KnowEm is now offering via our Security Alert portal a freely searchable database of over 35 million email addresses allegedly used to create accounts on the online extra-marital dating website Ashley Madison®. The email addresses were leaked by the hacking group “Impact Team” a couple days ago, but unless you wanted to download 10 GB of data off the dark web you probably haven’t been able to find out if your email is in the list.
Just like we did last September for the Gmail hack, KnowEm did all the work for you. We downloaded the database and converted it for free text searching on our security alert minisite, http://securityalert.knowem.com/. All you have to do is enter your email address to search the millions of emails that were leaked.
Of course, just because an email address is in the list doesn’t prove anything – but all signs are pointing to the fact that this is a legitimate breach and the leaked accounts did come from Ashley Madison®‘s site. Still, KnowEm cannot confirm or deny if any email address listed in this database was ever an account on Ashley Madison®. We are simply making the hacked list publicly searchable as a convenience. We are not affiliated with the hackers “Impact Team” or Ashley Madison®.
With the recent media surrounding Manti Te’o being catfished (fooled) by a man posing as a woman he virtually dated for over 2 years without ever meeting, along with the growing popularity of the movie turned Television show Catfish, we decided to divulge a few tricks of how to stalk research someone online using a few free tools and some creativity. So have you found your soul mate online? Let’s see if we can make sure they are who they say they are so you too can avoid being catfished.
Social Media Profile or Instant Messenger Address
Does this person chat with you using a screen name other than their real name? For instance let’s say you use a chat client that allows for usernames (take AIM for example) and the person that you are chatting with has a screen name of SallySmith82. It’s very possible that this person might use the same name across all of his/her social media personas. This is what I like to call someone’s “PUB”, or “Personal Unaware Branding”.
A great way to take a deeper look into what this person’s social media footprint might be is to run his screen name or username through our free social media Username Search tool. You might find that his or her PUB links to an old MySpace profile where there could be pictures that differ from the ones you have seen. Let’s assume you are a man (don’t worry ladies, we know this also happens to you often) and SallySmith82 claims to be a 30-year old woman with a modeling career who is sending you some amazingly beautiful and almost risque pictures of herself. Imagine your surprise when you check out the MySpace profile and you find that SallySmith82 is not at all who she claims to be! Don’t panic! It is always possible that someone else could have the same name and has already claimed the profile; however, if the locations of both SallySmith82 match and you are seeing some completely different pictures, you might want to ask about the profile. Always continue to dig deeper because there could be several profiles across various sites that could all be the same person (or perhaps different personas this person has created).
Do they own a blog, website or domain?
So for another scenario we ‘ll check out one for the ladies this time. Let’s say you meet a very smooth young entrepreneur on Facebook that claims to own a bunch of websites that make him tons of money, and he even emails you with an address from one of his personal domains. I’ll use myself as an example here – if I am constantly emailing you from “firstname.lastname@example.org”, take a look at streko.com. You’ll find a personal blog with a little information about myself, but no pictures or anything personally identifiable. To make sure my name is actually “Michael” a simple thing to do would be to perform a search on the WHOIS information of the account – this can be done easily by using Domain Tools, http://whois.domaintools.com/streko.com. So this proves that I own the domain and my name is Michael Streko. It may even provide my mailing address as long as I didn’t mark it as private. But what you also want to check out is what I highlighted in red, the link that says that I own 4 other domains. So let’s say that I have been telling you I own hundreds of domains and they are a large network of all different kinds of sites that have to deal with shopping. You can purchase a full domain ownership report from Domain Tools, or for a quick (and much less reliable) search you can query Google for pages which may have already been indexed:
site:whois.domaintools.com/ “PERSONS NAME”
This might give you a rough idea of what’s out there, but for a truly accurate report you will have to purchase the report, which starts at about $49.
