Cybersecurity: How oversharing leads to identity theft

Whether it’s Facebook, Twitter, LinkedIn, Instagram, or email; sharing our private lives with friends and family has become an addictive pastime. But even if your last selfie was meant for your peers; there’s no guarantee that they would be the only ones to view your posts and filter through your photos. Like it or not; excessively sharing sensitive information is only giving hackers more tools to bypass your network security and wreak havoc on your systems.

Before you assume we’re anti-social media, we’d like to nip that in the bud and say that we’re not. In fact, we believe social media and other communication technologies can help a business grow in more ways than one. But consider this: In the 2014-2015 financial year, 126,300 Australians were victims of identity theft. And oversharing information is a huge contributor to these threats. Here’s how.

What do cyber criminals look for

Everybody knows not to disclose something as private as their bank PIN or tax file number online; but many users generally are not aware of the other critical details that cyber criminals might easily find on social media.

Whether your employees post 140-character Tweets or share minutiae amounts of personally identifiable information on Facebook; the smallest detail made public on social media could open a backdoor to your system. With just a series of Google searches and unsolicited friend requests; hackers can easily glean personal information from social media, which include:

1. Basic credentials

Your full name, address, phone number, and date of birth can easily be found on your social media profile. When not careful, you can allow the identity thief to perform simple, yet convincing lies to government agencies, web services, and financial institutions.

2. Details of employment

This refers to your place of employment, job title, and co-worker information. By impersonating you, hackers can employ targeted social engineering attacks to other employees and cause even more damage to your company.

3. Security question answers

Whether it’s your mother’s maiden name, pet’s name, or your favourite food; correctly answering security questions allows you to reset your password in case you ever forget the password to a certain web service. The problem; comes when the answers to those security questions are plastered all over an individual’s or company’s Facebook page; practically giving a hacker the keys to resetting login credentials and online accounts.4.

4. Geolocation tags

Geotagged posts allow hackers to pinpoint your address; let them know where you’ve been, and predict where you will be. This information also gives cyber criminals the ability to track your everyday movements and identify the establishments that you frequent; making it easy for them to commit identity fraud.

In fact, even something as harmless as posting a photo of your boarding pass can give a malicious hacker all they need to ruin your day. Founder of, Steve Hui, showed how a hacker can easily extract information from a picture of an airline ticket. With access to the name, booking reference number, and barcode; Hui was able to see the passenger’s travel itinerary, frequent flyer login credentials, and financial details.

The consequences

Once cyber criminals access your data, they can:

  • recreate your online identity,
  • open accounts,
  • get a loan, or
  • buy extravagant goods under your name with your hard-earned money.

According to a report from the ABC; successful identity thefts can cost the average victim approximately $4000. What’s worse is that businesses also bear the brunt of these financial damages.

When someone loses his or her identity; a huge amount of time is spent reporting the crime to authorities; filling out the necessary legal paperwork, and assessing every transaction. The time dedicated to getting back on track; equates to lost productivity, indirectly slowing down business operations.

Social engineering

With a stolen identity, hackers can impersonate high-ranking employees, use their login credentials, and perform targeted social engineering scams.  They can then access sensitive company IT infrastructure and data without having to crack advanced network security systems.

Data breaches resulting from identity theft could then lead to loss of reputation, decreased sales, reimbursed fees, and expenses associated with mending customer trust.

Safeguarding sensitive information

Although we know social networks are potential cyber security risks, we’re not advising you to unplug from them altogether. You can protect your organisation from oversharing on social media and identity theft by establishing security practices and policies for identity theft.

As a general rule, if you want to share details about your life in social media; make sure it has nothing to do with:

  • your password,
  • banking credentials, or
  • possible answers to security questions.

This way, hackers don’t have easy access to your online accounts. For instance, if the password for your Twitter account happens to be a pet’s name listed on your Instagram account; replace it with a complex password that has a combination of upper and lower case letters, numbers, and symbols.

Staff training

Train your staff to be wary of unsolicited friend requests and whom they share content with. Facebook, for example, allows you to customise privacy settings on a post-by-post basis. To configure general privacy settings; click the lock icon on the right side of the Facebook interface and select who can see my stuff? To customise the sharing settings for each post, simply click on the button next to Post.

Role-based permissions

Deploy role-based access permissions for job-specific files and data. Your accounting department, for instance; shouldn’t be able to view, edit, and share HR documents. Segmenting your business data this way controls the flow of data and prevents a full-blown breach in case identity thieves impersonate front-end staff.

Ultimately, social media and other communication technologies are supposed to deliver a breadth of opportunities to businesses; not identity thieves. We can provide your business with periodic security awareness training. Learning the difference between harmless posting and oversharing can protect a business from the devastating consequences of identity theft.

Given the amount of personal information people willingly share online, outsmarting identity thieves can be an uphill battle. Empower IT Solutions use our cyber security expertise and advanced network security technologies to reduce your chances of identity theft. Contact us today to safeguard your business.