- 1 How Online Identity Theft Has Grown
- 2 Which Freelance Job Sites Are Safe?
- 3 Closing Comments
The online freelancing industry is growing at a rapid pace. Much of this is due to the fast growth of Upwork, a company that merged with eLance while operating under the oDesk brand.
Upwork’s goal is to transform their annual revenue (the amount their freelancers bring in) from $1 billion to $10 billion in six years.
That growth is very possible, but it requires new freelancers to come on board.
And that certainly seems like a theme in recent years …
$3.2 BILLION earned by freelancers online in 2014!
Of that $3.2 billion, approximately $1 billion comes from Upwork alone. They claim to be able to increase revenues dramatically. The CEO of the company, Stephane Kasriel, stated in the article above, “I predict they will earn $10 billion annually via Upwork within six years.”
An alarming stat: 53 million Americans are self-employed, that’s 34% of the country’s workforce!
Unfortunately, we see both sides of this story …
While it’s ‘good for business’ as the saying goes, it’s bad for the people involved in certain ways also.
Particularly, far more people have to protect their identities in different ways now because they have taken the leap to work online. According to the Bureau of Labor Statistics reported only 1 in 9 Americans were working for themselves in 2009. In just five short years, this value literally tripled!
So naturally, we are concerned about the risks many freelancers, especially newer ones, have taken in recent years. And more so, we truly want every new freelancer to know 100% what to expect because it’s a dog-eat-dog world on the Web and no one deserves to be an innocent victim.
Now let’s dissect the subject further …
Back in 2005, the Better Business Bureau ran a limited study (4,000 consumers) to see how many were victims of online identity theft. It was found that roughly 11% of the group were, while the vast majority of victims were targeted through dumpster diving and telephone scams.
This is back when the FTC guesstimated that around 3.2 million Americans were becoming identity theft victims annually. So the stats have jumped a whole lot in general, but having the Internet as a parallel universe doesn’t help.
Here’s the kicker … we now have approximately 15 million victims a year.
This is a five-times increase on the number of identity theft victims just a decade ago. The percentage of attacks happening online has also gone up a lot — a big reason for this is because of the massive data breaches that have taken place. It just takes the wrong database to be compromised and then suddenly millions of Americans have their sensitive information out in the open.
Whether you are a graphics designer, a software developer, a writer, or anything in between, your information is naturally exposed. The same is true even if you’re just someone who shops online for gifts every once and a while. So you need to be careful, and there are things you must know … but we’re going to help you with that now!
And the very first step, before it gets overlooked, make your Facebook profile not show up in search engines … this will eliminate a lot of personal info and photos from getting revealed. Do this right now!
Know This: Your Online Accounts Reveal Too Much
Fraudsters know if they breach your accounts, personal identifying information will be there. If they just get into your email, it takes minutes to do a ‘Forgot My Password’ request on one of the many sites you have used. If they get in, your account information will reveal data like your full name, your mailing address, and possibly even your banking details.
And that ‘Forgot My Password’ trick has been going on for many years. Still a good 1-5% of Facebook users can be hacked with this technique. All the fraudster has to do is take your Facebook URL and try to sign in, but then select the forgotten password option. If your security settings are set up to ask a security question, you better hope you didn’t answer this obvious one like many did …
If your account is older, you likely had to choose a security question and answer it.
Make sure you do not have any exploitable entry point through your Facebook account or via any other social media accounts.
Furthermore, make sure you haven’t been hacked already!
Sometimes your accounts can get compromised without you even finding out. Other times, your details are publicly exposed but they have not yet been used for bad. This usually happens when a database gets hacked and the information gets ‘dumped’ on a forum or in a private transfer. Your information sooner or later ends up in the hands of someone that plans to use it for identity fraud purposes.
So what you need to do is check to see if any of your email addresses have been compromised already. This means figuring out whether your email was included in any particular data breaches. The best way of doing this is via HaveIBeenPwned.com which will tell you where they got the information and what data was compromised.
All you have to do is enter your email address or username!
If they win the information battle the fraud becomes profitable every time. The success rate is low when targeting the general population through silly hacking tactics or by going through data breach password dumps. The latter is a pretty easy way for an attacker to backdoor you; there were well over 300 database breaches in 2015 alone!
Of course, you should be evaluating the safety of all your online accounts.