Just as someone’s Instant Messenger ID can be used to disclose a name, at times people will use their email address as their profile name on various social media sites. A great post on this topic can be found here on labnol.org – this gives you a good example of how to do a reverse name search using an email address and a few simple steps. If they are constantly emailing you with email@example.com, again you can use KnowEm’s Social Media username search and simply search for candygrrl85 and use the same techniques outlined above to see if you can find any Social Media profiles for that person.
Sometimes a person a using fake profile will slip up and make another Facebook account using that email address.
So if you’re speaking to Candygrrl85 via email and their Facebook vanity URL is different; i.e. http://facebook.com/KnowEm (KnowEm being the vanity URL), you can perform a simple email search on Facebook or any other social media site that allows you to search via email for members. With Facebook simply drop the email address into the search box.
Are they a criminal?
If you and your online friend decide to finally meet face to face, it might be a good idea to take a bit of a deeper look into this person’s background. Just about every state in the United States offers a free online offender search for convicted felons Simply go to Google and search for your states “Department of Corrections” or “DOC” website. As an example here is New Jersey’s DOC website which does everything from list present/past inmates, their crimes, their picture, and a list of wanted felons that have escaped.
This isn’t really a bonus tip, its more like common sense – search them! Google & Bing it up! Search their email addresses, vanity URL’s, instant messenger addresses and any other information you might have about them. The search engines are there for searching, so search away, you will be surprised about the information from one’s past which gets indexed.
To sum it up, catfishing has been going on for years and most likely will continue for quite some time to come. Years ago it was MySpace; spammers would take a picture of a pretty girl, create a fake profile, gain thousands of friends and then comment on all their profiles with an affiliate link to get a “Free $50 Macy’s Gift card”. Today there’s a new trend called catfishing – what will they think of tomorrow?
This commercial sums it up … just because it’s on the internet, doesn’t make it true:
Dana Thornton, 41, of Belleville, NJ who is charged with impersonating an ex-boyfriend and police officer on the social site Facebook.
As reported by the Daily Record; a New Jersey woman still faces charges this week in a case of first impression in an identity theft indictment. Dana Thornton, 41, is being accused of impersonating her ex-boyfriend, Parsippany Detective Michael Lasalandra, by creating a Facebook page in his likeness. The Facebook account, created in 2009, contained modified images of Lasalandra as well as derogatory comments seemingly made by him. Thornton was indicted in August 2010 by a Morris County grand jury on a fourth-degree charge of identity theft, which is punishable upon conviction by up to 18 months in prison.
Thornton’s defense attorney, Richard Roberts is claiming that New Jersey’s statute does not apply to her case because, “it does not specifically address impersonation through the use of social media or the Internet.”
Superior Court Judge David Ironson has ruled that this defense “lacks merit” and will uphold the conviction. Judge Ironson has stated that the Internet is a means of accomplishing a goal of impersonation, but just because New Jersey’s law doesn’t specifically mention it as a vehicle to impersonate doesn’t mean the statute doesn’t apply to Thornton’s alleged conduct.
So although the New Jersey statute doesn’t specifically mention “Social Media” in its wording, we must be able interpret the law accordingly. Social Media is a form of communication and what is said and published there is comparable with impersonation in print or in person.
Prosecutors have argued that although the statue doesn’t “include or exclude electronic communications it is applicable to a broad spectrum of impersonation techniques.” Ms. Thornton has allegedly assumed the identity of another person and acted to injure Lasalandra’s reputation and career as a police officer. This can be done through multiple mediums and Facebook is no different in this aspect.
States like New York and California have amended their own impersonation statutes to include “Social Media” in its text. Thornton’s defense team is arguing that these states dismissed cases like Thornton’s until those laws were amended. New Jersey does currently have a bill in congress to adjust their original statute, but Morris County prosecutors and Judge alike agree that this is a clarification of the existing statute. They still interpret the existing law to include all mediums, including the ever-growing world of Social Media.
In Panama City Florida a local and respected teachers’ identity was used to create a fake Twitter profile which spouted off derogatory comments about autistic students. The teacher works with special needs students and had no idea this was going on until she was informed by officials questioning her and the profile.
