Is Facebook Identity Theft Possible?

Be sure to keep reading to the end of the page to see our latest updates. Is it possible to do some sort of Facebook identity theft and what benefit might a criminal get from using the site?

As social networking sites become more and more popular, the amount of information displayed about an individual online increases.

However, as you may know, MySpace and Facebook differ significantly. MySpace seems to be used on a more professional basis by those in the entertainment industry. People, bands or DJs that have their own show, song or gig to promote seem to be everywhere in MySpace. For some, it seems to be a very low cost but high return way to build a buzz around them.

Facebook is different though. Since it is not possible - at least yet - to 'Pimp My Profile' and add music, videos and other images, the entertainment industry seems to not be getting involved.

Click here for the 2011 updates about Facebook identity theft

Instead, the experience of your author shows that Facebook is instead being used by an ever expanding group of young, upwardly mobile professionals. These are the types with office based careers who would probably not want to be seen to be too wild to the outside world.

Since the site appears to have a different type of user, the information displayed is also different. For example, many people happily display their date of birth and details about their educational and employment backgrounds. This is because the site seems to be some sort of quasi dating site with the potential for job hunting thrown in.

These details can only be viewed by your connections, but that still could open the way for the potential of identity theft.

Being a member of a geographical 'network' also puts users at additional risk. Other members of the same network are able to view some personal profile details of others that they are not otherwise linked to. This may not sound too risky, but in big cities, this opens a profile up to a LOT of people.

The London network - for example - is at the time of writing the largest in the world with well over 1 million people. Why give all these random and unknown people access to your information? (This level of access has since changed).

As is discussed elsewhere on this site, for an identity thief to begin their work, they need very few pieces of information. Once they have found out a person's full name, date of birth, address, telephone number and social security number, there are many low level crimes that can be committed. Store cards can potentially be applied for or other basic identification documents can be applied for.

By displaying a number of these details online, an individual opens themselves to potential problems. When combined with a little background information which can be found on the site (place of study, hometown, type of job and employer) the task of impersonating a victim becomes much easier.

It is possible to switch off a number of features by using the site's privacy settings and this is a good thing to do. Of course, much better would be to put less information in a profile...

The introduction of Beacon by Facebook in 2008 altered the way in which personal information was gathered by the company. However, a semi-revolt by users forced the company to change approach and improve the potential privacy functions considerably.

As such, it is now possible to limit the amount that each 'friend' can see and whether your profile appears in search engine listings. Every user should be using these functions.

If you would like to keep updated about the latest changes in Facebook and it's policies, there is a Facebook site governance page. This page is used to gauge the thoughts of users to planned changes.

Update - November 2009: Facebook will start using your photos in ads that will appear on the profile page of your contacts. It is legal and is mentioned in the fine print when you create your account. If you want to prevent this, do the following: Settings, Privacy Settings, News Feed and Wall. Then click the Facebook Ads tab, choose "No one" and save changes.

The moral to this story, is that we should all be careful what personal information is displayed about us online. Otherwise, we may inadvertantly enable Facebook identity theft to be possible.

If all this fails to convince you that there are potential risks online to using social media websites, this story about a young man in Wisconsin that used Facebook for blackmailing his fellow students at school ought to provide pause for thought...

Update - December 2009: A survey by IT security firm Sophos looks at the use of Facebook and how much information is available. The results of this study are pretty scary from the standpoints of personal privacy and identity theft prevention.

Update - February 2010: Some research published shows just how many Human Resources professionals and recruiters use social networking sites to research candidates before they make a decision to hire or not. Knowing that 41% in the UK and around 70% in the US - amongst others - use such tactics ought to provide pause for further thought before "that" photo is posted and tagged...

An agency of the European Union, ENISA, has published a research paper (no longer online) containing recommendations for online safety measures for consumers. If you have any concerns - and we all ought to have - we recommend that you read the position paper.

Also in February 2010 was Safer Internet Day organised by the European Commission to highlight the risks people - and specifically as a part of this campaign, children - take when posting personal details and information on social networking websites.

As if to highlight the potential problems that can be caused by a social network, this story by the BBC about Google Buzz - which was launched in February 2010 - shows the possible risks.

Update - March 2010: It seems that Facebook users have been hit by a massive phishing scam - people trying to obtain passwords and login IDs. It is reported on by CNN here . Should you receive the message, just delete it.

CNN also reports that a quarter of UK kids have tried hacking. It seems that this is mostly low skill things like guessing passwords into other people's Facebook and email accounts. Reassuring, huh?

Update - April 2010: The negative 'buzz' and discussions in US Congress surrounding Google Buzz and it's privacy policy are being addressed. As this BBC article explains, the Terms and Conditions are being altered (starting 5th April) to better protect users.

This CNN article reports on a current attempt to con Facebook users from their personal details by offering US$500 WholeFoods vouchers.

On 24th April, the following instructions started to do the rounds about Facebook Privacy Settings: As of today, Facebook has a new built-in application called "Instant Personalization" that shares your personal data with non-facebook websites for advertising purposes. It is automatically set to "allow." To disable it and protect your personal info, go to Account > Privacy Settings > Applications and Websites > Instant personalization and uncheck "Allow."

Also in the news in April is social networking site Bebo. According to this story on the BBC, it seems that it is important which social network you join and invest time into. If a site closes, what happens to user information then? And almost as importantly, what a waste of time for users that have built profiles and invested their spare time in building their personal network!