So take the time to go through each site you have an account at, one-by-one, and see what all is stored there. Make note of it so you know where you have released your information to as this will help if you get targeted.
Every site has at least a few security settings, some more than others …
When it comes to freelance job sites, they are a little funky. Some let you just show your first name and the initial for your last name — while others require you list your full name. Your city might be shown by choice, by force, or not even mentioned; sometimes profiles will just show up with the country of the user.
Regardless of what changes can be made, it is important to know your options. So find out the things that you have to reveal to everyone, or to just users on that site. But make sure to limit what you show as much as possible. Although, not to the point that it hinders your career — for instance, you might still want to use a head shot of yourself so you can qualify to be a Top Rated user at Upwork. The same circumstances would apply at many other sites also, and in generally it looks more professional when there’s a face behind a name.
So the problem is you are giving fraudsters all the tools they need. But if you put up barriers wherever you can, they might skip past you and look for an easier, more rewarding freelancer to target.
Dig through your accounts and see what you have locked down and what you cannot control. But to make a real difference, go a step further by assessing the information about you that hackers could find once they’ve accessed your account.
Furthermore, try to delete any accounts that go inactive. If your information is no longer stored there, it might be overlooked if their databases get hacked. This helps more so for the fact that it could block a random password dump finder from breaking into your account and seeing more than just your user and password.
Assume This: Your Identity Will Get Stolen
Its the nature of the beast though, if you want to be a good writer you need a pretty bio with a headshot. Your byline has to have your name, and from there the rest is easily researched. If you apply at any job sites, you would have given your information along the way. Not to mention, anything that got transmitted through email along the way.
If an identity thief wanted to attack someone, clearly an online freelancer would be a good target. Do not stay ignore to the fact that your identity could be stolen — if you aren’t safe, it WILL happen to you!
Don’t make the same mistake …
What was the end result, you asked? LifeLock was fined $12 million by the FTC for the ad’s deceptiveness, as his identity ended up getting stolen successfully for fraud 13 times!
It could happen to anyone honestly, and a freelancer’s profile looks the same as that ad to an identity thief!
Now that you think it is likely for your identity to be misused, start taking the preventative actions necessary to reduce liability if it does happen. First, put up a huge barrier by stopping them from committing new account fraud — by placing a security freeze on your credit file. That way, the fraudster will only be able to defraud your existing credit accounts and not actually set up new ones with new lenders.
Do This: Boost Password and Internet Safety
Now is the time to slow down and see what types of security weaknesses you have created over the years.
Password protection: Are you using the same password at multiple sites? If so, change that so you have a unique password at each and every site. Hackers can still break into certain site accounts by back-dooring through your email, but then you will know your email was compromised. If you have a unique password at each site and only one account gets compromised, it’s possible that security breach occurred on their end instead.
You can use a password manager tool to simplify the password safety process.
LastPass is a good one that can be used for around $10 a month, most other paid options are around the same or a lot more. You are better off making the investment, especially if you can write it off anyway, because the free ones will just end up increasing your lack of security.
However, the best thing to do is just create unique, lengthy passwords you can easily remember. For instance, everyone can remember a password like ‘bestbaseball’ but ‘1Best2BASE3ball’ isn’t too much harder to memorize. Yet the different is drastic when it comes to protecting yourself against someone trying to crack your password with a brute force hacking tool.
Email safety: This stems further than just making sure your email accounts stay safe and secure. You have to be cautious about what is transmitted through your emails. Remember that whatever you send could stay on the recipient’s server or in their online inbox for years to come. If their account ever gets compromised, it could lead to your identity getting stolen and defrauded.
You can mitigate these risks drastically by only transmitting sensitive data by email with larger corporations, and just when it’s absolutely necessary. Further, delete any emails containing sensitive information as you notice them and make sure your messages never get backlogged.
But what’s really dangerous to expose is your payment info …
Many online freelancers have to outsource certain parts of their projects. If this happens to you, it could lead to credit card payments being made to cover the cost of any products or services ordered. This payment information then falls into the hands of whichever party received the payment. They might not have a whole lot of reputability to show.
You can avoid this issue by making payments with a pre-paid credit card. This is the simplest solution available.
Remember to be careful where you use your credit card anywhere on the Web. If you’re shopping at a smaller e-Retailer and they offer credit card checkout via PayPal, definitely do that to increase your protection. This is essentially the only safe way to pay with credit cards on various websites.
