I wrote previously about a new consumer reporting agency called the Social Intelligence Corporation that mines date from social networking websites such as Facebook and MySpace to build a consumer report about you. My previous post is here - http://fcralawyer.blogspot.com/2011/06/social-intelligence-new-social-network.html
The latest article which provides a good bit of detail of how the Social Intelligence Corporation will operate is here - http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202501431464&How_Do_FTCApproved_Social_Media_Background_Checks_Work
Custom Search
Showing posts with label Facebook. Show all posts
Showing posts with label Facebook. Show all posts
July 23, 2011
June 27, 2011
Social Intelligence - a new social network credit bureau?
According to a recent article on pcworld.com, the Federal Trade Commission has authorized a new company called "Social Intelligence" to conduct background checks of consumers based not on their credit or criminal histories, but instead using the online social network activity. This means there is yet another way that your online activity (or posts online regarding your less than stellar offline activity) can affect consumers' ability to land a job.
It was a big deal when companies started running a credit report on job applicants during the vetting process. But this made sense. Sometimes its because the job applicant would be handling large sums of money and, if they are in deep debt, they may be more likely to embezzle from the company.
This is even bigger. Now, a potential employer doesn't have to expend its own resources to check your online identity, it can hire Social Intelligence to do it for you. According to the PC World article, the potential employer would indicate what type of activity its worried about (i.e. illegal drug use, racism, or other illegal activity) and then Social Intelligence would allegedly only report back to the potential employer about anything it found related to those areas of concern.
But, in reality, Social Intelligence would be a consumer reporting agency (as defined by the Fair Credit Reporting Act) and thus would have to comply with the requirements of the Fair Credit Reporting Act, including maintaining its database of information in such a way that the reports it generates are done so utilizing "reasonable procedures to assure maximum possible accuracy" and that it would have to perform reasonable investigations of any disputes made by the consumer of items reported to the potential employer.
How, pray tell, is Social Intelligence going to perform a "reasonable investigation" of the online content? That's got potential for some interesting case law.
The moral of the story, though, is to quit posting your business on Facebook and quit tweeting from the bar, etc. Limit your Facebook posts to the kind of things an employer wants to see - i.e. things that demonstrate stability and maturity, not childish or inappropriate behavior. This isn't new advice. I've been telling clients for a while to watch what they post (and to make their profiles "private" to limit access to what they do post), because defense lawyers have started trolling plaintiff's facebook and other online profiles for juicy information to use against them later.
So, listen up folks, watch what you post 'cause it could come back to haunt you.
It was a big deal when companies started running a credit report on job applicants during the vetting process. But this made sense. Sometimes its because the job applicant would be handling large sums of money and, if they are in deep debt, they may be more likely to embezzle from the company.
This is even bigger. Now, a potential employer doesn't have to expend its own resources to check your online identity, it can hire Social Intelligence to do it for you. According to the PC World article, the potential employer would indicate what type of activity its worried about (i.e. illegal drug use, racism, or other illegal activity) and then Social Intelligence would allegedly only report back to the potential employer about anything it found related to those areas of concern.
But, in reality, Social Intelligence would be a consumer reporting agency (as defined by the Fair Credit Reporting Act) and thus would have to comply with the requirements of the Fair Credit Reporting Act, including maintaining its database of information in such a way that the reports it generates are done so utilizing "reasonable procedures to assure maximum possible accuracy" and that it would have to perform reasonable investigations of any disputes made by the consumer of items reported to the potential employer.
How, pray tell, is Social Intelligence going to perform a "reasonable investigation" of the online content? That's got potential for some interesting case law.
The moral of the story, though, is to quit posting your business on Facebook and quit tweeting from the bar, etc. Limit your Facebook posts to the kind of things an employer wants to see - i.e. things that demonstrate stability and maturity, not childish or inappropriate behavior. This isn't new advice. I've been telling clients for a while to watch what they post (and to make their profiles "private" to limit access to what they do post), because defense lawyers have started trolling plaintiff's facebook and other online profiles for juicy information to use against them later.
So, listen up folks, watch what you post 'cause it could come back to haunt you.
