Internet security: How to keep your details safe

Picture of the Facebook logoThis week a young woman had her parents' home in Australia robbed by people who'd seen her Facebook page. She'd been helping her grandmother count a load of cash, taken a picture of it and uploaded it. Thieves somehow found out where she lived and broke in - nobody hurt, thank goodness. So what can you safely put on social networks and what should you avoid?
Obviously the first thing is if you have an unexpectedly large amount of cash, don't tell everyone. The young woman in question will be kicking herself quite hard enough about that. But there's other stuff too.

What do fraudsters need?

A friend of mine was celebrating her 50th birthday a couple of years ago. She put the date on her Facebook page and I suggested, immediately, that she should take it down - wrongdoers find dates of birth remarkably useful.

Another friend of mine has a better idea - he puts his date of birth down as 1976. He's older than I am and I was born in the sixties - but he now knows that any piece of junk mail he gets, any confirmation of applications for credit cards or whatever, that quotes his date of birth as 1976 has taken the data from Facebook.

Another thing to watch is making obvious contact with certain relatives, and not just the shifty ones. Your mother may be on Facebook, and she may list her maiden name as well as her married name (if indeed she has a 'married name'). You might consider listing your mother among your contacts is harmless - dammit, you're proud of your mum, I'm certainly proud of mine.


How many online forms have you ever filled in where "mother's maiden name" is a standard security question? So if someone's watching your Facebook relationships and sees that your mother's maiden name is indeed Ramsbottom then they can get past another one of those security questions and possibly re-set your password.

It's worth looking into the details you've already put online. The other classic is your status.

Are you married?

And is it any of my business if you are or aren't? To me the information is going to be completely neutral unless I take a real dislike to your spouse. To an identity fraudster it's very interesting indeed because your bank, your storecard suppliers and all manner of other important people will know it too. If you've put your own maiden name, if you have such a thing, online for me to see, so much the better - I may be able to defraud your kids as well.

One notable feature about the Australian cash case is that the 17 year old in question hadn't put her address online. This is a good move although in this instance they clearly found her anyway - let's not claim fraudsters work only online. But people do put their addresses onto Facebook and elsewhere (on websites, for example) - this is rarely a good idea unless you're a business, and not a home-based one at that.

Then there was the teacher who mentioned to her class that her son was on Facebook. He'd put his phone number online and ended up being called constantly by a load of giggly schoolgirls - it wasn't ID fraud but they were wrong to abuse the number and he had to get it changed.

The other fatal thing people have done on social media is the classic "whoopee, we're going on holiday" Tweet, Facebook update and Google+ status. Or worse, people updating their status with exact accounts of where they are: "Outside the Louvre, whole family itching to get in". That'll mean there's a good chance your house in Stoke Poges is empty, then, with that flat-screen TV you mentioned buying last week unguarded.

It's easy to become paranoid about this but do consider the data you're making freely available. And watch yourself offline as well. A few years ago a security company did an experiment at Victoria Station. They employed people to pose as market researchers looking into banking habits one April, and got them to fill in questionnaires in exchange for a Creme Egg. If they filled in a longer form, including information on who they banked with and where they lived, they were entered into a prize draw for a big £50 egg.

By the end of the day the company had enough information to take over about 1000 bank accounts.

Blogger Guy Clapperton is the author of "This Is Social Commerce"
Read Full Story