Risk
2/23/2012
03:02 AM
Tim Wilson
Tim Wilson
Quick Hits
50%
50%

Study: Users Of Social Networks, Smartphones More Likely To Be Fraud Victims

Keeping identity safe means learning how to safely use emerging consumer technologies, Javelin says

If you're a heavy user of social networks or smartphones, you're significantly more likely to be the victim of identity fraud, according to a study published Wednesday.

"Consumers who actively engage with social media and utilize a smartphone were found to have a disproportionate rate of identity fraud compared with consumers who do not engage in these media," says Javelin Strategy & Research in its 2012 identity fraud study, The 2012 Identity Fraud Report: Social Media And Mobile Forming The New Fraud Frontier.

The frequency of identity fraud increased by 13 percent in 2011, according to the study -- more than 11.6 million adults fell victim in the United States alone, according to the study. The average dollar amount stolen was about the same as the previous year.

Consumers whose personal information has been compromised by corporate data breaches were the most likely victims, Javelin says. Consumers who have received notification of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who don't receive such a notification.

For the first time in its annual study, Javelin also tracked users' online behavior to see its impact on identity fraud. "LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation," the study says. The survey also found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information that might be used to authenticate their identities.

"Consumers need to be smarter in what they're doing on social networks," says Steven Schwartz, executive vice president of consumer services at Intersections Inc., an identity protection service and co-sponsor of the study. "Interestingly, LinkedIn had the highest incidence of fraud, probably because people think of it less as a social environment and more as a way to do business networking. They're more likely to accept a relationship with someone they don't know."

The survey also found that 7 percent of smartphone owners were victims of identity fraud -- a 33 percent higher incidence rate compared to the general public.

"Part of this increase may be attributable to consumer behavior," the study says. "Thirty-two percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen, enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device."

"Consumers who turn on the GPS locator in their smartphones have double the risk of identity fraud," says Javelin's James Van Dyke, principal author of the report. "When you use a lot of new apps on your phone, and when you accept friends who you don't know on social networks, you're more likely to be a victim."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.