February 08, 2011
Site steals 250,000 Facebook profiles to raise awareness of online ID theft
Interesting way to raise awareness of the risks of online identity theft - article is by Michelle Castillo and can be found at http://techland.time.com/2011/02/04/site-steals-250000-facebook-profiles-for-a-social-experiment/
You might be signed up for Lovely-Faces.com's dating services and not only know it. Website creators Paolo Cirio and Alessandro Ludovico took information from 250,000 Facebook users and used it to create their project which uses facial recognition technology to categorize users into the kinds of people they look like they would be. Problem is they didn't ask permission first from the profile owners, but they claim since it's part of a "social experiment" it should be fine.
The site's not really a dating site. On Face to Facebook, the minds behind Lovely-Faces.com explain that the website was created to prove how virtual identity is increasingly unstable when you consider how easy identity theft is online and how companies can easily take advantage of this information, with or without Facebook's permission. On the Theory section of the website, they elaborate:
And it'll eventually mutate, from a plausible translation of real identities into virtual management, to something just for fun, with no assumed guarantee of trust, crumbling the whole market evaluation hysteria that surrounds the crowded, and much hyped, online social platforms.
Facebook isn't pleased with this use of their data, even though Lovely-Faces.com promises that they will remove anyone who wants their picture taken off the site. “Scraping people's information violates our terms,” Facebook's director of policy communications Barry Schnitt said to Wired. “We have taken, and will continue to take, aggressive legal action against organizations that violate these terms. We're investigating this site and will take appropriate action.”
September 28, 2009
Facebook users beware!
Another identity theft scam has emerged that involves Facebook. Last Thursday, a Madison, Wisconsin woman reported to the Madison police that someone had stolen her identity by hacking into her computer, accessing her financial records, changing her e-mail and even logging into her Facebook page.
While the thief was apparently not able to directly access the victim's bank accounts, he or she did send a message to the victim's Facebook friends, claiming that the victim had been mugged in London and needed cash. The message even gave an address and phone number to accomodate the transfer of funds.
So, Facebook users, beware of this scam.
While the thief was apparently not able to directly access the victim's bank accounts, he or she did send a message to the victim's Facebook friends, claiming that the victim had been mugged in London and needed cash. The message even gave an address and phone number to accomodate the transfer of funds.
So, Facebook users, beware of this scam.
July 06, 2009
Study finds that SSNs can be guessed from data found on social networking sites
The following is a quote from an article by David Olmos and appearing on http://www.bloomberg.com/:
"Social Security numbers, commonly used by criminals in identity theft, can be guessed using information found on Internet social networks such as Facebook and MySpace and other public sources, a study found.
Researchers at Carnegie Mellon University used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. The study appears today in the Proceedings of the National Academy of Sciences.
Annual losses from identity theft totaled $49 billion, according to a 2007 report from Javelin Strategy & Research, a Pleasanton, California, market-research company. About 8.4 million U.S. adults were victims of identity theft that year, with losses averaging $5,720 a person, according to Javelin’s figures.
'We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,' said Alessandro Acquisti, the study’s lead author, in a telephone interview.
Acquisti, an economist at Carnegie Mellon’s Heinz School of Public Policy and Management in Pittsburgh, and computer scientist Ralph Gross used records from the Social Security Administration’s Death Master File to search for statistical patterns in the Social Security numbers of people. They obtained birth data from voter registration lists, online white pages, social networking sites and other sources, he said.
Birth Data
Birth data are key to figuring out a Social Security number because the first three of the nine digits are assigned based on where a person lived at the time of obtaining a Social Security card, said Acquisti. Information about how the Social Security number is assigned is publicly available on a government Web site, the authors said.
'The first five digits are very easy to predict, while the last four are harder,' Acquisti said. Identity thieves can sometimes obtain the last four digits of a Social Security number if they have other personal information, he said.
The study arose from Acquisti’s research into why millions of people reveal personal information, such as birth date and home towns, on social networking sites. Such information can be had easily from people who don’t block access by changing their Web site security settings, Acquisti said.
'The default setting on sites such as Facebook, when you create a personal profile, is that it is visible to anyone in your network unless you change the settings,' Acquisti said.
Cyber Criminals
Some evidence exists that cyber criminals already are using statistical analysis to work out Social Security numbers, Acquisti said.
When Social Security numbers were first issued in 1936, their purpose was more like a bank account number than a means for authenticating a person’s identity, said Acquisti.
