Risk
2/23/2012
03:02 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Study: Users Of Social Networks, Smartphones More Likely To Be Fraud Victims

Keeping identity safe means learning how to safely use emerging consumer technologies, Javelin says

If you're a heavy user of social networks or smartphones, you're significantly more likely to be the victim of identity fraud, according to a study published Wednesday.

"Consumers who actively engage with social media and utilize a smartphone were found to have a disproportionate rate of identity fraud compared with consumers who do not engage in these media," says Javelin Strategy & Research in its 2012 identity fraud study, The 2012 Identity Fraud Report: Social Media And Mobile Forming The New Fraud Frontier.

The frequency of identity fraud increased by 13 percent in 2011, according to the study -- more than 11.6 million adults fell victim in the United States alone, according to the study. The average dollar amount stolen was about the same as the previous year.

Consumers whose personal information has been compromised by corporate data breaches were the most likely victims, Javelin says. Consumers who have received notification of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who don't receive such a notification.

For the first time in its annual study, Javelin also tracked users' online behavior to see its impact on identity fraud. "LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation," the study says. The survey also found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information that might be used to authenticate their identities.

"Consumers need to be smarter in what they're doing on social networks," says Steven Schwartz, executive vice president of consumer services at Intersections Inc., an identity protection service and co-sponsor of the study. "Interestingly, LinkedIn had the highest incidence of fraud, probably because people think of it less as a social environment and more as a way to do business networking. They're more likely to accept a relationship with someone they don't know."

The survey also found that 7 percent of smartphone owners were victims of identity fraud -- a 33 percent higher incidence rate compared to the general public.

"Part of this increase may be attributable to consumer behavior," the study says. "Thirty-two percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen, enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device."

"Consumers who turn on the GPS locator in their smartphones have double the risk of identity fraud," says Javelin's James Van Dyke, principal author of the report. "When you use a lot of new apps on your phone, and when you accept friends who you don't know on social networks, you're more likely to be a victim."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web