Remember: Your Freelancer Profiles Must Be Secure
We talked enough about how to protect your accounts from revealing too much info, right now we’re getting at another point …
You Could Be a Victim Already!
Sometimes identity fraud happens online and it just goes unnoticed. This is a common case in the freelancing world, where it’s common for a freelancer’s profile credentials to get stolen.
In fact, it is not uncommon for an attacker to go as far as to steal a picture of their victim for the purpose of building out their own freelancing profile. From there, they might do the work themselves and enjoy the higher pay rate or they could outsource it and scalp the profit. Sometimes the attacker is even ballsy enough to use the victim’s real name!
A quick and simple way to make sure your identity stays safe online is by doing frequent reverse image searches on your profile pictures. Any image used on your website or any account profile should be searched this way. It will show if the image is being used on any other indexed pages on the Web.
You would be surprised how beneficial this could be, the image request method could’ve tipped this copywriter off sooner. In her case, the attacker took an image of her, previous work details, and other profile info to build a freelancer bio elsewhere and then worked as her for many months before getting caught.
If you want to simplify the process, Google and FireFox let you right-click and select an option to search for the same image on the Web. If your image has been used anywhere without major modifications, you will be able to find out.
Are Freelance Job Sites Really That Dangerous?
Okay, so freelance websites aren’t all that bad and we hope we do not steer you away from a good honest living. These platforms open the doors for anyone and everyone to market themselves on the Web. If you have a valuable skill, you will be able to work from home without ever worrying about whether new projects will come.
And the truth is these websites do what they can to safeguard their users. Some just do not have the funding and knowledge necessary to best protect the information they take on.
However, even eBay customers are exposed to significant identity theft risks — their identifying information gets revealed to every seller they deal with. Yet at Upwork, they only get your full name and city; although with the right social engineering tactics, you could still get targeted.
So you need to know where to draw the line. Don’t let someone scam your identity out of you!
“There’s a house down the road from this mansion for $50,000 but you need to buy it today.”
How would you react to something like that?
Of course it is a scam. Same as the heavy ‘surround sound system’ boxes full of cement that get sold out of parking lots for cheap. So if it’s so obvious, why fall for it?
What we mean is this:
- If there’s a job posting that sounds too good to be true, it probably is any you will want to be more hesitant and dig for more information before trusting it.
- If it’s not a known business and they want your full resume, they might be asking for too much — evaluate how trustworthy they seem, research the company before corresponding further.
- If the client has already interviewed a high number of people for the job, it’s likely a scam of some sort and it’s best to just avoid these job postings.
- If the client is a new member to the site, or if they haven’t spent very much yet, any highly lucrative job postings should be looked at with hesitance.
Use some common sense and filter out any high risk work opportunities. There’s always another client or gig around the corner.
Which Freelance Job Sites Are Safe?
We recommend that you stick with the more well-known websites. The ones that have withstood many years in the industry already. This would include names like these two:
Until recently this site only allowed for low-paying offers to be posted, but now freelancers can customize what they offer into the $100’s so its actually a place worth signing up at.
If you do, filter any of your current clients through Fiverr at first to build up attention on your gig posting or else it will go unnoticed forever.
But overall, your identity is pretty safe here and you can use random images and a custom username so any public pages aren’t so data-sensitive.
This is the number one freelance website of all, and it’s likely where you will find the best-paying jobs as well. Even better, there are new jobs posted every few minutes in most categories.
You are able to see how much each client has spent in the past, as well as written feedback about the client instead of just the freelancer.
Overall, many freelancers find it acceptable to just stick with Upwork only and this might also work for you.
Then you have niche freelancer sites as well …
By niche sites, we are talking about places like iWriter.com — this is a website that lists available writing jobs for writers to grab and complete.
They are big in their niche, but not large when compared to general freelance websites. Since they are a leading provider in their own right, they do garnish some respect; you will find dozens to hundreds of paid writing sites that should not be trusted so easily.
But it’s harder to examine many of the niche freelance sites that are a big smaller or just starting to grow.
Do Some Background Research before joining a job site:
Here are some things you will want to think about …
- Search with the quotation marks for, “siteurl.com” in Google and, outside of the quotations, try various keywords like ‘scam’ and ‘reviews’ to see what people have said about the site.