The Twitter profile included the teachers name, photo, and town along with the derogatory comments. People all over the world started contacting local officials demanding her be ousted after they saw what “she” was writing.
When this came to the attention of the school they immediately brought her in for questioning to determine if she was the author. Their initial questioning led them to believe she was not the author; however they made her bring in her laptop and examined her hard drive for further investigation.
As I’ve said before, identity theft is the only crime I can think of where you are guilty until proven innocent. Once something like this happens it can quickly and easily damage your reputation.
Online Security Tips:
Right now grab your name on all the popular social media sites. Sign up for every one of them even if you don’t intend on using them. If your name is gone use a hyphen or a dash. For free search over 500 popular social networks and over 200 domain names to instantly secure your brand across the social web at Knowem.com.
What exactly is social media identity theft? It’s a form of cybersquatting using social media sites. If you’ve ever attempted to join a social media, site or applied for an email account, and found that your first and last name were already taken, that may or may not have been social media identity theft, or cybersquatting.
InformationWeek reports SB 1411, which has been approved by the California Senate and the Assembly and now awaits the signature of Governor Arnold Schwarzenegger, makes it a misdemeanor “to knowingly and without consent credibly impersonate another person through or on an Internet Web site or by other electronic means with the intent to harm, intimidate, threaten or defraud another person.”
There are laws for every possible thing under the sun. Do we need another law? Many argue there are sufficient laws in place that already make impersonation illegal. Will a law that directly addresses the issue of social media identity theft stop others from doing it? Maybe. Are there instances where it is OK to impersonate another person or corporation? Apparently it is acceptable like in the BP case where someone created a mock Twitter account.
I know I don’t want anyone stealing my online identity so I’ve done things to prevent that as much as I can. However it is still possible to create a persona that is mine and make a mockery out if it. That is not OK with me. Do you think there should be a law that prohibits social media identity theft?
What BP has done isn’t funny. The Wall Street Journal reports a Twitter user with an account dubbed BPGlobalPR is posting satirical entries about the massive oil spill in the Gulf of Mexico — and already has more than twice as many followers as BP America’s actual account. I’m sure BP doesn’t think its “satirical” or funny. BP’s actions or lack thereof certainly deserve a lashing, and the public is responding in a number of ways. Social media identity theft appears to be one of them.
The tongue and cheek microblog authors are posting tweets such as “If we had a dollar for every complaint about this oil spill, it wouldn’t compare to our current fortune. Oil is a lucrative industry!” Which of course alarms any followers who don’t realize this is a spoofed account.
The fact that some people think its real speaks volumes about how vulnerable any company is from this type of impostor fraud. The fraudulent account demonstrates how difficult it is for companies to maintain a controlled online presence with the proliferation of social media. It’s the wild wild web out there and any company that sits idly waiting for someone to snap up their intellectual property or variations of their brand will face an oil spill of a time slopping up their damaged reputation.
Identity Theft isn’t just something that impacts your bank account or credit card. Your brand or trademark can be hijacked in social media and on the web as well, and we’ve seen it thousands of times here at KnowEm. Most recently, according to PCWorld, a hacker named Kirllos has offered up for sale 1.5 million Facebook user accounts. Facebook hasn’t confirmed that this is a verified hack or if Kirllos’ claims are actually legitimate, but the fact that there is a market at all for claimed usernames should give you an idea what their value is worth.
The stolen Facebook identities are offered for sale at between $25 to $45 per 1,000 accounts, making them go for as little as $0.025 per username. But imagine if one of those stolen names was the name of your brand or trademark term? How valuable is it for you to control your name on the web? Now think about the intellectual property value being lost, and how much it might cost in legal fees to wrestle it back under your control.
At KnowEm we often see brandjacked names in social media being used to hawk counterfeit products or promote affiliate links to questionable landing pages which are obviously not under the company’s control. Someone will register a brand name on a popular social media site (and there are hundreds of them) and then use it for their own purposes. After all, if you were a consumer and saw a brand name you were researching had an account on Twitter, wouldn’t you just assume it was that brand, and trust any links they published? Thousands of people do every day.
