Watch out for cyber identity theft!Social media isn’t just a way for us to connect with friends and family, but it’s also a way for us to connect with the world in general. That’s why acts of harm committed against us online – from trolling and harassment, to defamation and outright fraud – are far more severe than they might seem at first glance. Although advice on how to address financial-oriented identity theft is common, for softer forms of identity theft, like social media account hijacking, there seem to be fewer resources available to victims. In this post, we explain various forms of online identity theft, how they affect you and how you can protect yourself from them.

What is the scope of cyber identity theft?

Online or cyber identity theft refers to a group of distinct but related online behaviors that can unfairly jeopardize or tarnish a victim’s reputation. This problem has become much more of an issue as social media websites have evolved, making the consequences of cyber identity theft less innocuous than they would have been in the past. Most commonly, this form of identity theft involves using someone’s likeness online, usually to pose as them and supplant their existing online presence. Increasingly, though, cyber identity theft has taken on a strange transformation, with victims’ identities being used as fodder in large-scale political disinformation campaigns, bizarre but convincing scams and black market transactions.

Why does this happen?

Cyber identity theft can happen for a multitude of reasons, depending on the motive and intention of the perpetrator. Below are some of the more common motivations:

1. Cyberharassment and cyberbullying. A common type of online bullying involves the impersonation of a targeted victim. It can sometimes involve hijacking someone’s account, but often it merely involves the creation of a dummy account with a victim’s pictures and content. The account is run by a perpetrator who makes the victim look bad through the account’s egregious behavior. When the creator of the dummy account acts bombastically – leaving rude comments on the walls of friends and family or posting disturbing content – the victim’s reputation is harmed as a result. These tactics are often used by children to cyberbully schoolmates, but could easily be adopted by trolls seeking to harass a victim they wish to dox or even by scammers trying to discredit rival business professionals and businesses.

2. Fraud and scams. In order to create more convincing scams, some fraudsters pose as real people or use aspects of a real person’s likeness (e.g., a genuine photo with a made-up name) to dupe others online. More sophisticated schemes might use additional personal information to enhance the believability of the scam, assuming the scammer doesn’t just wholesale hijack a target’s account. Should your identity be used in one of these scams, it could suggest that your online accounts’ privacy and security are far laxer than you’d want. It could also tie your identity to that of the scammer’s in the minds of their victims, an association you’d not want.

3. Mass identity harvesting schemes. Over the past few years, the presence of automated dummy social media accounts, often referred to as bots, has exploded. We’ve briefly talked about bots in the context of online accounts before; however, to give you a refresher, bots are pieces of code designed to do repetitive tasks that humans can do themselves, but wish to automate. In the context of social media and online dating, bots can imitate users by carrying out basic functions (liking or retweeting content or posting messages) that make them appear human. To enhance a bot’s perceived realism, some creators steal people’s names and identities and assign these details to their bots. While this behavior is already common knowledge among social media developers and frequent social media users, it wasn’t until recently that we learned of the true scope of the problem. Earlier this year, The New York Times published an expose which blew the lid off a large underground market where thousands of such bots are bought and sold daily. These bots are made to share anything from political messages to pornographic content, and a victim whose identity is tied to one of these bots might have trouble getting it removed from the platform where it’s active.

What can you do to prevent cyber identity theft?

Cyber Identity theft can be extremely difficult to combat because there’s no one way it can occur. Here are a few of the things you should consider to strengthen your defenses.

Set your social accounts to their highest security and privacy settings. You should ensure that none of your accounts are leaking information to parties whom you don’t intend to share information. Also, make sure that you periodically review your social media post visibility so that your posts remain private after feature updates. Finally, make sure that your account security is strong by using complex passwords, two-factor authentication and good account reset questions.

Practice smart cybersecurity both on and off social media. You’ll need to make sure that you just don’t stay safe on Facebook and Twitter, but on your other accounts and devices. Most importantly make sure that your most sensitive accounts have strong and unique passwords, that you learn how to identify phishing as well as other social engineering tactics and scams. Additionally, make sure that you avoid sending sensitive information while on public Wi-Fi or over non-HTTPS sites.

Keep an eye out for breaches. Breaches are a means for scammers to get wholesale discounts on your personal information, so you’re going to want to be aware of when they happen and take immediate action afterward. Pages like our data breach blog can help with this, but you should also make sure to pay attention to official messages from the services, financial institutions and platforms that you use.

What can you do if you become a victim?

Sadly, there isn’t a lot that you can do to stop this type of identity theft once it happens because unlike other forms of identity theft, there’s not much in place to address this problem. However, you can consider the following to mitigate the worst aspects of this type of identity theft:

1. Contact the site or service where your identity is being abused. The first and most obvious line of action you can take is to contact the admins of the site where you saw your identity being imitated or where you had your account stolen.

2. Notify friends, family and followers, if possible. Anyone who you regularly talk to or do business with has a right to know that you’re no longer in control of your online identity so that they don’t fall for any scams your identity thief might try.

3. Monitor your online identity and change your passwords. As a precaution, you might want to monitor your other online accounts to verify that they haven’t been breached. It also doesn’t hurt to change your passwords. Aside from that, it may be worth considering an identity theft protection service, as most of our top-rated services will monitor the use of your information on the Internet black market, allowing you to catch further abuse of your identity.

For more information about identity theft, follow our Identity Theft 101 series and check out our identity theft protection blog.