- Look for comments from real people about the site, by searching for the site name in Google and adding the following parameter, “inurl:forum” without the quotation marks.
- Check for any reviews on the Better Business Bureau (BBB) website. Pay attention to the nature of any previous and/or present BBB complaints and observe how the business handled them.
- See if any real freelancers have proudly mentioned they have done work on that site before. One good way of doing this is by searching to see if anyone has listed it as work experience on their LinkedIn profile.
But for the most part, you stick with one of the major job sites and you will be fine.
If you are struggling to find work, you might need to go back to the drawing board and re-market yourself. It can be hard to build a reputation up at first, so the jobs won’t be flying right your way immediately. But after you have a respected presence at one of the top sites, like Upwork, quality clients will come flocking to you. The same is often untrue when dealing with smaller work sites that appear to have lucrative earning opportunities.
Keep Track of Clients and Freelance Sites You Deal With
So you have to be careful about how you do business at them. If you do sign up at any of these sites, make sure to make a note about what information you gave them, when and why. You can do this by recording an ‘Activity Log’ of your released information.
We cover how to make an ‘Activity Log’ in ‘Identity Theft Risks While Working Online and How to Stay Safe‘ so give that a quick read also.
Further, we suggest you steer clear of offering your services through forums for the meantime. This is fine if you have a website set up with its own payment portal. But a direct communication and transaction managed through messaging on the forum and paying right into your PayPal is not an ideal arrangement.
Do More to Get Involved in Your Safety
There are things you can do to get active about protecting yourself online.
Here are five things you should consider right now …
1. Set up reverse image search alerts
If you ever use your images on the Web in any of your freelancer profiles, you definitely want to keep tabs on your personal images. If you want to do manual searches, Google is the easiest tool — just right click the image from your online profile and select ‘Search Google for image’ to see if any copies can be found.
Google Alerts does not currently accommodate reverse image searches, but when they do it will be your best option for sure.
An alternative provider, TinEye, is currently working on the BETA release of a TinEye Alerts image tracking tool which will be the perfect solution once it releases. You might find them to be a worthwhile alternative to Google’s reverse image search as they look for adjusted images also. If the resolution is different or if there have been minor modifications to the image, you will still be able to find the copied version through TinEye’s search engine.
2. Create an ‘Activity Log’ tracking sensitive data releases
You want to keep track of any and every instance where your sensitive information is released. This will get a little extensive, but it’s worth it in the end. This is the one case where a form auto-filler would make sense, you could see a complete history of instances where any identifying information was entered.
So keep track of everything — where you sign up at, who you invoice, the places you shop, and so on, so forth.
Your activity log should look something like this …
|Corresponding Company||Information Released||Date Given||Notes|
|PayPal(PayPal.com)||Full name, date of birth, email, mailing address, credit card numbers, bank account information.||01/25/2016||Information provided to open an account.|
|Upwork(Upwork.com)||Full name, date of birth, email, mailing address, PayPal email address.||01/25/2016||Information provided to open an account.|
|Target(Target.com)||Full name, email, mailing address, credit card numbers.||02/12/2016||Information provided to purchase gifts.|
|Upwork(Upwork.com)||Bank account information.||02/24/2016||Information provided to get paid by ACH bank transfer.|
|Private Client (#NAME)
|Full name, email, PayPal email address.||03/03/2016||Information provided to receive a payment.|
|SEO Website Private Job Application
|Full name, resume containing mailing address, phone number, PayPal email address.||04/09/2016||Information provided to small SEO company to potentially join their team.|
Now there’s one more difference you must apply!
3. Create an ‘Activity Log’ tracking all the information publicly available about you
You also need to make a log of the information PUBLICLY available about you on the Internet.
This includes stuff from your personal pages (social media), your work profiles (freelance sites), and even from local directories (like 411). Basically, make a list of any and every piece of information, or ‘connecting dot’, can be found out about you with just a little effort. You can bet a fraudster will collect all this data at once to pair it with any other sensitive information they find on you.
