The Biggest Identity Pitfalls on Social Media

IDWise Logo

This past fall, some Instagram users got an unpleasant surprise—and a wake-up call about the dangers of posting too much personal information on social media. When Minnesota state officials, along with the Secret Service and the U.S. Attorney's Office, indicted 25 members of the largest check forgery/identity theft ring in the state's history, they also announced that a huge number of the group's victims had their information stolen straight from the popular photo-sharing app.

The fraud ring, led by 30-year-old check forger Sinemah Gaye, was accused of stealing victims' banking information through a variety of channels, including fake door-to-door sales and insiders who worked as bank tellers. But a third source of financial information was the victims' own Instagram photos, most posted with the hashtag #firstpaycheckever or #myfirstpaycheck. These selfies of proud users and their new paychecks often had their full name, along with their bank routing number and checking account number, in plain view—making it easy for check forgers to use that information. Other hashtag searches like #firstcreditcard turn up similar photos. Most have card numbers obscured, but far too many others are less secure.

You may be shaking your head over the naiveté of posting your paycheck or credit card on social media for the world to see—but the truth is, there are many less obvious ways you might be putting your personal information and your identity at risk on social media.

"There's never been a better time to communicate and share our lives with friends and family online, using a multitude of devices and social networks," says Shannon McCarty-Caplan, consumer advocate for global security software company Trend Micro. "But as the ways to communicate increase, so do the threats to our private data. Internet users are making social media faux pas in a multitude of ways."

Read on to discover some of the biggest social media mistakes people make—and see if you're making any of them yourself.

Letting too many apps post on your behalf. Even if you're not specifically posting updates like "On vacation for the next week," the apps you use may still be alerting thieves to your more mundane comings and goings.

Not checking your privacy settings. What you post on Facebook can be used to crack your passwords or hack your accounts on other sites. "Most online accounts use 'qualifying questions' to verify your identity," says security analyst and identity theft expert Robert Siciliano. "These questions tend to involve personal information, such as your kids', other relatives', or pets' names or birthdays. When thieves find this information on your Facebook page, they can reset your passwords and steal your identity." So limit what you post, and lock down your privacy settings.

Not logging in manually. There are two ways this can come back to bite you: by letting your browser save your password, or by using a link in an email (for example, an email notification that you have a Facebook message). According to a study commissioned by Trend Micro, 67 percent of Internet users use the browser to save their passwords. But, says McCarty-Caplan, "a cybercriminal could easily hack your browser and steal your passwords—which could lead to identity theft or worse." As for the second method, Siciliano notes that some phishing emails imitate the email template of sites like Facebook and Twitter, tricking victims into believing they've received an official message from the site. Once you enter your login credentials, however, "criminals can take over your account, pose as you, and ask your friends for money," Siciliano says. "Always log into your social media accounts manually, rather than going through a link in an email."

Not claiming your social media turf. Sure, you may love Facebook and avoid Twitter—or vice versa—but you should still at least register on both, as well as on as many other social media sites as you can. Why? So someone else doesn't do it for you. "When someone snags your name, posts a photo as you, and begins to communicate while impersonating you, the effects can be devastating," Siciliano says. "Grab your name on as many sites as possible., a site that allows you to check for the use of your name or brand on up to 500 social media sites at once, can help speed up this process.

The Trend Micro study, which was commissioned in August 2014, showed that Internet users are worried about social media pitfalls such as these—yet disinclined to do anything about them. Almost two-thirds of Internet users in the study removed or deleted posts they made to social sites; in 2013 that number was closer to one quarter. Over 30 percent of those users cited a fear of identity theft as their motivation. The study also revealed that these same Internet consumers participated in risky behaviors like allowing apps to access their public profile information.

Social media can be a great way to keep up with friends and make new ones. But let the hapless paycheck-posters of Instagram be a lesson to you, and don't let your enjoyment of these sites compromise your personal information.

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.