Profiles: Identity fraud in social networks
I contend that the safest place for your personal information is online, in a social network, and let me tell you why… oh wait, let me set the scene first *moves some chairs around* I’ve been asked my a million people lately for my opinion on scams online and people having their identity in real…
I contend that the safest place for your personal information is online, in a social network, and let me tell you why… oh wait, let me set the scene first *moves some chairs around*
I’ve been asked my a million people lately for my opinion on scams online and people having their identity in real life taken because they revealed too much on Facebook or whatevs. I have to say, I tend to fob off the questions. Not because they can’t be answered and, not because securing one’s real life identity from ID theft is not important, but because usually people asking aren’t interested in real answers, just tabloid-like fear-mongering stuff. So I say “it can be managed’ and leave it at that.
But I know that you, dear reader, want the goodies 🙂
Soooo, there are a variety of identity issues online.
- Is this person who they say they are in real life? Not just name and location but also job, married/unmarried, gender, everything?
- Are they who they imply they are? In other words, not just name – if my handle is SugarLips, do you assume from my actions that I am a woman in real life?
- Does this person exist at all? I wouldn’t be the first person to create two persona’s so I can have an argument with myself online. Whaaat? Haven’t you? It’s a nice technique in online communities to address an issue without spotlighting it as an “issue”. And no, I’m not fussed about ‘transparency’ in this case.
- Is this a group persona? Some famous cases – such as the old cyber-rape case that I vaguely remember Julian Dibbell (?) writing about in the early ’90s – turned out to be a dorm room full of students sharing one account. Account sharing is banned in most social networks btw, and that’s one reason why. Got that in your ToS hmmm? (EDIT: Wiki cyber rape case). Spoke to K from Sony the other day – she thinks that 4inchheels (now hacked) is a group blogger under one name, I tend to agree with her.
- What aspect of themselves are they showing? And where does identity lie. If a CEO blogs, is s/he being real or just repeating what has been vetted by public relations and the legal team? If a CEO speaks from the heart into a dictaphone and a secretary types it up, is it really from the CEO?
And how does this stuff compare to the Real World? Ever been on a date with Mr Wunnerful who turns out to be … less? Where was Cyrano de Bergerac hiding – under the dinner table? o.O
So a fraudulent offer is where you are offered something that is …err … not what it says on the packet? A funny game on Facebook that copies your contacts list, or a competition form you complete with a pen, or … who cares. As we use online more, there will be more online fraud. Full stop.
So here’s the current figures…
How Were Fraudulent Offers Pitched to Victims?
- In 27 percent of incidents, victims learned about fraudulent offers through print advertising – direct mail advertising (including catalogs), newspaper and magazine advertising, and posters and flyers (Figure 9 and Table 9).
- Direct mail was the most common form of print advertising cited, and was the medium used in 16 percent of all fraudulent offers. Newspaper and magazine advertising was the medium in 10 percent of cases.
- The Internet (including general websites, Internet auction sites, and email) was the medium through which victims learned about fraudulent offers in 22 percent of incidents.
- General websites were responsible for the largest percentage of these cases: In 10 percent of all cases victims said that they first learned about the offer from an Internet website, other than an auction site.
- Victims indicate that they first learned about the offer from an Internet auction site in only 3 percent of incidents.
- Television or radio advertising was used in 21 percent of fraud incidents.
- Telemarketers were the source of information about fraudulent products or services in 9 percent of all cases.
Here’s an example of a beat-up Facebook-applications-can-steal-your-identity-ohmahgawd piece from the BBC. I can’t embed the video cos they don’t allow that. A basic response would be: how many profiles of the 64 million Facebook users do you think leave their page open, public, searchable by Google and available to RSS and API? A reasonable amount one assumes – enough to keep any industrious identity thief happy. The BBC didn’t need to waste time and money (actually an app only takes a few minutes to build) to rip some profile information from Facebook… .
Now here’s my thing – the social network will win against fraud:
How long did the BBC scam application stay up on Facebook for? Before it was found and reported? How long did it take the social network to discover the poor code, and send out alarm bells? Does Facebook use the “wisdom of the crowds” and have developers checking on each others code?
But the big one – did the BBC have the application go viral? What was it’s take up rate? How long before the community figured out it was a trojan and went on the attack? The social network ALWAYS moves fast to discover and disseminate – hey! that’s what social networks do with any content – and if that content is a new application, it needs to be pretty compelling to get a take up of any size. And once taken up, the social network will figure out – someone will keep an eye on the techie/geeky side, there is always one jock in the crowd – and send out a warning.
And hell, we can send out warnings fast over email, SMS, Facebook wall, groups, chat, forums, blogs, wikis, and through ratings/rankings.
I feel sorry for organised crime. They have no clue that the social network is more organised, more protected, more connected – in fact, organised crime is just a little social network. Shared values, shared purpose, shared hiearachy, defined roles, defined leaders, defined etiquette, rituals, subgroups/tribes whatever. And they are now being ranged against by millions of members of Facebook.
Good luck with ripping off profiles, you won’t last long.
