Can making a peace sign in a selfie really leave you open to identity theft? Yes, if you believe the latest claims made by researchers at Japan’s National Institute of Informatics (NII).
The NII team found that it’s scarily easy to copy fingerprints from photographs. In a recent interview with Yomiuri TV, researcher Isao Echizen claimed that with the right pose and good lighting, no special equipment is needed to steal fingerprints from pictures on social media accounts.
Now that biometric technology is used to secure smartphones, laptops and handheld devices, if you can extract this information from a photograph, you can probably hack fingerprint-controlled security.
It certainly seems possible to bypass the print-controlled lock on the iPhone 5S and 6S. All you need is a fake fingerprint and a live finger (a dead one won’t work, thankfully) and you’ve got access to payment systems, email, banking apps and data.
When Any Information Is Too Much Information
Not all online identity theft demands this level of ingenuity, because anything you post on social media is up for grabs.
We all know about the risks of oversharing and the hazards of slack password management, but most social media identity theft operates on a basic level. You can be hacked (or, more accurately, jacked) even if you keep your daily routines and personal information close to your chest.
Just having a social media presence is enough to put you at risk. And the more actively you network beyond your real-world circles, the more likely you are to encounter identity thieves.
Fraud becomes obvious pretty quickly when the person targeted is a high-profile individual. In 2009, a Twitter account was set up by an impostor in the name of former Vice Presidential candidate Sarah Palin, despite the existence of a ‘parody impersonation policy.’
After a period of low-level satirical activity, the Palin impersonator finally brought their antics into the public domain by issuing a blanket invitation to a barbecue at the real Palin’s home address.
A Ruder Awakening
But when less famous people get jacked, they themselves are often the last to find out.
Some victims of identity theft become aware of the crime because they’re in the habit of regularly checking their credit file. Others have a ruder awakening when unexplained charges appear on their bank and credit card statements, or when they’re refused credit.
Still, others never find out at all, as filmmaker Nev Schulman discovered when he fell in love with a beautiful young woman via Facebook.
His sweetheart turned out not to be the woman of his dreams but a very different person, presenting a fabricated identity made up of fragments from other people’s social media feeds. Those other people, it bears repeating, were unaware they’d been jacked.
Schulman was luckier than many in his position. The experience may have been painful, but it did inspire a successful documentary, Catfish. It also spawned a new term, ‘catfishing,’ now shorthand for the activity of using real people’s social media content to create a fake identity.
Catfishing is bad enough when, as for Nev, it ends up in heartbreak. It’s a whole lot worse when the emotional exploitation is just a ruse to empty your bank account.
No surprise, then, that business for identity verification or background checking companies like uCheck is on the rise.
What you really need to know about social media identity theft is that it happens all the time, and happens quietly. Scammers don’t need to lift your fingerprints from a photograph: all they need to do is download your images from Instagram or Facebook, and that’s it.
So it seems that the only absolute safeguard against fraud is to stay away from social media entirely. But where’s the fun in that?
This post is part of our contributor series. It is written and published independently of TNW.