential or account information in your posts. “Also, reputable social media sites will not ask you for your Social Security, credit card or debit card numbers, or your bank account passwords,” said FDIC Counsel Richard Schwartz.
Before posting information such as photos and comments, you should look for a link that says “privacy” or “policies” to find out what can be shared by the bank or the bank’s social media site with other parties, including companies that want to send you marketing emails. Read what the policies say about whether and how the bank will keep personal information secure. Find out what options you may have to limit the sharing of your information.
It is a good rule of thumb to avoid posting personal information on any part of a bank’s social media site. “That type of information is often requested by banks for their security ‘challenge questions’ that are used to control access to accounts,” advised Schwartz. “A criminal could use that information to log in to your account.”
Be cautious about giving third-party programs or apps, such as sites for games or quizzes, the ability to use information from your social networking pages. “Some of these third parties may use information from your page to help you connect with others or build your network — for example, to pair you with strangers wanting to play the same game,” Boenau said. “But they could also be selling your information to marketing sites and others, possibly even to people who might use your information to commit a fraud.”
Periodically search to see if someone has created a fake account using your name or personal information on social networking sites. Checking common search engines for your name and key words or phrases (such as your address and job title) may turn up evidence that someone is using your information in a dishonest way.
For more tips on avoiding fraud at social media sites, see information from the Internet Crime Complaint Center.