OTTAWA  |  April 4, 2008 —The growth of social networking sites means users are leaving "digital breadcrumbs" about their lives online and are putting themselves at risk of having their identity stolen.

Facebook fans: Beware of what you post.

Social networking sites such as Facebook and MySpace have revolutionized the world of identity theft. Before they existed, scammers had to convince people to hand over information by implying authority and gaining trust, says Colin McKay, director of communications for the Office of the Privacy Commissioner of Canada. Now, fraudsters can steal identities because these sites make personal information more easily available.

"We're all still learning what the impact can be of sharing information online and how much information exactly we can share," he says. "Through the first three years of Facebook, everyone was used to sharing a lot of information. But as the sites have gotten older, we've realized...we're leaving a lot of digital breadcrumbs around about our life and that's something that we actually need to keep control of."

Eternal archives

Delete does not necessarily mean erase. Much of the information posted online remains stored in some format in cyberspace. On social networking sites personal information may be cached, archived or even copied by another user. 

These sites are like "shooting fish in a barrel" for identity thieves, says Tim Richardson, an e-commerce professor at Seneca College and the University of Toronto. Regardless of the option for high privacy settings, nothing is foolproof and fraudsters can still access the information, he said. On top of that, many users are not cautious when revealing personal details, creating a hotbed for cyber criminals.

Info-graphic: Postin' protection Here are eight ways to protect yourself on Facebook. Requires FlashPlayer

Sophos, a U.S. IT security and control provider, conducted a Facebook ID probe late last year. Researchers created a fake profile and sent out 200 random friend requests through the site. Eighty-seven users, or 41 per cent, accepted the requests.  Many of the respondents listed their full date of birth, details about their education or workplace, their current address or location and email address. This might not lead directly to identity theft but it does provide potential cyber criminals with many essential elements to commit the crime.

It's hard to gauge what impact social networking sites have on identity theft because many cases go unreported. But, McKay says the perception is that identity theft is on the rise because these sites make personal data more available and easier to steal.

PhoneBusters, the Canadian anti-fraud call centre, operated in part by the RCMP, reported almost 8,000 incidents of identity theft across the country last year. This amounted to more than $16 million in losses.

Identity theft is growing, Richardson says, because companies are increasingly trying to develop consumer profiles for targeted advertising. Criminals also have more tools, such as online chat rooms that teach people how to commit identity theft, he says.

Don't bank on privacy

It's not just social networking sites that are causing problems. Online job search sites are especially attractive to identity thieves. They pose as potential employers and ask job seekers for personal information. Even dealing with seemingly reliable companies, such as banks, can pose risks. Richardson says they often outsource their functions to third parties who cut corners to minimize costs, possibly compromising customers' privacy.

A criminal only needs a postal code to steal someone's identity, Richardson says. Criminals often get this type of information by using traditional scamming methods. They apply the techniques to the online world, using too-good-to-be-true offers, false charities and advanced fee letter fraud. They have also created new online methods of getting this information, including phishing scams.

Once cyber criminals have your personal information, they can commit account fraud, which can involve taking out a credit card in your name and using it to spend money fraudulently or taking over your account by submitting an address change. Victims might face costly bills and bad credit or be forced to clear their name with financial agencies.  

Typing your personal information online can be the "key" to a stolen identity.

The general public often makes the scammers' job easier by carelessly revealing personal information online and not taking precautions, such as regularly changing their passwords.

"People get sick and tired of using different passwords for different things," Richardson says. "What these criminals do, is they count on some overlap existing, and that's how they're able to take one circumstance and then extend it to others."

The Office of the Privacy Commissioner of Canada, in an attempt to raise awareness about online identity theft, has created fact sheets, a blog and a video dedicated to online information sharing. McKay says its public education program will grow this year through speaking to a variety of age groups and communities about the risks of social networks.

Richardson wants the public to understand that even taking small steps will help.

"Bad guys are targeting people that [take] no precautions whatsoever and [target] people that are more vulnerable," he says.

Related Links Fears over Facebook identity fraud Public Safety report on identity theft B.C. Mounties bust major ID theft ‘hub’ in Surrey Study: Facebook users easy targets for identity fraud Sophos Facebook Study