Because use of these numbers is so widespread among financial institutions, health-care providers and other organizations, it’s difficult for consumers to take steps to insure their numbers remain private, he said.
'If a movie rental company asks for your number to be a member, you can easily bypass that by going to another company,' Acquisti said. 'But if your health insurer wants the number, now you are talking about something different. If you refuse to give it, that could be costly or dangerous to you.'
Credit-reporting companies use Social Security numbers to match personal information, which also leads to identity theft, said Robert Ellis Smith, of the Privacy Journal, a newsletter based in Providence, Rhode Island."
Interesting. One more reason to require exact matches of Social Security numbers, since the first five are often the same for siblings, for example, since they are often obtained at the same time in the same place.
"Social Security numbers, commonly used by criminals in identity theft, can be guessed using information found on Internet social networks such as Facebook and MySpace and other public sources, a study found.
Researchers at Carnegie Mellon University used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003. The study appears today in the Proceedings of the National Academy of Sciences.
Annual losses from identity theft totaled $49 billion, according to a 2007 report from Javelin Strategy & Research, a Pleasanton, California, market-research company. About 8.4 million U.S. adults were victims of identity theft that year, with losses averaging $5,720 a person, according to Javelin’s figures.
'We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,' said Alessandro Acquisti, the study’s lead author, in a telephone interview.
Acquisti, an economist at Carnegie Mellon’s Heinz School of Public Policy and Management in Pittsburgh, and computer scientist Ralph Gross used records from the Social Security Administration’s Death Master File to search for statistical patterns in the Social Security numbers of people. They obtained birth data from voter registration lists, online white pages, social networking sites and other sources, he said.
Birth Data
Birth data are key to figuring out a Social Security number because the first three of the nine digits are assigned based on where a person lived at the time of obtaining a Social Security card, said Acquisti. Information about how the Social Security number is assigned is publicly available on a government Web site, the authors said.
'The first five digits are very easy to predict, while the last four are harder,' Acquisti said. Identity thieves can sometimes obtain the last four digits of a Social Security number if they have other personal information, he said.
The study arose from Acquisti’s research into why millions of people reveal personal information, such as birth date and home towns, on social networking sites. Such information can be had easily from people who don’t block access by changing their Web site security settings, Acquisti said.
'The default setting on sites such as Facebook, when you create a personal profile, is that it is visible to anyone in your network unless you change the settings,' Acquisti said.
Cyber Criminals
Some evidence exists that cyber criminals already are using statistical analysis to work out Social Security numbers, Acquisti said.
When Social Security numbers were first issued in 1936, their purpose was more like a bank account number than a means for authenticating a person’s identity, said Acquisti.
Because use of these numbers is so widespread among financial institutions, health-care providers and other organizations, it’s difficult for consumers to take steps to insure their numbers remain private, he said.
'If a movie rental company asks for your number to be a member, you can easily bypass that by going to another company,' Acquisti said. 'But if your health insurer wants the number, now you are talking about something different. If you refuse to give it, that could be costly or dangerous to you.'
Credit-reporting companies use Social Security numbers to match personal information, which also leads to identity theft, said Robert Ellis Smith, of the Privacy Journal, a newsletter based in Providence, Rhode Island."
Interesting. One more reason to require exact matches of Social Security numbers, since the first five are often the same for siblings, for example, since they are often obtained at the same time in the same place.
July 03, 2009
More about id theft via social networks
Speaking of using common sense to protect your identity, here's a quote from an article with some advice about what not to put on your online profile:
"BE CAREFUL about what you include in your profile on social-networking sites as the information could lead to identity theft.
According to a study by British software-security firm Webroot, one third of social networkers have at least three pieces of information visible on their profiles that could expose them to identity theft, PC World reported.
The study found that 59 per cent of Britons are unsure of who can see their profile, while 78 per cent have profiles that are visible in a Google search.
These are in spite of 78 per cent of them saying they worry about the privacy of information put up on their social-networking sites, such as Facebook and MySpace.
According to PC World, the study found that 36 per cent of respondents said they did not hide any of their personal information from people viewing their profiles. Twenty-eight per cent said they accepted 'friend requests' from strangers.
And what about passwords? A third of them said they used the same passwords for all of their online accounts.
Mr Mike Kronenberg, chief technology officer of Webroot's consumer business, told PC World: 'The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth.'
