Here we outline why your account should be friends only, and how seemingly innocuous data can be used against you.
Throughout this site we strongly recommend that your default privacy setting – the setting that dictates who can see the photos and posts you make on your timeline, and the posts others make on your timeline – should be set to friends only.
That advice will apply to nearly everyone. In response, however, we sometimes hear comments such as “but I don’t post anything sensitive on my Facebook” or similar sentiments. However what we find is that people often underestimate how sensitive much of what they post on social media can be, and how valuable it could be to a variety of types of cyber crooks.
For example, identity theft can often work as a sequential process where the thief gains more and more control the further they go. First, the crook will target the aspect of a person’s life that requires the least information to access. The low hanging fruit. Once they gain that control, they’ll exploit it to leap-frog to other aspects of a person’s life that are usually difficult to target but can do more damage to a victim and be more profitable for the crook.
So for example, this could mean initially taking control of an online social media account or an email address, and this in turn could lead to a crook taking out a loan, a credit card or a phone contract in a person’s name.
Innocuous data isn’t so innocuous when grouped together
To help stop this process, or deter an identity thief, social media users should minimise the amount of information they make available about themselves, or at least make it more difficult for a crook to obtain.
If your Facebook account is public, identity thieves will be able to glean information about you effortlessly. For example someone wishing you a happy 30th birthday will give a crook your full date of birth. Someone posting something like a meeting place can give a crook your hometown. A photo of you posted by a friend standing outside your house or on your street will give away your full postal address (thanks to the advent of Google Street View.)
Your ‘About’ information, or the information posted by colleagues could give up your workplace and employer. Posts by you or your friends posting on your timeline can also give up the names of your family, friends, names of pets, the school you went to, your favourite hangout spots or even your phone number. Posts from you or your friends can also lead to a crook knowing your vacation plans.
Combine all of this with information you’ve already parted with by having a Facebook account in the first place, such as your name and your likeness, and pair it with basic information found on other social media profiles, and an identity thief may already have enough information about you to…
– Launch a convincing targeted phishing scam against you (called spear-phishing) to trick you into handing over control of an account, including your email account.
– Answer your “secret question” using information gleaned from your Facebook timeline to gain access to another online account.
– Launch a social engineering scam against a company you have an account with to try and take over your account.
– Build a profile on your day-to-day activities, including when you attend local hangout spots, when you leave and return for work, and when you’re going on vacation. This allows criminals to know when your home is most vulnerable.
This in turn can lead to even more serious fraud. For example, a crook that gains access to your email address is likely to be able to leap-frog to your other online accounts by using the reset password feature.
Sponsored Content. Continued below...
And with is information they have on you, and access to an online account or an email address, the level of fraud a cyber crook is able to commit becomes far more serious. They can now obtain information information needed to take out a loan in your name, or a phone contract, or a bank account or even apply for benefits under your name. And while this is profitable for the crook, it can lead to irreversible loss for the victim.
And it can all start from a crook being able to see a “happy birthday” post on your timeline and a photo of you and your friends stood outside your house.
The harder you make it for crooks to get even basic information about you, the less likely they will target you. Don’t give them the opportunity, and keep that digital door firmly shut.
Your privacy setting can be found in your main settings under Privacy, under the “Who can see my future posts?” option.