Only 44% of social media users in the UK keep their personal information restricted to friends and acquaintances on social media platforms, indicating that cyber criminals can track and obtain information about a majority of Brits on social media.
According to Action Fraud, publicly sharing one's location, addresses, and personal details on social media increases the risk of criminals using publically available information to steal your personal details and identity.
Action Fraud referred to a recent study carried out by McAfee which revealed that 60% of people disclose their location in some form when posting online and 15% have posted photos of the front of their house to social media.
"Every day, people leave streams of information about themselves online without considering the risks of their digital footprint. If this information gets into the wrong hands, it can be used to paint a detailed picture of someone and offer direct access into their lives," warned Raj Samani, Chief Scientist at McAfee.
Oversharing on social media displays poor cyber hygiene
In October last year, research carried out by Get Safe Online also revealed that as many as 39% of Brits were victims of fraud carried out by scammers who exploited peoples' habit of oversharing their personal information on social media platforms.
The study also revealed that over one in five people regularly posted on social media to show off about their holidays and 20% of Brits shared significant life events such as buying a house on social media.
"An innocent location check-in or a photo of your new driving licence, for example, could be invaluable to criminals, who are expert at putting together snippets about you to build a bigger picture with a view to defrauding you or stealing your identity.
"Think through not just what you’re sharing but who you’re sharing it with. For instance, if you have an open social media account, you’re sharing with the whole world, not just with the people in your own groups. Even if it’s set to private, you can’t be sure it hasn’t been passed on. For your own privacy and safety’s sake, some things are better kept offline or private, so always be aware of what you share," said Tony Neate, CEO of Get Safe Online.
According to Action Fraud, in order to prevent fraudsters from using their personal information to carry out identity theft or fraud, people must review their social media privacy and location settings to ensure that information shared with close friends and relatives aren't viewable publicly.
At the same time, Action Fraud also warned that revealing their full names, dates of birth, location or other personal information could leave people vulnerable to identity theft and fraud.
Password reuse on social media encouraging credential-stuffing
Aside from being careless about what they share publicly on social media platforms, a large number of Internet users also use the same passwords for multiple social media accounts, thereby exposing themselves to credential-stuffing attacks that involve hackers using usernames and passwords stolen from one account to log in to other accounts owned by the same individual.
In January, Action Fraud revealed that by carrying out credential-stuffing attacks between April and September last year, hackers inflicted a loss of £14.8 million to UK residents. In comparison, Brits lost up to £11 million to 4,796 reported instances of hacking of social media and email accounts between October 2017 and March 2018, thereby signifying an increase in both the number and financial impact of such attacks.
"Cyber crime is a growing trend with the total losses increasing by 24%. In particular criminals are targeting social media users and online account holders in a bid to make money and steal personal details. This leaves victims out of pocket and at risk of identity theft," said Commander Karen Baxter of the City of London Police.
He added that in order to avoid falling victim, people should "keep a strong, separate password for their email accounts. They should also use the latest software and app updates. Always be suspicious of unsolicited requests for your personal or financial information and never call numbers or follow links provided in unsolicited texts or emails; contact the company directly using a verified and trusted email or phone number."