Identity theft, bots, and the seamy side of the internet
April 17, 2018 11:37 AM   Subscribe

How do I know if, and where, my identity has been appropriated on the internet?

I keep reading about the proliferation of bots, famously when the issue of net neutrality was under reconsideration by the FCC, but also in comments sections and on social media. If my identity were associated with one of these bots, how would I know? Should I even care?

On (what I think is) a related note, I sometimes receive emails ostensibly from someone I know but the content is a link to an advertisement or something else I know the person didn't send me. Occasionally, these emails come from someone I had brief email contact with years ago (such as a business associate). Does this mean their email has been hacked or their identity stolen? Is there anything I should do about it besides deleting the email (and never, ever clicking on the embedded link, of course)?
posted by DrGail to Computers & Internet (6 answers total) 5 users marked this as a favorite
There is a difference between stealing your email address and friends list, which is relatively easy, and stealing your social security #, driver's license #, and enough other information to convince an apartment manager to rent you a room or a bank to make you a loan. I get emails all the time purporting to be from various friends, and inviting me to click on vague links, and my friends tell me they get the same with my name on it. Sometimes it's obvious that whoever sent it didn't even know my name, just my email address. The lesson is, don't click, and don't worry.

Serious identity theft — the kind that costs real money, time and inconvenience to fix — is a lot harder, but with the massive losses recently experienced by various hosts (like FaceBook and Equifax), it could pretty much happen to anyone. Here, however, numbers are your friend. It's a lot easier to steal 50 million FaceBook accounts than it is to open 50 million bank accounts or rent 50 million apartments. I'm not saying there is no risk, just that it's spread out. Tighten up your security — hide those things which can and should be hidden — and try not to worry.
posted by ubiquity at 12:03 PM on April 17, 2018 [1 favorite]

If my identity were associated with one of these bots, how would I know? Should I even care?
You can search for your own name on Google and other search engines, though you will get false positives and it won't find everything. Add your state or city to narrow it down if necessary. If someone is using your identity to add likes and positive comments to their baked potato recipe, it is probably not a big deal. If someone is posting more serious things in your name, you want to know that since others people can find it the same way you did. Potential friends, dates, or employers could see it and believe it is you. This goes both ways in that you should not assume anything you see posted is a real comment until you have verified it with the poster, especially controversial things that seem out of character.
You can search Facebook for your name but try both signed in and signed out if you have an existing account. If you find one that is impersonating you, there are ways to report it. I don't know how effective they are.
posted by soelo at 12:19 PM on April 17, 2018

if you show up on then odds are decent that someone has tried using that email and password on social media accounts.
posted by zippy at 1:32 PM on April 17, 2018

That's not what shows. It shows whether or not your information was in any compromised breaching, not if someone has tried to use that information. And nothing specifically about social media.

but all the data on this site comes from publicly leaked "breaches" or in other words, personal account data that has been illegally accessed then released into the public domain.

posted by humboldt32 at 11:48 PM on April 17, 2018

I don't think zippy is saying hibp is telling you someone has tried but rather if your userid and password were leaked, chances are the people have tried to use it.
posted by soelo at 7:58 AM on April 18, 2018 [1 favorite]

what soelo said. by the time that site gets the data, typically from very large data breaches, it's already been circulating on scammer markets for a while, and is more likely to have been tried on multiple services (popular email providers, instagram, facebook, etc)
posted by zippy at 6:15 PM on April 21, 2018

« Older 3 prong outlet, 2 wires?   |   How to write personal letter as a single home... Newer »
This thread is closed to new comments.