Even if the Facebook hacker’s claims aren’t legitimate, social media identity theft is a real threat and should be a major concern for anyone using a unique name on the web. And after all, isn’t that everyone?
Social media identity theft is the act of creating a blog or using your name on a social media site to model your day to day operations.
Whole Foods Market is the victim of social media identity theft. CNET reports the grocery chain said it’s continuing to clamp down on a series of Facebook-based scams that entice users with a purported $500 gift card from the Austin, Texas-based supermarket chain.
The scam has been spreading virally through Facebook via fan pages with names like “Whole Foods Market Free $500 Gift Card Limited – first 12,000 fans only” and “Whole Foods FREE $500 Gift Card! Only Available for 36 hours!”
At any time someone can register domains or social media sites which misrepresent your brand. They then sell counterfeit products, or worse, products that they never ship, either of which can wreak untold damage on your brand. That’s one of the reasons a service like Knowem’s is so valuable, in that it protects you from brandjackers and namesquatters that may attempt to scoop up your name on social media networks.
Someone posing as another in any shape or form is an imposter. However today there are financial repercussions when someone poses as you, or if you are in business, posing as your brand. Most of us live lives where we have standards, morals and integrity, and we work to maintain our position and status in society.
So imagine some undesirable coming along and squatting on your name or brand and acting as if he were you, and in the process actively working towards tearing down your name or brand. Why? Maybe your customer service department was less than efficient in handling his claim. Maybe the identity thief is your competition and finds it “fun” in tearing you down only to make himself look better. This is business social media identity theft.
It really doesn’t matter why. What matters is “how” and how to prevent it. How, is, they simply subscribe to the hundreds of social media sites and blogs out there and gobble up your brand and create a persona that is you.
From there they act as the puppeteer pulling the strings. And good luck getting the social network to pull down the stolen site. Your best bet is registering all your names, domains and brands so nobody else does.
April 21, 2009 · Filed Under Announcements, KnowEm News · Comments Off on New Website Protects Usernames From Social Media Identity Theft
KnowEm.com (http://knowem.com) launched a new web service today which monitors hundreds of popular websites for social media identity theft. By entering a username, which can be a brand name, internet identity, or vanity URL, KnowEm.com allows you to instantly monitor the availability of that username on over 120 popular social media websites such as Twitter, MySpace and Digg.
“Social Media identity theft is the modern form of domain name squatting,” says KnowEm co-founder, Barry Wise. “10 years ago it was a race to get CompanyName.com. Today it’s a race to secure a brand name on sites such as Twitter, which is quickly becoming an amazing tool for both brand transparency and customer service.”
A quick check today revealed that some of the biggest brands in the world have still not secured their account name to protect their brand from identity theft. For example, Google (NASDAQ:GOOG), Pepsi (NYSE:PEP), Microsoft (NASDAQ:MSFT), Exxon (NYSE:XOM) and Citigroup (NYSE:C) still show that dozens, and in some cases over 80%, of popular social media websites still list their brand names as available account names.
It’s not just major media brand names that have dropped the ball — many celebrities have not secured their online identity either. Ashton Kutcher and Oprah Winfrey’s recent exposure on the popular new microblogging service Twitter.com has shown that celebrities are taking interest in using social media as a vehicle for PR and communication. But as of today their Twitter screen names, @aplusk and @oprah, are still both available on almost 90% of other websites on KnowEm.com’s list.
“The time is coming when online reputation management is critical even for normal citizens. You would be surprised how many companies are now using Google to see what a prospective hire has about them on the internet,” says Knowem co-founder, Michael Streko. “It is just too risky to let your name fall into the hands of someone else.”
KnowEm not only monitors to see if your username is available on 120 sites, it also offers a commercial service which will register your brand or username for you. For $64.95 you can secure your identity on over 120 different social media websites. For an additional $9.95 per month, they will also continue to monitor new websites and register your username on them as soon as they launch.