LinkedIn is better than Facebook (for identity thieves looking for rich victims)

Study: users post too much sensitive data, make themselves targets bragging about careers

If you're smart, ambitious, don't care too much about legalities or cheating people who are the source of your income (and Goldman Sachs isn't hiring) the place for you to be in this economy is in professional-level identity theft.

Incidents of identity fraud increased 13 percent during the past year, according to a new study from banking-security analyst firm Javelin Strategy.

While the number of identity thefts is growing, the amount stolen isn't, Javelin found. The overall take for 2011 was a healthy $18 billion, but the amount it costs consumers to recover from having their identity stolen has dropped 44 percent since 2004.

That shows both consumers and banks are getting better at picking up early signs of identity theft, drastically reducing the amount of time an identity thief has to make a few bucks before any individual money tap is shut off.

That's where the whole "professional" angle comes in.

Despite just as many warnings on social networks as on banks that identity thieves can pick up useful information on Facebook, consumers haven't connected the warnings with the data they post online, where it is available to almost anyone.

    Sixty-eight percent post their birthdays;
  • 45 percent post the year of their birth as well as month and date;
  • 63 percent posted the name of the high school they attended;
  • 18 percent shared their phone numbers;
  • 12 percent shared their pet's names.

So what?

Passwords is what. Passwords and security questions and answers that are easy to guess given how unimaginative most people are about both passwords and security questions.

Even worse, 7 percent of smartphone owners have had their identity stolen, most because they don't update their OS to include the latest patches, don't use a password on their home screen and – this is really stupid – 32 percent store usernames and passwords to their various online accounts on their phones in unencrypted files.

Lose a phone and you're likely to lose access to those accounts, or at least share it with someone else for a while.

Even simpler, if you use WiFi data connections in coffee shops or other static locations without VPNs or other encryption products, you're doing everything but writing your passwords down on a napkin and passing it like a love note to the nearest identity thief.

"Socially, humans are easily engineered," according to Tracy Kitten, who lists herself as author of the Fraud Blog at BankInfoSecurity, though there's no proof she's not lying.

Consumers are learning that Facebook is not the place to share sensitive information openly, Kitten wrote. They haven't really picked up the idea that the risk is the same on LinkedIn as on Facebook, however.

With revenue-per-scam dropping, it only makes sense for identity thieves to troll for wealthier victims.

One good way? Rather than trolling the economically diverse masses on Facebook, concentrate on LinkedIn, where the average income is higher, number of members is lower and the focus is on professional networking, job-searching and making connections with people who might be assets in your career.

That environment makes LinkedIn users more willing to share accurate professional data than they might on Facebook, though there aren't significantly better security measures on LinkedIn than on any other social network.

Social networkers who make more than $100,000 per year are significantly more likely to have their identities stolen than those who don't, according to Javelin president and founder James Van Dyke, whom Kitten interviewed.

"And [they're] much more likely to get hit on LinkedIn than Facebook," Van Dyke said.

The number of fake connections on LinkedIn is rising (an indication fraudsters are trying to create links between fraudulent accounts and potential victims) but the security procedures have not.

"LinkedIn is not talking about this, which is disturbing," Van Dyke told Kitten and BankInfoSecurity. "Something needs to be investigated here, because the trends are pretty alarming."

So, if you're looking for a set of revenue opportunities, build yourself a fake LinkedIn profile, make some fake connections to other users (real or not) to make yourself look more legitimate, and troll away for profiles of people who make more than $100,000 per year and who are also ambitious – at least, ambitious enough to brag a bit about their accomplishments and critical information, and confident enough not to worry about identity thieves.

If they don't put in their birthdays or high schools or pets' names, check Facebook. They probably have profiles there with completely different bits of relevant data and no misgivings about anyone figuring out they are members of more than one social network.

Between the two of them, plus maybe Twitter, Google+, Picasa and whatever other networks you like to play with, you can probably build enough complete profiles that you can be someone new everyday.

Someone who makes more than $100,000 per year and might not catch you if you try to spend it all on the one day you choose to be them.

See? Social networking is as great as people seem to think it is. Just not for the reasons they usually mention.

Good hunting!

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies