Clicky

X

Subscribe to our newsletter

Get the State of Digital Newsletter
Join an elite group of marketers receiving the best content in their mailbox
* = required field
Daily Updates

Using Google Image Search to Identify ID Fraud & Image Theft – Your Risk as an SEO

14 November 2011 BY

3 Flares Twitter 0 Facebook 1 Google+ 2 LinkedIn 0 Buffer 0 Email -- StumbleUpon 0 Pin It Share 0 Filament.io 3 Flares ×

I was all set to write a piece about something entirely different, but an attempt at identity fraud this weekend and the fact that I have had to do a lot of online research to find out if I am at risk, has brought up the question

When it is your job to be found online, are the search and social fraternity at more of a risk when it comes to ID fraud?

Let’s start with the fraud

It all began while I was looking for a seasonal rental online as I do every year. I went to my dealer of choice Craigslist to look for potential accommodation. I always rent from there, and have never had any issues.

As with all Craigslist enquiries, you are required to send emails to owners, so out of (bad) habit I sent replies to anything I received from owners from my normal email address. I requested photos of the apartment and a phone call over the weekend, checked the address for any scams and the location of the address here and abroad. I was even sent the official Government approved application form.

Finally the photos arrived so I thought I would check them out using the Google search by image feature and this is what I found.

google search in image

The same apartment photograph features in various locations with 24 results! I then checked the IP of the emails I had receieved using whois.domaintools.com which confirmed that the mails were being sent via yahoo and blackberry via Nigeria.

I didn’t send bank details, or ID, but it was very easy to just ask for my name, telephone number, and location in the UK (thankfully I lied about my age so my birth year will be harder to figure out). I did some digging, but instead of feeling better, I discovered that even with just a name, fraudsters can find out an awful lot about you. My weekend was spent finding out what steps to take and how easy it might be to take me (and anyone else that has information all over the internet) to the cleaners.

“I’m not at risk because I don’t give out my details”

Are you sure about that?

Facebook Birthday AlertsWe all smile when we hear about victims being scammed by online Russian Brides, or anyone that sends their bank details to the Nigerian Lottery Authority, but it takes a surprisingly small amount of information for a thief to commit identity fraud. In some cases, all it takes is a name, your name – the one you post all over the internet without even thinking about it – next to your photo.

With the advent of over sharing, geo location, and the Facebook ‘timeline-of-everything’, it is going to be even easier to tie up historical data. ID Theft is on the up and according to the ‘National Fraud Prevention Week’ website (who knew?!), 88% of us share detailed personal information online, but only 18% of us are worried about that. With the average cost of ID theft being just over £1000, and the high season of Christmas Fraud, alcohol, photo sharing and lapse personal security around the corner, it’s at least worth a credit check.

Sometimes you are not given a choice before your information is distributed around the internet. Sites such as 192.com, 123people.co.uk scan electoral rolls then expect you to pay to be taken off. We voluntarily put legitimate information on Linked In, business directories and even if you haven’t been specific with your date of birth, you could have just enough information available for scammers to make an educated guess (Happy 40th birthday Dave Smith of 999 Letsbe Avenue!).

As an online professional or business, you are at risk by default given that your information is potentially more visible than most. Emails are often sent with website details and contact data in the footer as default, (and in some cases with corporate information). Linked In, Facebook, Twitter and G+ are used 24/7 while we actively give out as much information as we can. We also regularly make it public about where we are – I’ve even known colleagues to check in and become the mayor of their own home address.

It doesn’t matter how smart you think you are, anyone can be targeted – not that long ago a number of us were scammed and locked out of our Twitter accounts by clicking on links such as ‘those photos are hilarious’ from a Twitter DM after ThinkVis (you know who you are!). The fact is that you only have to hand out your business card to the wrong person and they can track you down and find out everything they need to know about you and your business.

Let’s do a little experiment.

Pick a Name, any name…

Use that name to complete an image search. Take that image and do a reverse search using the Google Search by image feature. The chances are you get something like this:

online-id

These listings give access to:

  • A Person’s Name (practically everywhere if they work online, x 1000+ if they are an SEO)
  • Photo (potentially good enough for fake ID)
  • Address (192, 123people, electoral roll, birthday party invites on Facebook)
  • Telephone Numbers / Mobiles (social networking, business cards, websites)
  • Past & Present Employment details (LinkedIn, Facebook Timeline, online CV)
  • Birthday Year (Facebook Comments, LinkedIn, anywhere that has an age option)
  • Past History and all life Events for the rest of time (Facebook Timeline)

It gets better – if you are the Director of a Company, you have a legal obligation to keep your details at Companies House, stored online, where people can pay £1 to download it. Iin some cases, your signature may even be on some of the stored data and your VAT and Company Numbers are definitely on your website and paperwork. This leaves you at risk of company hijacking thanks to a loophole at Companies House allowing changes to be made simply by filling in a form without secondary checks being carried out (this is now changing). With corporate ID fraud costing over a billion every year, it is surprising that only 36% of businesses are covered by their insurance for losses that may be incurred by ID Theft.

ID Fraudsters work in teams and are skilled at getting past the gatekeepers at banks, the Post Office, and with the information above, they can divert your mail in order to try and get credit cards, bank statements and utility bills. They can come to your home and rummage through your bin for sensitive info that you have discarded. Once your credentials have been obtained, it is relatively easy to set up mobile phone contracts, bank accounts and apply for loans by post. Worst case scenario could be crimes being committed in your name, your business name, forged documentation and huge bills being run up while you are unaware of fraudulent activity at the very least your credit record could take a beating.