Update - May 2010: Is a Facebook backlash beginning? This post is proving to be wildly popular and explains some of the issues many people have with the way that Facebook conducts itself with regards to individual privacy and business. An enlightening read!

As the month rolled on, the controversy about the new Facebook privacy rules grew. They changed rules and the problems rolled along. This post from Mashable's Pete Cashmore explains more and this story about the risks of indiscreet Twittering proved interesting.

Update - July 2010: More news on the potential problems with social media. We have previously heard of people not being hired because of social media. However, this CNN editor was fired because of a public reaction against a post made on Twitter. Read the BBC story here .

More reports this month relating to Facebook include the concept of total saturation of their markets in developed countries. This story on CNN suggests that the growth in new users on Facebook is starting to slow in countries with high internet connectivity rates. In other words, perhaps everyone that wants an account now has one?

Also in July, it was announced that Facebook pages will have a "Panic Button" aimed at protecting children and teenagers on the site. The BBC reports on this big development in social media here . This really is a big development because until this, it has always been presumed that social media users can "look after themselves", but this is a tacit admission that there are bad people online - (just as there are good people as well!) and that we may need help to be protected from those bad people.

Important - Please Read: Also in July 2010 (on the 28th) news broke that 100 million Facebook profiles have had details harvested and are downloadable on a file on torrent websites! This is - apparently - only public information (listed in search engines etc), but still, to be available as one file is rather shocking. While this seems to be an ethical hack (designed to highlight flaws) it may open up new avenues of attack for identity thieves. Be sure to review and increase your privacy settings immediately.

Update - August 2010: The new like button seems to be coming in for abuse. It seems that there is a new dislike button that is being shared and spread but has malicious perposes. This CNN article explains how the article is spreading itself virally to friends of friends across Facebook. The button itself does not seem to be harmful, but weaknesses like this can be opportunities for criminals.

Also in August, this story on Mashable explains how a class action lawsuit has been filed in Los Angeles against Facebook. This relates to the way in which photographs (more specifically, of minors) have been used on the network via the like button. While not related to identity theft, this is in the very closely related area of the privacy and rights of users. It will be very interesting to see how this subject develops.

Update - September 2010: It seems everyone is getting in on the act of online safety! While not specifically aimed at facebook or identity theft, law makers in New York are putting legislation in place relating to online dating via the internet and social networking websites. This story on Mashable details the protection measures being enacted and it is mostly common sense measures. Though they do show just how dating has changed over the last 20 to 30 years!

Also in September, this story on the BBC website highlights the very real problems that people can have with personal information and the privacy settings on Facebook. The British girl in question had posted her home address as part of a party invite for some friends - and had 21,000 people say they would 'attend'!

And if the thought of 21,000 house guests doesn't give you pause for thought, this horror story from the UK about the evils that social networking sites can be put to certainly will. It makes identity theft seem quite pleasant in comparison.

Update - October 2010: After that last link it isn't very comforting to hear that teenagers can be at risk on social networking sites as well. This CNN report about cyberbullying provides very little reassurance about human nature. Alas, it isn't the tools, it is how we put them to use that does the damage...

Two more links from CNN in October. The first relates to new security tools on Facebook and the second to the new partnership between Bing and Facebook with the aim of improving Bing's search results. Both links offer some interesting developments with a potential impact to online privacy matters.

Speaking of online and Facebook related privacy matters, this eye-opening free report aimed at online marketers highlights just what is at stake in the online personal information publishing (social networking) age. Shocking in places!

This story on tech and Web 2.0 blog Mashable highlights some of the potential problems with Facebook apps if user IDs are shared. Since this potentially impacts some of the largest app games on Facebook, this has the potential to be serious, but will hopefully pass by without problems in time.

Update - November 2010: The problems mentioned above from the launch of Google Buzz appear to have been settled as described in this story from the Tech section of CNN Money. If nothing else, it proves the importance to big firms of getting everything right before the launch of a new social platform. Why? Do you know anyone that actually uses Google Buzz???

Most of the problems mentioned above about the downside of Web 2.0 can now officially be eclipsed! This report on CNN describes how a Chinese woman has been sentenced to one year in a labour camp for a Tweet! Scary, scary stuff.

Back to Facebook, and the launch of email on the site and the confident claims of CEO Mark Zuckerberg about it's spam resistence levels - the Economist writes this interesting article about the changing landscape in online fraud, including the use of social networking sites and spam emails.

Update - December 2010: This story from Mashable explains that Facebook's Privacy Policy is coming in for scrutiny in South Korea. A complaint has been made and Facebook has 30 days to respond.

Also on Mashable is this excellent guide to 4 tools that parents can use to help protect their children online. Recommended.

Its Christmas Eve and this story about an ex-Google employee called Brian Kennish and his new extension for Google Chrome called Facebook Disconnect which is designed to help internet (and Facebook) users to protect their personal information online. This is an attempt to stem the worrying trend of Facebook's information gathering of us all.

To read more about related subjects, please follow these links:

MySpace Identity Theft

Wireless Identity Theft

Online Identity Theft

Password Security Tips

Identity Theft Risks

Combat Identity Theft

Organised Internet Crime

Do You Have A Story About This?

Have you had experience of identity theft or some other form of personal information problem while using Facebook or other Web 2.0 properties? Please share it with us so that we can all learn.

What Other Visitors Have Said

Click below to see contributions from other visitors to this page...