No Vaccine for Social Media Theft

Whether you are new to college, single and dating or newly divorced (because you panicked and confessed when news of the Ashley Madison hack hit the media), I’ll bet there is at least one socially transmitted disease you haven’t started worrying about: identity theft. If you use Facebook, you’re making easy work for identity thieves. The same goes for the whole cosmos of social media whether you favor Twitter, Instagram, Reddit, Pinterest, YouTube or LinkedIn or prefer to Tumblr your thoughts, preferences and predilections to anyone who cares to know what they are. The more you put out there in publicly viewable spaces, the more your personal identity mosaic is exposed. An identity thief’s day job is piecing together that mosaic into a passable, or usable, version of you: one that will get through the authentication process of financial, medical or governmental organizations. The echo of another kind of disease here is intentional. Like the more widely known kind of STD, the socially transmitted diseases that fall under the rubric of identity-related crimes are contracted by unsafe personal information practices. Unlike the more familiar variety, where safety is taught in high school, tacked to college community boards and heralded by countless other media new and old, not as many people these days know how to stay as safe as possible from the threat of identity theft, especially online. How to practice "safe social":

1. Don’t overshare. It’s okay to let the world know you’re on vacation so long as you have a great security system at home or you have a house sitter. Traditional trespassers use social media to know when houses are unguarded. It is far better to share the memory than report the experience as it’s unfolding.
2. Be careful when posting pictures. While it’s fun to brag about a purchase—whether that be a diamond ring, a car or the smartest TV on the market, just be aware that anyone following you now knows where they can get your newest trophy or indulgence for free.
3. Geotagging is for victims. There is no upside for you here. Companies like geotagging photos and other people-powered media assets because it gives them bankable information that could lead to future sales. Whether you are letting Twitter or Facebook or FourSquare narrowcast (or broadcast, depending on your privacy settings) your location, failure to disable location services on your device permits geotagging, which also gives thieves bankable info that could lead to future crimes.
4. Know your privacy settings. Make sure you understand how your posts are being displayed or distributed by the social network you use. For instance, on Facebook you can set a post to “Public” or “Only Me,” with many choices in between.
5. Lying is good. Facebook, especially, is a perfectly acceptable place to not be forthcoming about your age, hometown, place of employment or even the college you attended and what years you were there. Identity thieves comb social sites for information to complete dossiers of personally identifiable information that will allow them to correctly answer security questions and thus open new financial accounts or empty existing ones. If you don’t want to actively fabricate answers to these questions, just don’t fill out those parts of your profile.
6. Beware of quizzes that require personally identifiable information. Make no mistake, your email address and name count.

There is no immunization Unlike the other kind of STD, the socially transmitted disease of identity theft is not avoidable. There is no immunization, no safe way to avoid it—not even complete abstinence. There have been too many breaches with too much data for anyone but those living entirely off the grid to be completely safe. (And even still you can’t be sure.) Your best bet, in my opinion, is a system detailed in my book (forthcoming in November). A key element to that approach is acceptance. Specifically, you need to come to terms with the fact that it’s no longer a question of “if” but “when” you will become a victim of at least one type, if not multiple types, of identity theft. Anyone who tells you that they can keep you from getting got is selling snake oil. In fact, they are running afoul of the Federal Trade Commission. There is no guarantee. There are, however, best practices. THE THREE M'S If you accept the basic premise that you are at risk for identity theft no matter what you do, here are some thoughts as to how you might stay as safe as possible. The good news may actually be that you are a seasoned and intelligent user of social media, because that means you already have several of the habits in place that you will need. Minimize your exposure The same strategies you can adopt to make yourself a harder-to-hit target on social media go for the rest of your life. Whether that means saying “no” when asked for your Social Security number, limiting the amount of sensitive personal information you provide to anyone who contacts you, making sure all your accounts (email, social networking, financial or retail) have different user names paired with unique, long and strong passwords, properly securing your computers and mobile devices or freezing your credit—there are a variety of things you can do to make your attackable surface smaller. Monitor your accounts If you use social media regularly, you are used to checking in on a regular basis—the Pew Research Center found that 70% of Facebook users check in daily, as did about half of Instagram users, and nearly 40% of Tweeps. The same behavior, applied to your financial life, may keep you from getting got … or help you undo or minimize the damage in case you do. Check your bank and credit card accounts daily. Other things you can do include signing up for free transactional monitoring alerts at your bank, credit union or credit card provider, or purchasing more sophisticated credit and noncredit monitoring programs. Manage the damage When the dark day comes that your daily practice of monitoring your credit or financial life yields a compromise, you need to get on it immediately by informing the institution of the account that is involved, as well as law enforcement and the fraud department of at least one credit reporting agency. Because many insurance companies, a number of financial services organizations and the human resources departments at a number of companies offer complimentary or low-cost identity theft assistance as a perk of your relationship with the institution, check to see if you are covered or, if not, how you can get covered. Resolution experts can greatly help you speed your way back to normalcy. Identity theft is a permanent threat. The best way to stay safe is to change your behavior. The above tips are only some of the ways to do that. In the age of universal data vulnerability, practicing safe information hygiene is a must—lest you contract the one STD that may haunt you for the rest of your life.