recommended reading

Social networking sites a treasure trove for identity thieves

The increasing amount of information individuals share on social networking Web sites also could put them at greater risk of identity theft, according to identity management professionals.

The amount of personal information posted on social networking sites has made it easier for criminals and others to collect data and impersonate individuals online, said identity specialists speaking on Thursday at a panel in Washington hosted by the technology lobbying group TechAmerica.

"The definition of personal identifiable information will continue to expand," said Rick Kam, president of the consulting firm ID Experts. "Our approaches must also evolve."

The number of phishing incidents where individuals are asked to enter their personally identifiable information into a third-party Web site has increased sharply in recent years, said Dianne Usry, deputy director for incident management at the Internal Revenue Service's Office for Privacy, Information Protection and Data Security.

To comply with an Office of Management and Budget mandate intended to combat the increase in identity theft, the IRS is limiting its use of Social Security numbers both on printed documents and as a way to authenticate online visitors to its Web sites. Last year the IRS decreased the number of documents and letters with Social Security numbers by 8 million.

"The IRS will never get away from paper," Usry said. "We're actually more concerned about the possibility of a data breach from paper documents than from online."

The IRS does not keep statistics on the number of phishing attempts that successfully steal personal data, but most domestic phishing sites usually are shut down within three hours, she said. International sites take longer to shutter.

"The criminals are more active and so are we," Usry said. "We hope awareness is going up along with activity."

Social Security numbers are no longer the only target of online criminals, according to the panel members. Social networking sites such as Twitter and Brightkite allow individuals to post a stream of updates that include where they are. The popular photo-sharing Web site Flickr allows users to see exactly where a photo was taken. By aggregating the data about an individual's activities and movements, someone can create a detailed account about the person's work or personal life, according to Ian Glazer, a senior analyst for identity and privacy strategies at Burton Group.

"Individuals and organizations should treat their location as an enterprise asset," Glazer said, adding that disclosures made on social networking sites like Facebook could reach much larger audiences than users intended.

Also on the rise is medical identity theft, whose victims account for 3 percent of all identity theft, according to Dan Steinberg, an associate at Booz Allen Hamilton. Steinberg said medical identity theft is especially troubling because in addition to financial damage, the act can result in physical injury or loss of life.

One of the most common forms of this type of theft is when an individual uses someone else's information to seek medical care, either with or without their consent. The impostor's patient information is then added to the authentic patient's record, creating the possibility that the victim might receive a misdiagnosis or mistreatment when he or she visits a doctor or hospital.

Steinberg said health care providers can prevent this by verifying the identity of patients before providing care. Many providers now request identification when patients arrive, but the practice is not widely followed.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.