Social networking websites are popular in Malaysia but many users are not aware that their identities could fall into the wrong hands, writes SUBASHINI SELVARATNAM AZURA, a college student, is chatting online on her notebook while sipping her latte at a cafe in Bangsar, Kuala Lumpur.

Woo says students are early adopters of social networking websites

People trust websites and their security features implicitly, says Effendy

Pillai says posting personal particulars online encourages identity theft

She occasionally takes a break from instant messaging to browse user profiles on Facebook.

Facebook is a popular social networking website with more than 69 million users worldwide, which Azura signed up for.

A social networking website is similar to an online community that shares a common bond such as hobbies and politics (http:// socialnetworking. knowhownow.com /blog/what-is-socialnetworking/).

Meeting people online and commenting on budding hip-hop artistes is Azura’s favourite pastime.

She updates her user profile — which can be viewed by her friends and people on Facebook — regularly.

She also publishes photos, shares videos and occasionally participates in fun quizzes on Facebook.

Azura was introduced to the world of social networking websites by her friend, Anita, who uses Facebook to track her high school friends and participate in online community discussions.

Unlike Azura, Anita does not post her mobile phone number and photos online. She has warned Azura about the pitfalls of doing so but the advice came too late because her friend is now swarmed with unsolicited calls and e-mails from strangers. She even found compromising photos of herself on the Internet.

Azura was compelled to lodge a report with CyberSecurity Malaysia, a one-stop specialist centre that handles cyber security issues in the country.

CyberSecurity Malaysia is under the purview of the Ministry of Science, Technology and Innovation.

Social networking is supposed to be fun but it turned out to be a nightmare for Azura.

Social networking websites are a major draw for thieves trying to steal identities and perpetrate fraud, according to an article on Telegraph.co.uk in the United Kingdom.

A criminal, for example, could steal identities by creating a dummy Facebook account. The criminal sends invitation to 200 Facebook users to be his friend, and 87 of them accept the invitation.

From the 87 “friends”, 82 would unwittingly leak personal particulars to the criminal including names of spouse, curriculum vitae and the maiden name of a user’s mother, a detail requested by banking websites for account access.

The criminal then creates a phishing website or e-mail which is used to steal bank account particulars and credit card numbers by tricking users into believing that it is a genuine website or e-mail account.

The article hit the nail on the head when it said “people link to others without thinking. Some people on Facebook have 1,500 friends. If you have that many links, you may be sharing details with the wrong people”.

Friendster and MySpace are the two other popular social networking websites.

Friendster is the leading social networking website in Asia with over 49 million users. Users of Friendster in Asia are between the ages of 16 and 30 years old and females make up the majority. MySpace is popular in the United States with a sizeable number of users in Malaysia.

CyberSecurity Malaysia says there have been incidents involving local teenagers whose MySpace credentials have been stolen.

Their MySpace accounts, which contain personal particulars, have been hacked and their phone numbers were posted online without their knowledge.

Ironically, exposing “sensitive” information, pictures and videos that affect a victim’s reputation is done by someone who knows the victim personally. Although CyberSecurity Malaysia does not have figures on students who are victims of identity theft, it believes that they could be involved in professional relationships or romantic liaisons where the motive is usually harassment or revenge.

That is a perfect recipe for identity theft, says Pikom (The Association of the Computer and Multimedia Industry) councillor for content and multimedia as well as iContent Group managing director Gerard M Pillai. He adds that identity theft occurs when someone uses a student’s personal particulars without permission to apply for credit cards, take out loans or even commit fraud.

Since the fraudulent activities are done in the student’s name, he runs the risk of getting caught.

By exposing personal particulars online, paedophiles or kidnappers could even attempt to trace students’ schools and even homes.

If students are not careful, in extreme cases, they may face the prospect of having their names blacklisted by banks due to unauthorised debts through fraudulent credit card transactions.

This makes it difficult for students to apply for loans.

Monash University Malaysia School of Information Technology lecturer Dr Saadat Alhasmi says students are more vulnerable to identity theft because many post their personal particulars online without thinking of the consequences.

The number of identity theft targets is anybody’s guess but Saadat believes that the likelihood of the incident is high as long as students publish their personal particulars online.

Their reputation could be ruined and clearing their names may take months or even years.

Andy Woo, country (Malaysia) manager for Sophos, a computer security company, says students are early adopters of social networking websites.

They seldom think twice about using third-party applications (applications that are not developed by the creator) from social networking websites.

According to a research by University of Virgina in the United States, 90.7 per cent of Facebook’s most popular applications have access to users’ private data.

This could lead to identity theft, phishing attacks and spyware (a software that illegally tracks user’s web surfing habits) threats.

Woo believes that the social networking websites need to address this problem by educating users on how to secure their profiles.

Social networking websites could also improve their own default security settings.

Symatec’s Norton manager for Asia-South region Effendy Ibrahim says, based on its Symantec Internet Security Threat Report Volume XII (January to June last year), people trust social networking websites and their security features implicitly.

Criminals take advantage of this to exploit social networking users.

It can take months for victims to realise that their identities have been stolen. By the time they discover the crime and report it to the authorities, the thief is long gone.

PREVENTION THE BEST FORM OF DEFENCE

PROTECTING yourself from identity theft is the best form of defence.

For starters, do not reveal personal particulars such as mobile phone number and home address in your user profile because anyone from the same social networking website can view them.

Users should also restrict access by applying the security features offered by social networking websites.

Do not send personal particulars via e-mail, instant messaging or pop-up screen that appears on a website. Do not open e-mail attachments from strangers.

The Social Networking blog (http:// socialnetworking.knowhow-now.com/ blog/) advises users to be cautious when making contact with other Internet users because they may not tell the truth about themselves.

Be cautious if a new online friend wants to meet you in person. Do a background search of that person via online search engines, says the Federal Trade Commission in United States (http://www.ftc.gov/bcp/edu/ pubs/consumer/tech/tec14.shtm).

The website also urges users not to post photos online because visuals can be altered and broadcast in ways that you may not be happy about.

Chia Wing Fei, security response team manager at F-Secure Security Labs Kuala Lumpur, believes that parents can help prevent identity theft by educating their children on safe computing practices, especially on exchanging information online.

They should teach their children to safeguard their personal particulars especially when registering for online services such as social networking sites, forums and e-mails.

Victor Lo, technology principal consultant at Trend Micro Malaysia Sdn Bhd, another computer security company, says students must install the latest Internet security software in their computers and mobile devices to combat malware threats such as viruses, spyware and phishing attacks. The software must also be updated regularly.

WHAT TO DO

IF you are a victim of identity theft, you must inform:

• the police.


•  CyberSecurity Malaysia via Malaysian Computer Emergency Response Team (MyCERT) (Tel: 03-8992-6969, Fax: 03-8945-3442, e-mail: cyber999@cybersecurity.org.my or mycert@ mycert.org.my, SMS: 019-281-3801 (24 hours), Mobile phone: 019-266-5850 (24 hours).


•  the social networking website you signed up for.


• If someone is using your identification card number to create credit or new accounts, contact the National Registration Department.

Inform your bank and close financial accounts that may have been compromised.