Fraudsters looking to harvest personal information to support their methodical attacks on online bank accounts have begun turning their attentions to the proliferation of data unwittingly or naively provided “in the clear” on social network profiles. People are listing their names, addresses, dates of birth, family, residence, work and even car details, and this information is often not marked as “private.” What’s more, many people become lulled into a false sense of security regarding providing personal data online to social networks, and are therefore less suspicious of subsequent traditional phishing attacks.
Banks can help their customers avoid the problems caused by loose data sharing on social networking sites. Banks can include social networking protection and best-practice recommendations on their web pages and in their communications with online banking customers. They can emphasize that anyone with a social network profile needs to remove or suppress sensitive personal identification data and refrain from offering such data to service providers unless there is a clear reason it is needed and the security of the provider is assured. Customers who think their details may have been compromised should advise their banks as soon as possible, and check their credit bureau information to make sure there has been no suspicious activity. Of course, banks should also ensure that their own websites rigorously follow the same protection/non-disclosure protocols.