Anyway the public information log will look like this …
|Website / Location||Information Released||Date Publicized||Notes|
|#URL of Upwork.com profile||Full name, face image, work history.||06/06/2015||This profile is only visible to other members of Upwork, and it’s not present in search engine results.|
|#URL of Facebook profile||Full name, various personal images (changing), current city, city of birth.||08/12/2015||The security settings were changed on 12/12/2015 but a cached copy of the old information and public images can be found in Google still.|
|#URL of Twitter account||Full name, portfolio website URL, Facebook profile URL, current city.||09/29/2015||This Twitter account is set to private, meaning only those who I choose to have follow me can see my personal data — except my full name and profile picture.|
Okay, it’s a big pain in the butt … and these things aren’t static, the images and information available will always change with time. And there are ways to dig up old data and images from years back, even after they are removed from the Web.
If you skip the public information activity log it’s okay, you can still backtrack later on to see where all your information has been exposed along the way.
Next, you should definitely sign up with The Freelancers Union and become a union member.
4. Copyright any of your non-contracted writing work
If you are working online as a writer, or if you purchase any content, you might want to take the leap and get it copyrighted. This will protect you from having your work stolen from right underneath your nose. You can go through the U.S. Copyright Office directly to file for possession of your content.
It might sound bizarre, but one’s creative work often does get stolen for one reason or another. In fact, it happened a lot with eBooks which were taken from one source and reproduced to sell on Amazon right after. There would be no real differences between the two copies, yet the fraudster would usually get away with it as the stolen copy would rarely get noticed.
If you have your creative content stolen, you then have to go through the steps to get fraudulent copies off the Web. If it is an eBook in particular, you can get Amazon to remove it first — any of their resellers will follow suit, leaving just the remaining websites to report. When doing this, you can also report through Google to have the page de-indexed. If you have copyrights on your work, simply send a DMCA request to any offending sites to have the content and/or images removed and the issue should get resolved easily.
5. Join as a member of The Freelancers Union
Go to www.freelancersunion.org to become a union member.
This will entitle you to the following privileges:
- The ability to network with others in the Hives Community,
- The chance to get access to member-only discounts,
- The exclusive opportunity to participate in events all across the U.S., and,
- Their comprehensive benefits package for freelancers.
That last part is invaluable, especially considering one of the biggest problems for freelancers is the high cost of getting sick or injured. If you want to know you’re protected in the event of a health crisis, having coverage through The Freelancers Union will be worth its weight in gold. You will get dental, disability, individual health, liability, term life, and travel medical insurance benefits by signing up.
Furthermore, you will be able to get very specific advice on how to stay safe as a freelancer from other users here. They have been through it all, and some of them have even had their identities stolen online before.
So after you join up, just make a post in their forum for some advice on how to best protect yourself. Or comment below and we’ll assess your specific situation to give some tailored advice.
Don’t Forget About Your Computer Safety
It is not just about how you can use the Internet. There are many great ways to be careful online, and to be sure not too much of your information gets exposed. But this is all useless if a hacker can just break into your computer, steal your files, and log your Internet sessions and conversations in real-time.
So you need to make sure you keep yourself generally safe when using your computer. This means having a firewall in place, a quality anti-virus program installed, and maybe even a toolbar plug-in to watch out for malicious downloads, installs, and etc. Further, you might want to stick with Google Chrome for browsing as it is generally the safest browser around.
If you plan to keep a log of all your accounts, messages, and/or transactions, likely for accounting purposes, then invest in an external hard drive. You can transfer the files into the hard drive and delete them off your computer afterwards.
An alternative to this would be copying everything over to cloud storage, but if your computer is compromised there’s a good chance your cloud storage could be too. Of course, if you can use 2FA security (2-factor-authentication) this will be a non-issue and cloud storage could serve as a good backup also.
Either way, you want to keep as little sensitive data on your computer as possible at any given time. You will also want to make sure not to download or install anything for personal entertainment purposes on your work computer. Dedicate a separate device just for your online working and communication — that way, any risks are left at the router / IP level.
Of course, you will need to make sure your Internet connection is also secure. This is a whole different topic and will take some specific research. If you have any concerns over the safety of your Internet connection, you can dig into this topic further — it’s more so important when you have administrative access to any of your client’s back-end systems.
If you plan to make money online you need to always stay ahead of the game. You need to be the best service provider in your niche or else others will score all the good projects. No matter what field you’re in, its still important to know how to approach any opportunity online. The unfortunate truth is that the safety of your identity is a big part of that; if you are ignorant to the risks, you will definitely become an identity theft victim at some point.
So step up and secure your online credentials now, before it’s too late!