I saw a disturbing item on BBC News this morning about identity theft from social networking sites. According to the BBC, thieves have recently (over the past year or so) started to target blogging sites like MySpace, Friends Reunited, etc. where people tend to reveal a lot of personal information about themselves. This information is then taken and used to open lines of credit, order new passports and other i.d., etc. in the defrauded person’s name.

Several items in the report concerned me:


Thieves are deliberately scouring through social networking sites in search of personal information;
All they require as a starting point to defraud you is: your name + where you live (from there they can go to the electoral register and find your address).
Your date of birth is also a key piece of information which can be useful to them.
So what should we do? This is, after all, a social networking site, and I think we must therefore assume that everything posted on it can in theory be seen by anyone, including villains anywhere on the planet.

I have given this some thought and offer the following recommendations:


Don’t reveal your full name publicly on the site. Your first name is OK, so long as it is not combined with your address.
Don’t reveal your address or post code. VBulletin (the software which underpins this site) has a default profile option, “Location”. I suggest you go and check this and ensure that it is sufficiently vague. For example, I am going to change mine to “West of Scotland”.
This may be controversial, but in light of this information, I’m thinking of removing the Googlemap which shows where members live. I’m inclined to remove this feature.
Don’t reveal your date of birth. VBulletin also has an option to add your date of birth to your profile at point of registration. I have always set this to “optional”. It is a nice touch to know when birthdays are, but let’s face it, not essential! I suggest you go back to your profile and ensure that it is set to not display your D.o.B or age. You can do this yourself: go to User CP and select Edit Profile. There is a button to click to “clear” your age and date of birth. Then <save>.
Go back and check what your wrote about yourself in your initial introductory post. Make sure you haven’t added your full name or address. Make sure you cannot be identified from any personal information there.

By all means share info by PM with other members – private messaging is totally confidential (e.g. not even admin’s can see what’s written in a PM).

Any other suggestions, post them here.

Cheers.

Ok, in light of the foregoing, I've made a couple of changes:

1. Unregistered users (and members who aren't logged in) can no longer view the members map. Maybe this makes it secure enough.
2. These groups can no longer view Jimmy's Pub and For Sale - the two forums most likely to contain personal clues.

After some thought, I decided to vote yes. My reason is if we have our home location on the site, someone could pass by our home on a Sunday, with the safe bet that nobody is home.

I 've never thought of a 'handle/ nickname' I liked but maybe I should. Thanks Gord, for pointing out the potential problems. Agree that the members map should be withdrawn and birthday info in personal profile also.

alex

Another vote for removal of the members' map. I've also removed DofB from my profile.

Al.

(Edit: is it possible to limit the degree of zoom in on the map? Showing town/district would be fine without zooming to the point where individual streets/blocks can be identified. This would still allow ID of which divers are nearby which could be useful for new members to the site but wouldn't risk compromising personal security).

you could always pin a flag to your town, not directly outside your house.
must admit, every time i look out the window im getting bored of looking at that big flag.:)

No! IMO I think we should keep the map. As mentioned, it is useful to see which divers are close to your location. I do agree that a bit of caution should be used when "pin-pointing" your location, don't make it too exact. I've just moved mine to point at the town center, nowhere near my actual location. I've also removed my DoB information, as Gord mentioned, not essential to the forum.

My tuppence worth.

/Colin. :D

i moved my flag on to the golf course across the road, it now has 10 holes & is confusing the local golfers.:D

i moved my flag on to the golf course across the road, it now has 10 holes & is confusing the local golfers.:D


I've now moved my flag away from my front door, it now appears that I live in the Gourock Outdoor Pool!

(Actually, during the summer that's fairly close to the truth!)
:D

so should we keep it and everyone just move their flag a few streets away?

Didn't realise the map existed. I notice my flag isn't showing so I have added (thought it might have been controlled by admin) If it is loaded up personally then it is up to the individual how they deal with it.. Not sure it is of that much use to be honest, just share mobiles over PM or email and communicate directions that way?

Thing is, unless you're ex-directory, all your address details are easily found in the Phone Book anyway. And there's the Electoral Register too.

So, if anyone is really keen, they can find out your name, address, post code & phone number. :eek:

Is it very likely that we'll reveal specific personal details on a scuba forum that would allow thieves an added advantage in their subterfuge? I think it's unlikely unless they're interested in the relative merits of Apeks vs. Scubapro regs or Loch Long vs. Fyne. :rolleyes:

I guess we probably shouldn't reveal our kids' names, mother's maiden name or pets' names etc. which are prime favourites for password hints etc. But we're not very likely to do so in this environment anyway. Probably a case of letting common sense prevail. :cool:

Yeah - it is a bit hysterical, but apparently a real threat.
I suggest we keep the map but everyone moves their flags to the middle of the nearest park ...

Yeah, there's no doubt that identity fraud is a real threat. We should take reasonable precautions to protect against it. In fact, I have taken out personal insurance to deal with it, if I should be a victim. Maybe I'm being paranoid, but I'm sure that they're out to get me! :o

I agree that the members' map should be used with discretion. After all, if we state on here that we're going away for a holiday & then have our exact home address pinpointed, it could be easy pickings for a clued-up opportunistic thief. :eek:

Identity fraud is quite a real threat. A friend's sister has been a victim recently. Someone got hold of her E-Bay login details and used it for flogging stolen goods. The police investigated, they said they believed she wasn't involved but couldn't find any evidence to prove she wasn't involved. Case got passed to the CPS who decided to prosecute despite the police's recommendations about her innocence. She got two year's suspended.

As someone else said, I'm more worried about the map being used to identify large stores of dive kit and details of when it will be unattended.

Cheers,

Stuart

Maybe we should do a set of security recommendations:

1. Never publish your surname;
2. Never publish your address;
3. Never give out holiday dates;
4. Don't pinpoint your location on the map;
... any others?

Don't post phone numbers publicly, do it by PM or email.

Pass your bank card details to me only by PM including the 3 digits on the back!
;)

Pass your bank card details to me only by PM including the 3 digits on the back!
;)


Hah!

You are the site identity thief who I have unmasked (unmasked, geddit??:rolleyes: ) and I claim my reward!

:)

Pass your bank card details to me only by PM including the 3 digits on the back!
;)
PM sent :D