I talk a lot about anti-PR and anti-marketing consumer companies (IHateIkea.com type stuff). But they are also good for scams:
www.awitness.org
scamhunter.blogspot.com
www.ripoffreport.com
My favourite is www.scambuster419.co.uk
Incidentally, government departments and banks are now confirming identity by asking you to give dates of letters they have sent you. *hunts thru the trash can* ASIC gave me a hard time yesterday 🙁
Oh and one final note: the long tail of the Brand of One (you) means you have to be good. As you develop your identity online (filling out profiles), so you gain reputation (we remember you, and start to recognise you), and then trust (we start to identify if you give good advice or are a bit of ditz). Don’t do too many shonky things – you are too easy to track and everyone is connected to everyone these days.
In others words, be good! (and yes, I’m intentionally ignoring the issues of dataportability)
How does that explain the continued presence of mobile phone scams being advertised on Facebook?
Bingo! you just proved my case. *jumps up and down excitedly*
I’ve never heard of the mobile phone scams on Facebook. We don’t know each other in real life (do we?).
yet here is a perfect stranger (you are perfect, you are on Twitter :P) telling me about a scam I don’t know about, within minutes of me mentioning something about fraud and facebook.
I’m not saying that scams will go away – there may even be more of them to choose from – nor that some people (particular demographics) won’t be as susceptible to them (though the demographic tends not to be on facebook at the moment).
Just that a stranger will step in, warn another stranger, who will pass it on to 10 others, who will pass it on to 1,000 others. Not next week, not tomorrow. All within the blink of an eye…
Profiles: Identity fraud online http://bit.ly/1k5Ow7 <- 27% fraud thru print advertising, 22% online. @julie_posetti @colvinius @meadea
@kirstimelville see my last tweet http://bit.ly/1k5Ow7 highest % of fraud is done through print, not online.
Currently there are more scams with print media than online http://bit.ly/1k5Ow7 when do YOU think social media scams will take over?
So, erm, ‘the social network will out the scammer and fast!’, eh?
I guess that’s why it took ’til this week for the boss of Zynga to out himself as a badass scammer from hell ‘coz the FB community were so on him. Not.
http://www.techcrunch.com/2009/11/06/zynga-scamville-mark-pinkus-faceboo/
well I knew. 😛 Not sure what part of scammy games on Facebook aren’t understood by the masses, but most people figure it out quick. I include RockYou and Slide in that estimation.
Ask around what people think, look at the discussions on SuperRewards and other social networking programs – the social network doesn’t necessarily walk up and tap you on the shoulder, but a quick tweet or google search offers up most warnings and caveats instantaneously, no?
Therein lies the scammer’s power. People want to believe stuff that’s too good to be true, they want to believe they won’t be scammed. Thus the idea that one needs to ask if it’s a scam won’t happen to most people until it’s clear too late. Thus, the scammers will always win.
I note you play Warcraft. No matter how much Blizzard (to the uneducated, they’re Warcraft’s authors and publishers) or the Warcraft community discuss scamming, it still goes on. In massive amounts. Profits that make small third world countries cry and some first world country universities very happy. Because there’s always fresh meat with more money than sense who think they know better than those that came before them. That’s base human nature. And that’s where organised crime will always profit the most, at the most basic of human desires and wants. I’d humbly submit that the feeding frenzy on Zynga’s outing is precisely because people won’t figure out the scams quick enough. They don’t want to believe that there’s a nasty person out there.
I just think the future’s a far more muddier than the hope that people will pass on info about scams. Only takes a couple of big false positives for that kind of trust relationship to collapse. And FP’s aren’t that hard to inject into a social network, either. ‘Keep ’em weak and confused!’
(Footnote: Take a look at what’s going on with WoW trying to get started again in China. Very very interesting stuff, it has resonances across to Hu and Rio Tinto 😉
Anyways, on the subject of nasty conspiracies and ripoffs, I’m off to 2012 now. Thanks for letting me have a rant. Toodles!
RT @SilkCharm: Id fraud online http://bit.ly/1k5Ow7 <- 27% fraud thru print advertising, 22% online. @julie_posetti @colvinius @meadea
RT @SilkCharm Profiles: Identity fraud in social networks | Laurel Papworth- Social Network Strategy http://bit.ly/25ijb
RT @SilkCharm Profiles: Identity fraud in social networks | Laurel Papworth- Social Network Strategy http://bit.ly/25ijb <Thanks @deswalsh>
I used to believe that keeping my identity off the web as much as possible was the safer recourse. Now, I believe just the opposite. I want to be the one in control of what appears to be my profile on every popular social media and online community instead of letting someone else create and maintain any profile that people will mistake for me. I ran across another blogger who just recently ( see http://www.dynamicalsoftware.com/profile/leveling ) gave some more good reasons for building online profiles that authentically match your real world identity.
One reason why social networking sites are gaining popularity is because users get to hide their flaws and enhance their best features when making friends. There is not much harm in that because you are not totally lying about who you are. But there are those who take it up a notch and resort to more drastic measures that they take another identity altogether which is wrong. Stealing one’s identity was mainly prevalent with the use of private documents and mail but this evil deed is now being done through the Internet as well. As you can shred copies of your private records, you cannot simply do that once you have uploaded your personal data on the web so be careful.
I’m really impressed with your writing skills and also with the layout on your
weblog. Is thi a paid theme or did youu customize it yourself?
Anyway keep up the nice quality writing, it’s rare tto see
a nice blog like this one today.
Appreciate the recommendation. Willl try it out.