Identity theft marks its 453rd anniversary this summer. In 1556, a man named Arnaud du Tilh arrived in the French village of Artigat claiming to be Martin Guerre, a peasant who had left his wife and child eight years earlier. The man fitted Martin Guerre’s profile. He looked like Martin Guerre. He repeated a number of facts about Martin Guerre. And he was accepted as Martin Guerre by Martin Guerre’s wife with whom he went on to have two children. It wasn’t until the real Martin Guerre turned up in 1560 – minus a leg – that du Tilh confessed. He was hanged in front of Guerre’s house.
Today’s identity thieves have less to fear. They also have much more opportunity and they’re becoming increasingly sophisticated too. They no longer need to rely on an uncanny resemblance to a missing husband to win themselves an easy life, and they don’t even have to rummage around in suburban garbage cans for old bank letters to pick up useful information.
The rise of social networking means that anyone can now gather all sorts of valuable data about almost anyone else and create fake profiles that steal trust and win confidence. Email phishers, garbage scourers and credit card copiers might have followed du Tilh with their version of Identity Theft 1.0 but the new upgraded version is a lot smarter, a lot less reliant on the greed of phishing victims and the carelessness of bank customers… and a lot more pernicious.
Facebook Has 243 Brad Pitts
The two places most at risk are Facebook and Twitter, neither of which can verify the owners of accounts at the time they’re created. For the most part, the motives behind those profiles are more likely to be playful than deliberately malicious. Everyone dreams of being a Hollywood superstar but there are currently 243 people on Facebook pretending to be Brad Pitt. This guy though isn’t convincing anyone and it’s unlikely that any user is going to be taken in by the other 242 Mr. Jolies. In fact, skepticism about the true identity of celebrities on social media sites is so widespread that even Jonah Lehrer, an author and editor for Wired, has been asked whether his Twitter profile is real – as if someone would fake a geeky intellectual.
That means that it’s actually the un-famous that have most to fear from Facebook fraudsters. Because fewer people are likely to suspect a rat, it’s much easier for an evil-minded prankster to damage an average Joe’s reputation with a fake profile. That’s turned Facebook into a site not just for people to make friends and renew old acquaintances but a potential crime scene where anyone can slaughter a name.
Fortunately, it’s also now legally protected space. In a landmark case in July 2008, the High Court in London ordered Grant Raphael to pay former schoolfriend and business colleague, Mathew Firsht £22,000 (around $36,000) for breach of privacy and libel. Raphael had created a fake Facebook page in Firsht’s name, claiming that he was homosexual and untrustworthy.
Facebook though has the advantage – in security terms, at least – of being at least a little closed. Members are able to restrict their personal information to people they approve, making it slightly harder for identity thieves to copy entirely another person’s life. Most members make use of that barrier on Facebook. Relatively few do on Twitter even though the option is available, allowing anyone to read the details of their personal lives.
Are Porn Bots Picture Thieves?
In practice, that openness might not in itself be a problem. Scammers want to know your bank account details, not what you had for lunch. The real identity threat on Twitter comes from two directions.
The first – and one that’s becoming a growing nuisance on the microblogging site – is from porn twitterers. “Latonya Ditecco,” “luvLorelei395” and “Hubert937” are just three timelines with remarkably similar tweets. At first glance, those tweets appear to be almost natural. Posts like “what are y’all gonna do 4 FathersDay 2morrow…need ideas” don’t stand out as being particularly strange until you realize that exactly the same tweet appears across multiple timelines, and the retweets and rehashed quotes are as meaningless as many that you can find across the site. It’s when they start talking about sex that you know the picture on the profile isn’t of the person typing the messages. More worryingly, while some of those pictures look like they were bought from a kind stock agency for porn sites, others (such as this one) look more like they were lifted from a photo-sharing site. That’s worrying for the people in the pictures who now look like Twitter porn stars.
The other threat though is much simpler and it comes from people impersonating others to benefit from their name brand. That’s not new to Twitter and can sometimes be harmless. Forbes editor Dan Lyons created a Fake Steve Jobs blog to satirize the Apple founder, and Twitter is filled with timelines created in the name of Buffy Summers and other fictional heroes. It’s when those fake timelines pretend to be real and written by other people that the deception is more serious. Even the mainstream media was taken in when someone started tweeting in the name of the Dalai Lama, and news outlets had to issue a stream of corrections when it became clear the timeline was fake.
Again, those aren’t intended to be harmful, even if the effect could be to damage the real person’s brand and credibility. More worryingly though, many of the timelines reported to Twitter’s @spam complain timeline have actually been created by marketers who use the name of well-known Internet sellers to promote their own products. When buyers find that those items are sub-standard, they’ll be complaining to and about the wrong person.
Fortunately, Twitter has been pretty good at responding to identity theft. Its terms make clear that it doesn’t allow name squatting and complaints quickly result in closed timelines. The site’s new Verified Accounts have even made it easy for celebrities to prove that they really are who they say they are, although looking for links to the timeline on the celebrity’s official website can be pretty effective too.
Identity Theft 2.0 then is more complex than the old version. It requires scammers to create entire personalities rather than memorize credit card and social security numbers. And it’s not entirely clear what they can get out of it – other than annoying the person who’s identity they’ve stolen. Pretend to be Zig Ziglar and try to sell your information products on Twitter or Facebook and it won’t take too long before you’re shut down. You won’t have got to swipe someone else’s wife but at least you won’t have been hanged.