News Column

Consumers, Social Media Oversharers Protect Your Online World

Dec 21, 2012

Debra D. Bass


We are in a new world of oversharers. We "check-in" at restaurants, malls and sporting events. We photograph our meals. We grumble about the customer service at the superstore. And often hundreds, if not thousands, of people bear witness. Most ignore, some respond, maybe a few actually care.

But when it comes to sharing information about what you buy, from where, for how much and when, that action can have unintended financial consequences.

"In social media, one of the things I never do is agree when they want you to promote that you purchased this or just bought that," said professor Scott Campbell of Miami University in Oxford, Ohio.

He is director of technology for the School of Applied Science and Engineering and teaches courses on network and system security. He admits that he's paranoid, but then again he's trained to ferret out worst-case scenarios.

I asked him about an array of information sharing activities to see what was risky and what was shrug-worthy. He doesn't believe you can't share any personal information, but he does believe that you should be selective.

Sure, sign up for tweets from Target or Facebook and go ahead and "like" your favorite boutique.

But protect your Social Security number. And that doesn't mean, just don't give it out. It means don't give out hints.

Social Security numbers are not totally random. So if someone with malicious intent knows the year you were born and your city of birth, he or she can start running programs to discover your Social Security number and fake your identity.

What should you do? Just because people ask for something doesn't mean they need it. If you have the opportunity on a store rewards form or restaurant frequent buying card, don't include your exact age. The marketers want to target information to your age group, but it makes it really easy to figure out your year of birth. Same advice goes for birthdate requests. Stop with the month and day (withhold the year), if they "need" it, consider the request. Do you trust this agency's security? Is the 20 percent off or next meal free deal worth it?

"The birthday is fine; it's nice to get those little cards and deals every year on your birthday, but they don't need to know that you're turning 50 this year. That's just more information," Campbell said. Our suggestion: If they need a year, give them one (wink).

Giving them your email address is fine. The worst thing you'll typically get is extra spam. Campbell said it's a necessary evil. He has a separate free email account just for signing up for deals.

"They are using (email) for marketing, and that's what's driving our economy," he said. Same goes for your Twitter and Facebook accounts. Sharing that information is pretty safe, but note that your Facebook page should not include your age either. There's a setting to make only your month and day visible, use it.

Overall, Campbell is most concerned with protecting credit and debit card information.

To that end, he prefers to use true credit, not a debit card for most transactions. There have been high profile department store systems that have been hacked, and months of charge card numbers were stolen. In cases like that, bank accounts can be depleted quickly. You'll get the money back from the fraudulent activity, but it can take 10 days or more. That's a long time to be without ready cash.

Campbell joked that he prefers to gamble with someone else's money. And, besides, that gives him a chance to look at the bill again before he pays it off.

Campbell said, ultimately, "Don't make it easy for them." You can't protect against every attack, but you can be smart about it. Much like the analogy of the two guys talking about who could outrun a bear, the truth is that you don't have to outrun the bear, you have to outrun the guy next to you.


1. If you do get a suspicious email, delete it. Programs are so sophisticated now that you don't even have to open files to launch malware. Just opening the email can be harmful.

2. If a social program, bank, store, credit agency or what have you, contacts you by email to discuss something wrong with your account, that's fine, but don't click on the link in the email. Delete the mail and go directly to the site it mentioned. Type the site's official URL into the address bar yourself. If there is a problem, you'll have a note on your account page. Campbell said that not clicking on links in emails would probably eliminate 98 percent of problems.

3. If you're hacked, sign into your account and change your password immediately. Then change your security questions. Some hackers are clever enough to change your security questions before they launch their attack, so that once you reset your password they can hack you again later. Sneaky, right?

4. It's fun to take photos of your activities, but if you're on a trip, think about publicizing it after you're back home.

5. Don't "check-in" at your house (especially if you're fond of checking in at locations away from home) and don't offer people a photo of the front of your house. You're giving people a location, and if you've also provided them photos of the inside of your house where expensive or easy-to-sell objects are visible, you're now giving them motive and opportunity.

6. Password keeper apps and services like can be invaluable. Campbell reiterated what every tech guy under the sun will tell you, don't use the same password for everything. A password keeper service will encrypt all your information and generate random (really hard to crack) passwords for all your accounts. The downside is that it requires you to log into the service each time and copy and paste your complex password, but the programs will save you grief in the long-run. Like all cloud-based services, if one of the password programs ever went out of business, it would take your passwords with it. But the worst-case (unlikely) scenario is that you'd have to reset them all.

7. Lastly, a real-world shopping security problem: If you take bags of gifts or items to your car to stow in the trunk to alleviate your burden before returning to the mall, stop. Last year, thieves were on the lookout for this activity. After the goods are in the trunk, you were advertising -- look what I bought -- and by the way, I won't be back for a while. Campbell said you either have to leave or just move the car to another location at the mall. Do not close the trunk and walk away.

Source: (c)2012 the St. Louis Post-Dispatch. Distributed by MCT Information Services.

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters