Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
A lot of people who have been able to get the coronavirus vaccine are proudly posting photos of their vaccination cards on social media platforms such as Facebook. But does this put you at risk of identity theft?
While your most sensitive piece of information is your Social Security number, identity thieves will gladly harvest other personal details such as your name, address, and birth date from both legal and illegal sources. None of us should make their job easier by making such data readily available. Your vaccination card prominently displays your birthday. Think about how many times you may have authenticated yourself over the phone when dealing with your bank or credit card company by providing them with your birthday.
If you want to excitedly share with the world the news that you have been vaccinated against the coronavirus, could you just post a selfie of you wearing the sticker you are given when you have been vaccinated? That would be completely safe, right?
While I may be a bit paranoid, it is important to remember that even paranoids have enemies. Just posting your vaccination sticker is a public notification to scammers, who may try to contact you by phone, email, or text message. Posing as medical officials, they may falsely inform you of such things as new side effects, a change in the date for your second shot, or other issues related to your vaccination. You may end up clicking on links that download malware to your computer, or you may unwittingly provide further personal information such as your Social Security number. So perhaps the best course of action is to get your shot and keep it to yourself.
Oh, and by the way, how many of you already have your provided your birthday to Facebook when you first signed up? It may be nice to see all of the greetings each year when Facebook lets your “friends” know it’s your birthday, but you also may be providing this information to scammers.
Now is probably a good time to look at what you can do to protect your privacy on Facebook and other social media.
In order to create a Facebook account, you are required to provide your name, an email address, a password, your gender, and your birthday. Your birthday is required in order to verify that you are at least 13 years old. However, you can adjust your account settings to hide this information by using the “Edit Profile” link at the top of your profile page. Much of the information initially requested by Facebook is optional, and you can leave it blank. Does the world need to know where you went to high school?
Although rarely will you find anything “fine” in “fine print,” it is important to read the boring privacy settings for your social media. Facebook and Twitter, for example, allow you to set up customized lists of specific people who can see particular posts.
You also may want to reconsider tagging your specific location when you are on vacation in order to protect yourself from criminals who might take this as an invitation to burglarize your home.
Even photos of older family members can lead to the infamous grandparent scam, where crooks call unsuspecting grandparents posing as their grandchildren who are in need of money due to some emergency. Scammers can harvest the names that the grandparent is called in a social media post as well as information about the whereabouts of their grandchildren.
Finally, one important piece of information that many people don’t realize should be kept as private as possible is their cell phone number. These days your cell phone number is tied to so much of what you do. When criminals know your number, they can leverage it through commonly available legal databases and learn information such as your current address, past addresses, the names of your family members, and more. They can also use the number to gain access to your social media accounts and, most significantly, use the information gained to answer security questions that would allow them to do a SIM swap. This is where your cell phone number is transferred to the criminal’s phone. This lets them defeat dual factor authentication, putting your bank accounts and other sensitive accounts at risk.
So what can you do to protect yourself?
Limit providing your cell phone number to people and companies as much as possible. You also may want to consider getting a second phone to use when you have concerns about security. You also can use apps such as Google Voice or Burner that will enable you to create different numbers to use for calls and text messages.
You may also wish to consider other forms of dual factor authentication. There are apps that will generate temporary security codes such as Authy or Google Authenticator.
Perhaps the best thing you can do to protect your SIM card from SIM swapping is to set up a PIN or password to be used for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you and convincing your mobile carrier to swap your SIM card to the criminal’s phone merely by providing personal identifying information or answering a security question.
Featured image: Evgenia Parajanian / Shutterstock
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
Comments
Good info for those that feel compelled to put damn near everything on social media. I can’t imagine doing anything like that, but plenty of people do, have, and will in the days ahead, unfortunately. I keep my social media confined to comments on the Post site, Twitter (mainly in conjunction with the Post) and YouTube.
Anyway I got the 2nd Pfizer shot on April 12th without any problem, and the two cards are kept together in a safe drawer with my social security card.