Some 7% of smartphone owners became identity-fraud victims in 2011, the Javelin survey of 5,000 consumers found. Smartphone users are about one-third more likely to fall prey to identity fraud than the general public, the report found.
Why? Because smartphones are minicomputers that store vast quantities of personal information, yet many users don't protect their smartphones the way they do laptops and PCs.
"Consumers must be vigilant and in control of their personal data as they move toward these new mobile and social technologies that are putting them at risk," said James Van Dyke, president of Javelin.
Javelin found that 32% of smartphone owners don't update to new operating systems when they become available. And 62% don't use a password on their home screen, meaning that anyone who steals or finds their smartphone can access their personal information.
Meanwhile, fraudsters are mining your status updates or, worse yet, taking note of your personal information such as your birth date on social-media sites easily.
LinkedIn, a site most users consider more "business" than "social," had the highest identity-fraud incident rate, at 10%, versus 5% for the general population, the Javelin study found.
Meanwhile, 7% of Google Plus users and 6.3% of those on Twitter reported a case of identity fraud. Among Facebook users, 5.7% said they were victims, a surprisingly low percentage--perhaps because of widespread media attention on Facebook's privacy policies.
People with public profiles that are visible to anyone online were likelier to expose personal information that can be used to access accounts.
On LinkedIn, for example, users tend to be careless about allowing access to their information. Presumably, they assume the site is about connecting with people in the business world, not scammers.
"It's almost like the desire to be part of something is too great to be cautious," said Steve Schwartz, executive vice president of Intersections, a risk-management-services provider. He encouraged users to dig deep into the privacy settings of social-media sites to make sure information is available only to those whom you trust.
Alarming, too, is the correlation between security breaches and ID fraud.
Javelin said that high frequency of fraud could be tied to the number of high-profile, big breaches in 2011--a 67% increase from 2010--at companies like Sony PlayStation, Epsilon, RSA and several government entities.
Here are tips to avoid identity fraud:
- Pay attention to security-breach notifications. "Consumers see a lot of these notifications, and unfortunately it's become a little bit of white noise," Schwartz said. "Most notifications come with some sort of educational note that consumers should use."
- Keep a close watch on your credit cards and bank accounts.
- Don't give out your Social Security number unless you absolutely must, such as to your employer or insurer. If you have health insurance, for example, you shouldn't have to give the doctor's office your Social Security number because it's already tied to your insurance.
- Keep your antivirus software up-to-date on all electronic devices, including your smartphone.
- Use strong passwords, a mix of letters, numbers and symbols, and use different passwords for each account. Yes, it's inconvenient, but getting your identity stolen is more agonizing. According to credit-reporting firm TransUnion, it takes victims about 30 hours and $500, on average, to resolve identity fraud.
- Be careful what you tell your "friends" on social-media sites; scammers may be reading, too. "Assume that anything you post in public areas is fair game," ID Analytics's Winston said.
- Don't store personal information on mobile devices.
- Leave your unneeded credit cards, Social Security card, birth certificate and passport at home.