homeabout uscontact us
when you think real estate...

« Weights & measures | Main | Small Projects, Big Bang »

Determined fraudsters find easy pickings on Facebook

By Ellen Roseman

David Malamed, a forensic accountant, wanted to see how easy it was to gather personal information on Facebook.

He created a profile for someone called Michael Duarf (fraud spelled backward) and used a photo of Wentworth Miller, an actor on a TV show, Prison Break. Within 20 minutes, five people had responded. One spotted the fake photo, but still wanted to become a friend.

He went through her profile and found her date of birth, where she lived (Mississauga) and her husband's name. Now he could find her address at Then, he checked her list of friends and found her brother. This gave him her maiden name, often used for security checks by financial institutions.

If he were a fraudster, he could apply for a new credit card in her name, maybe take out a mortgage or withdraw money from her bank account. His experiment was done to show how quickly and easily personal information can be harvested for illegal gain on Facebook.

"They let us into their network, the friends, even though they didn't know a Michael Duarf," he says in a TV interview on YouTube.

"It's the same as opening my wallet on the street and showing a stranger the information."

Social networking websites started with young people. Now their parents are hopping on board, as are commercial enterprises and those operating outside the law. If you have an account, you can adjust your privacy settings to make sure you're not showing too much to the outside world.

Luckily, Facebook provides users with powerful controls to protect themselves online.

Here are the best practices, according to Sophos Inc., a computer security firm:

  • Think carefully about allowing people to be your friends, since they can get access to any information about you that you have marked as viewable by your friends. You can remove friends at any time if you change your mind about someone.
  • You can choose to make people "limited friends," so they have access only to a cut-down version of your profile.
  • Disable options, until you decide you want and need them. Maybe it's better to turn off the bells and whistles, rather than starting with everything accessible.
  • Make your profile available to "only my friends." By default, Facebook allows all your networks and all your friends to be able to view your profile.

"As networks can contain hundreds of thousands of people (and you have no control over who else joins the network), you are instantly revealing personal information to potential identity thieves if you leave this option at its default setting," says a list of best practices at

I immediately changed my own Facebook setting after reading that warning.

Finally, don't make certain contact information available to anyone – even your friends – such as your mobile and land phone numbers, current address and contact email address. Real friends know where you live and how to reach you. And they can always contact you via Facebook to ask.

It's then up to you decide whether you feel comfortable sharing that information and whether your friend has a valid reason for asking.

Malamed, who works at Grant Thornton in Toronto, notes that any comments or updates you make on Facebook without restricting your privacy settings can be indexed on Internet search engines. This increases the likelihood of other people having access.

"It's paradoxical to spend so much time protecting personal information, such as crosscut shredding bank statements, and then posting enough information on a social networking site to allow a fraudster to take a loan in your name," he says.

Posted on Friday, April 2, 2010 at 12:00PM by Registered CommenterElaine in , | CommentsPost a Comment

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.