SAN ANTONIO — Facebook is not your friend, not if you use it to tell people when you’re on vacation and lots of other personal details that can be used to steal your property and, perhaps even more costly, your identity.
Jim Stickley, CTO and co-founder of TraceSecurity in Baton Rouge, La., described the dangers of Facebook and a social network site he said may be even more precarious, location-sharing Foursquare, during a lively Monday afternoon session at the joint conference of the CUNA Operations, Sales & Service and Technology councils at the Marriott Rivercenter in San Antonio.
Stickley took his audience through a fast-paced example of how in less than 60 minutes he found enough information about an actual Indianapolis family to perhaps easily make the next move: impersonating them to steal their identity.
Starting with the Foursquare program, in which the user routinely posted his current whereabouts, and then coursing through Twitter, Facebook, LinkedIn and the man’s wife’s social network, Stickley discovered workplaces, prior jobs, children’s names and daycare, their anniversary, addresses, a picture of their home, their church, even when the family was likely to be out of town at the wife’s roller derby tournament in Toledo.
While entertaining, Stickley said his foray into white-hat hacking had a serious point: “Every time someone has an identity theft crime committed against them, you guys end up paying the bill,” he told the audience of credit union managers.
“Just protecting your credit union’s security is not enough. That shouldn’t be your only focus,” the security expert said. “Member education will save your credit money. There really isn’t any better way to combat all these scams.”
Stickley said basic approaches may be the most effective: Security tips of the month in online and paper statements (including such obvious reminders as the fact that the credit union would never call a member and ask for identifying information.)
He also recommended offering security training seminars for members and ongoing education of credit union employees.
