recommended reading

Social networking sites a treasure trove for identity thieves

The increasing amount of information individuals share on social networking Web sites also could put them at greater risk of identity theft, according to identity management professionals.

The amount of personal information posted on social networking sites has made it easier for criminals and others to collect data and impersonate individuals online, said identity specialists speaking on Thursday at a panel in Washington hosted by the technology lobbying group TechAmerica.

"The definition of personal identifiable information will continue to expand," said Rick Kam, president of the consulting firm ID Experts. "Our approaches must also evolve."

The number of phishing incidents where individuals are asked to enter their personally identifiable information into a third-party Web site has increased sharply in recent years, said Dianne Usry, deputy director for incident management at the Internal Revenue Service's Office for Privacy, Information Protection and Data Security.

To comply with an Office of Management and Budget mandate intended to combat the increase in identity theft, the IRS is limiting its use of Social Security numbers both on printed documents and as a way to authenticate online visitors to its Web sites. Last year the IRS decreased the number of documents and letters with Social Security numbers by 8 million.

"The IRS will never get away from paper," Usry said. "We're actually more concerned about the possibility of a data breach from paper documents than from online."

The IRS does not keep statistics on the number of phishing attempts that successfully steal personal data, but most domestic phishing sites usually are shut down within three hours, she said. International sites take longer to shutter.

"The criminals are more active and so are we," Usry said. "We hope awareness is going up along with activity."

Social Security numbers are no longer the only target of online criminals, according to the panel members. Social networking sites such as Twitter and Brightkite allow individuals to post a stream of updates that include where they are. The popular photo-sharing Web site Flickr allows users to see exactly where a photo was taken. By aggregating the data about an individual's activities and movements, someone can create a detailed account about the person's work or personal life, according to Ian Glazer, a senior analyst for identity and privacy strategies at Burton Group.

"Individuals and organizations should treat their location as an enterprise asset," Glazer said, adding that disclosures made on social networking sites like Facebook could reach much larger audiences than users intended.

Also on the rise is medical identity theft, whose victims account for 3 percent of all identity theft, according to Dan Steinberg, an associate at Booz Allen Hamilton. Steinberg said medical identity theft is especially troubling because in addition to financial damage, the act can result in physical injury or loss of life.

One of the most common forms of this type of theft is when an individual uses someone else's information to seek medical care, either with or without their consent. The impostor's patient information is then added to the authentic patient's record, creating the possibility that the victim might receive a misdiagnosis or mistreatment when he or she visits a doctor or hospital.

Steinberg said health care providers can prevent this by verifying the identity of patients before providing care. Many providers now request identification when patients arrive, but the practice is not widely followed.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.