Everybody knows there are certain things you can’t share on the Internet without the risk of serious consequences — photos of yourself in compromising positions, intimate details of your travel plans, or what you really think of your boss, for instance. But there are other morsels of information we share with regularity and without considering the consequences to our own detriment, as one of ZDNET writer Zach Whittaker’s colleagues found out recently after granting Whittaker permission to try and hack him.
What Whittaker found was that, with just a series of Google searches, a dash of Twitter data mining and some social media information, his colleague’s financial accounts could rather easily be compromised by somebody with an axe to grind.
So what should you stop doing online in order to better protect your identity offline?
1. Geolocation Tags
Facebook, Instagram and Twitter all allow users the option to reveal (or redact) location data on posts — but sometimes the listed location is as specific as your exact address, not just the city. Given how much of social media is publicly available, it doesn’t require a great deal of effort for someone to match your Tweets or Instagram pictures from home with the address you call home, and your address is often one piece of data financial companies use to verify your identity.
2. Posting a Picture of Your Financial or Personal Data
You’d think this was obvious, but some people just can’t help sharing their excitement over a new driver’s license or credit card or even an old bill they’ve finally paid off. But in addition to revealing your name, account number and address to would-be identity thieves, you’re also providing easy access to information that someone could use to socially engineer their way into your accounts and disrupt your life.
3. Opening Your Home and Car to Strangers
Sites like Airbnb, Airpnp (for bathroom-sharing — how can you not love this?!) or Lyft encourage people to make money off their existing physical assets — cars, extra rooms or conveniently-located bathrooms. But they can also engender a false sense of security about having strangers around your stuff — like mail, car registration or insurance documents, financial data or even medical information (like your prescriptions in your medicine cabinet). If you’re going to invite strangers in, make sure you also lock them out of any information they could use to target you for identity theft — even if that means securely storing your important information or receiving your mail off-site.
4. Checking In Everywhere
In addition to letting burglars know you’re not home, checking in on Facebook or Foursquare lets identity thieves know where you are, where you’ve been (like a bank) or where you will be (like your regular gym). Any of that information could give them another source for potential data points to later use to access your financial accounts.
5. Happy Birthday to Me!
While birthday wishes from far-and-wide can make your special day even more special, it is one of those obvious data points that financial institutions use to authenticate you. From Facebook to dating sites, we often disclose at least the month and day of our birthdays (if not the year). Unfortunately, in concert with online resumes or a LinkedIn profile that shows our graduation dates, it’s pretty easy to figure out one’s entire birthday — let alone their hometown, home address, or the name of their high school, which are also common challenge questions for financial institutions. If you can’t contain your desperate need to leave it offline for whatever reason, make sure you don’t use it as your password or PIN to another account.
The amount that we share online makes us more likely to feel like sharing widely is a normal thing, online and off. But the ease with which we publicize seemingly harmless bits of personal information online and off is often what scam artists rely upon when they go phishing, like in the new Netflix user phishing scam, or when they try to convince a customer service person that they are us. You don’t have to make it any easier than it is, and you can make it a lot harder without going dark – just be smart about what you let into the light.