Risk
2/23/2012
03:02 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

Study: Users Of Social Networks, Smartphones More Likely To Be Fraud Victims

Keeping identity safe means learning how to safely use emerging consumer technologies, Javelin says

If you're a heavy user of social networks or smartphones, you're significantly more likely to be the victim of identity fraud, according to a study published Wednesday.

"Consumers who actively engage with social media and utilize a smartphone were found to have a disproportionate rate of identity fraud compared with consumers who do not engage in these media," says Javelin Strategy & Research in its 2012 identity fraud study, The 2012 Identity Fraud Report: Social Media And Mobile Forming The New Fraud Frontier.

The frequency of identity fraud increased by 13 percent in 2011, according to the study -- more than 11.6 million adults fell victim in the United States alone, according to the study. The average dollar amount stolen was about the same as the previous year.

Consumers whose personal information has been compromised by corporate data breaches were the most likely victims, Javelin says. Consumers who have received notification of a data breach affecting their personal data are 9.5 times more likely to experience identity fraud than those who don't receive such a notification.

For the first time in its annual study, Javelin also tracked users' online behavior to see its impact on identity fraud. "LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud, although there is no proof of direct causation," the study says. The survey also found that despite warnings that social networks are a great resource for fraudsters, consumers are still sharing a significant amount of personal information that might be used to authenticate their identities.

"Consumers need to be smarter in what they're doing on social networks," says Steven Schwartz, executive vice president of consumer services at Intersections Inc., an identity protection service and co-sponsor of the study. "Interestingly, LinkedIn had the highest incidence of fraud, probably because people think of it less as a social environment and more as a way to do business networking. They're more likely to accept a relationship with someone they don't know."

The survey also found that 7 percent of smartphone owners were victims of identity fraud -- a 33 percent higher incidence rate compared to the general public.

"Part of this increase may be attributable to consumer behavior," the study says. "Thirty-two percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen, enabling anyone to access their information if the phone is lost; and 32 percent save login information on their device."

"Consumers who turn on the GPS locator in their smartphones have double the risk of identity fraud," says Javelin's James Van Dyke, principal author of the report. "When you use a lot of new apps on your phone, and when you accept friends who you don't know on social networks, you're more likely to be a victim."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.