How to protect yourself

You can’t completely protect yourself, and it may also never happen to you, but there are steps you can take to monitor activity so that if you are a victim of ID fraud you can act quickly and limit any damage. Some of these may seem obvious but you would be surprised how easy it is to get lazy with shredding and leaving personal items around the workplace and not logging out of things.

Steps to take to avoid Identity Theft

  • Shred information with signatures, names and addresses
  • Check your credit online regularly to look for suspicious activity or credit checks against your address, or join Equifax, Experian, Callcredit or Privacy Guard. Most providers offer a free 30 Day trial
  • Make sure you check the box on the electoral roll requesting that your data remain private. You have to do this every year.
  • If you haven’t taken the above step, you may need to request for your data to be taken off 192 and 123people.
  • Join CIFAS Protective Registration - for business and individuals to place protective warnings on credit files
  • Avoid links in emails you don’t recognise (Phishy Phishing)
  • Forward your mail for at least 6 months if you move or change premises – contact www.royalmail.com if mail starts disappearing
  • Check everything on your credit card and bank statements
  • Make sure you are ex-directory with your telephone provider
  • Visit the UK Identity Theft website
  • Sign up to the Companies House Webfiling, PROOF, and Monitor services for alerts regarding changes of details
  • If you are away on business hold the mail, or consider a ‘scan my post’ service
  • Stay indoors, lock the door, talk to no one, and never go online EVER AGAIN

If you are still not convinced it could happen to you, I have some factsheets and examples I could send out to you free of charge, simply forward me your full name, email, address, age, date of birth, contact number and a scan of your passport or driving license for verification purposes.

AUTHORED BY:
h

Jackie Hole is an Award Winning Search Marketing consultant specialising in Paid Search, Conversion Improvement and Organic Search / SEO for the USA, Canada and European markets. Starting out in Multimedia & Interface Design, Jackie has over 15 years experience in online marketing and was recently awarded European Search Personality of the Year. Jackie is Company Director of 22M
  • http://www.themediaflow.com Nichola Stott

    Excellent post Jackie. I think you’re so right that as SEOs or indeed any other online professional, we even more exposed than most. Though perhaps we should be more tuned in than most, which obviously you were in this case.

    I work for a UK hosting company and amongst many other things they also CRB check senior staff with data access to prevent any threat “from-within”.

    All scary stuff, but very real.

    • Jackie Hole

      Thanks Nichola! Yes it’s something I have not really worried about until I read about the Corporate Hijacking as I have credit check alerts on personal stuff.

      The hosting company are very sensible I hope they didn’t put it in place after something happened! You can’t call the police until someone has used your data fraudulently, but by that time you can run up a bill of several thousands and lose access to control of company access. I may be keeping my wig and wrong name on facebook for a little longer!

  • adi

    i’m not sure if you’re over analyzing this. For start, any image search for an individuals name brings up hundreds or thousands of face images. How does anyone know which one belongs to who with any degree of certainty? Check everysingle one to see which site it came from? 192.com info is also widely inaccurate and out of date. The rest of the article is clucting at straws too.. ie ‘your signature may even be on some of the stored data’ .

    Also have you tried to open a mobile phone account lately? you need utility bills, proven ID such as driving licence or passport. You dont just need your name, address and birthdate. Same goes for most other services.

    This seems like a knee jerk reaction or scaremongering. I know ID fraud exists, well all do, but you’re kinda grabbing at theories out of the air.

    Wirth respect, of course :)

  • Jackie Hole

    Hi Adi – good response! I agree that ID fraud may not be as easy in certain circles and personal fraud is getting less easy, but given that I called the post office this morning to see if I could re-direct my mail it is interesting that they were happy to oblige! Many Store cards don’t do detailed checks and practically give away cards to get you to buy there and then without checking any ID at all.

    The point is that potential is great, it may or may not happen to you, but ID fraud is on the increase and we as online professionals are making it easy to obtain data, so a reminder from time to time makes people a little more aware :-) I can only speak from the experience I had this weekend and have acted on the advice I was given and the resources I was directed to, so thought I would share!

  • http://www.danhorton.co.uk Dan Horton SEO

    Thanks Jackie, nice to see an informative blog post. Not simply a re-write or ineed someone just plumping their own feathers online. The more posts you write actively GIVING SOMETHING AWAY FOR FREE the more people will listen and indeed should.
    Refreshing, to the point and informative.

  • http://www.smartdogdigital.com Illiya Vjestica

    Awesome post Jackie! Well done.

    You’ve got me thinking that I should certainly look at a few options for protection especially for your own business.

    Damn, 192 and 123people they really shouldn’t be allowed to post that information and I’d love to see Google de-index them for ranking for your own name. Very annoying indeed I must say.

    Geo-location like Foursquare, Facebook Check Ins etc. gets me worried the most, but I think some common sense needs to be employed to not check into business and personal addresses regularly and share on every social network you are on. Yet I keep seeing some SEOs / Internet marketers having Mayorship wars for their office space or even home residency.

    Thanks again Jacks!

  • http://www.driesbultynck.be Dries Bultynck

    Very interesting but it also means Google hasn’t sorted out duplicate images yet? or hasn’t figured out whose got the real picture? :)

  • Pingback: 7 Deadly Overshare Sins & Online Privacy Issues - State of Search()

3 Flares Twitter 0 Facebook 1 Google+ 2 LinkedIn 0 Buffer 0 Email -- StumbleUpon 0 Pin It Share 0 Filament.io 3 Flares ×