Mr Kronenberg added that users of social-networking sites should protect themselves by being aware of such risks, as well as how not to expose themselves to such threats."
For the original article, see - http://digital.asiaone.com/Digital/Features/Story/A1Story20090630-151742.html
"BE CAREFUL about what you include in your profile on social-networking sites as the information could lead to identity theft.
According to a study by British software-security firm Webroot, one third of social networkers have at least three pieces of information visible on their profiles that could expose them to identity theft, PC World reported.
The study found that 59 per cent of Britons are unsure of who can see their profile, while 78 per cent have profiles that are visible in a Google search.
These are in spite of 78 per cent of them saying they worry about the privacy of information put up on their social-networking sites, such as Facebook and MySpace.
According to PC World, the study found that 36 per cent of respondents said they did not hide any of their personal information from people viewing their profiles. Twenty-eight per cent said they accepted 'friend requests' from strangers.
And what about passwords? A third of them said they used the same passwords for all of their online accounts.
Mr Mike Kronenberg, chief technology officer of Webroot's consumer business, told PC World: 'The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth.'
Mr Kronenberg added that users of social-networking sites should protect themselves by being aware of such risks, as well as how not to expose themselves to such threats."
For the original article, see - http://digital.asiaone.com/Digital/Features/Story/A1Story20090630-151742.html
Identity theft and Facebook
Identity thieves are using Facebook to steal personal information. Below is part of an article appearing on Reuters UK:
"Cybercrime is rapidly spreading on Facebook as fraudsters prey on users who think the world's top social networking site is a safe haven on the Internet.
Lisa Severens, a clinical trials manager from Worcester, Massachusetts, learned the hard way. A virus took control of her laptop and started sending pornographic photos to colleagues.
'I was mortified about having to deal with it at work,' said Severens, whose employer had to replace her computer because the malicious software could not be removed.
Cybercrime, which costs U.S. companies and individuals billions of dollars a year, is spreading fast on Facebook because such scams target and exploit those naive to the dark side of social networking, security experts say.
While News Corp's (NWSA.O) MySpace was the most-popular hangout for cyber criminals two years ago, experts say hackers are now entrenched on Facebook, whose membership has soared from 120 million in December to more than 200 million today.
'Facebook is the social network du jour. Attackers go where the people go. Always,' said Mary Landesman, a senior researcher at Web security company ScanSafe.
Scammers break into accounts posing as friends of users, sending spam that directs them to websites that steal personal information and spread viruses. Hackers tend to take control of infected PCs for identity theft, spamming and other mischief."
As always, the best advice to avoid having your identity stolen is to use your common sense and not fall for scams. Not that common sense alone will prevent your identity from being stolen but it will help protect you from phishers such as those referenced by this article. For the rest of the article, see http://uk.reuters.com/article/idUKTRE55T6KU20090630.
"Cybercrime is rapidly spreading on Facebook as fraudsters prey on users who think the world's top social networking site is a safe haven on the Internet.
Lisa Severens, a clinical trials manager from Worcester, Massachusetts, learned the hard way. A virus took control of her laptop and started sending pornographic photos to colleagues.
'I was mortified about having to deal with it at work,' said Severens, whose employer had to replace her computer because the malicious software could not be removed.
Cybercrime, which costs U.S. companies and individuals billions of dollars a year, is spreading fast on Facebook because such scams target and exploit those naive to the dark side of social networking, security experts say.
While News Corp's (NWSA.O) MySpace was the most-popular hangout for cyber criminals two years ago, experts say hackers are now entrenched on Facebook, whose membership has soared from 120 million in December to more than 200 million today.
'Facebook is the social network du jour. Attackers go where the people go. Always,' said Mary Landesman, a senior researcher at Web security company ScanSafe.
Scammers break into accounts posing as friends of users, sending spam that directs them to websites that steal personal information and spread viruses. Hackers tend to take control of infected PCs for identity theft, spamming and other mischief."
As always, the best advice to avoid having your identity stolen is to use your common sense and not fall for scams. Not that common sense alone will prevent your identity from being stolen but it will help protect you from phishers such as those referenced by this article. For the rest of the article, see http://uk.reuters.com/article/idUKTRE55T6KU20090630.
Subscribe to:
Posts (Atom)
Posts
