Social media users are inadvertently giving fraudsters all the information they need to steal their identities and take credit out in their names, new research has revealed.
British data-protection firm, Allow, commissioned a project led by criminologist Professor Martin Gill, in which a convicted fraudster revealed the tricks of the trade.
"The results of our research are frightening," Allow chief executive, Justin Basini, told British paper The Daily Mail.
"What we've discovered is that fraudsters use websites and social media to build detailed profiles of their intended targets, cross-referencing information from one site to another."
"It’s pretty easy to do. A lot of people give so much information away for free without even thinking about it."
Using personal details left sometimes unguarded on social media tools such as Facebook, LinkedIn and Twitter – coupled with publicly-accessible information online – criminals are able to make false credit card, loan or overdraft applications and leave their victims saddled with debt.
Researchers also found that as well as using social media sites to get basic information such as names, addresses, phone numbers and email addresses, fraudsters use these sites to access information about a person's hobbies and interests, which could give them tips for passwords to hack an email account.
Finance guru Paul Clitheroe said a lot of the newer fraud plays on a person's naivety online.
"I know that if I get your name and bank account number, which I may get from a legitimate transaction or pinching mail from letterboxes, I will probably find you on Facebook," he told Money magazine.
"A bit of chatting later I reckon you'll tell me your maiden name, name of your pet and so on. Statistically this gives me a pretty good chance of knowing your password and I can drain your bank account."
If you've just rushed off to change your passwords, then good on you.
But a recent survey reveals that fewer than half of us ever bother to change our passwords or update anti-virus software.
The Australian SCAN social trend survey found that two-thirds of Australians think it's unlikely they will be victims of a cyber-attack.
Yet there were more than a million credit card fraud incidents reported in 2011. The Australian Payments Clearing Association reports that total losses were a record $278 million in that time, due largely to growth in online shopping activity.
Banks are credit card providers are making strides in the combat of online fraud, by improving security measures such as MasterCard SecureCode and Verified by Visa. And when fraud occurs, customers are not liable for losses where it is clear they did not contribute to the loss.
To ensure you are always protected, follow these simple tips to avoid becoming a victim of credit card fraud:
- Don’t send your debit or credit card number via email
- When shopping online, check the website has an "s" after the http in the address bar. This means the site uses protective encryption technology to relay your information across the internet. Also look for a closed padlock in the address bar
- Never access a website by clicking on a link in an email
- Avoid using public computers – for example, internet cafes and libraries – for internet banking
- Consider using a phishing filter to warn you of suspicious websites
- If your card is lost or stolen, notify your credit card provider immediately. It can block your card to prevent other people using it. If you're heading overseas, make sure you have the global emergency number
- Notify your bank when you change address to ensure your bank statements don’t fall in the wrong hands
- Check your credit card statements regularly, to refute any unauthorised charges
- Ask your bank for a PIN on your credit card – PINs are more secure than signatures.