Be careful who you friend.

Identity fraud jumped 13 percent in 2011, affecting 11.6 million adults and raking in untold millions of dollars from unsuspecting victims--both online and off, according to Javelin Strategy and Research, a California-based financial services firm.

Social media accounted for a majority of personal data stolen or obtained through false pretenses.  According to Javelin Research, Google+, LinkedIn, Twitter and Facebook users were the most at risk.  Not surprisingly, users with public profiles--the accounts most accessible to would-be fraudsters--were the most forthcoming with personal information, such as birthdates, phone number, and data frequently used as passwords, such as children’s and pet’s names.

Over 5,022 individuals were surveyed through October 2011 and were asked whether or not they had been a victim of fraud and then such salient details as when they first discovered that their personal and financial information were stolen.  What researchers found was disturbing--the incidence rate for fraud jumped to 4.90 percent, an increase of 11 percent over 20120, despite improvements in data security.

Smartphone users were also at higher risk. Owners of iPhones and Androids were 33 percent more likely to be victims of fraud compared to the general population.  Behavior seemed to be at fault. Over 32 percent of smartphone users didn't update their operating systems, and a whopping 62 percent did not enable passwords on their phones.

Although fraudsters seemed eager to take advantage of Facebook and Twitter, the biggest paydays came from old fashioned scams as well as computer hacking. Victims of data breaches were 9.5 times more likely to have their personal identity stolen, compared to other forms of identity theft.

But according to James Van ***, president and CEO of Javelin Research, all is not bleak.

"While identity fraud incidence increased last year, it is becoming less profitable for fraudsters," Van *** said in a statement. "Consumers, the financial services industry, law enforcement and government are stopping fraud earlier and making new account fraud more difficult to perpetrate... Consumers must be vigilant and in control of their personal data as they adopt new mobile and social media technologies in order not to make it easier for fraudsters to perpetrate crimes."

But as consumers become more tech-savvy, hackers are keeping pace, accessing the personal information of users, even as corporations struggle to beef up network security.

Take Sony for example.  In 2011, the maker of the PS3 had its corporate information compromised three separate times by hackers allied with hacktivist group Anonymous in retaliation for a lawsuit against a hacker who published an exploit allowing users to run the Linux operating system on the PS3.

The worst of the three attacks, which took place in April 2011, affected nearly 715,000 users and shut down Sony's servers for nearly a month.  In a blog post, Sony alerted all 77 million of its users about the 'external intrusion' of its network, advising them to change their passwords and cancel credit cards.

In a class action lawsuit, gamers later sued Sony in a U.S. court, alleging that the company did not do enough to protect their data.  The case is ongoing.

But it's not just hackers who are gaming unsuspecting consumers.  According to a Consumers Union report released last month, almost 50 million consumers bought ID theft protection services from banks and corporations in 2010, accounting for $3.5 billion in profits from users subscribing to various services, including filing fraud alerts and removing personal information from marketing lists.  According to Consumers Union, many of these services are 'questionable', in many cases charging $100 to $300 for services that banks are already mandated to provide by federal law.

Approximately 1.4 million Americans were victims of identity fraud in 2011.  Yet marketers often exaggerate the threat.  In one notorious case, Chase implored customers to purchase its service, warning that ID theft was growing 'by an alarming 11 million victims each year' according to Consumers Union.

In Chase's case, much of their promotional material was either based on outdated or incomplete data from 2009--hardly current information.  Other companies, such as Wells Fargo, overstate the performance of their credit monitoring, claiming to be able to pick up new account theft such as the use of social security numbers and birth dates to generate income and commit crimes.  In reality, new account theft is rare, accounting for 765,000 ID theft cases in 2010.

 "We tell people to take the information seriously, but don't panic" Jeff Blyskal, senior editor at Consumer Reports, which authored the Consumers Union article, said in an interview with The New York Times' Alina Tugend Feb. 10.

But with identity theft a constant headache for households, staying calm is hard to do.  According to the Justice Department, of 8.6 million households surveyed at least one person 12 or older was a victim of identity theft in 2010, costing households $13.3 in lost income. 

Meanwhile, Javelin Research is offering tips and tricks for consumers who want to protect their data.

"Keep personal information private," Javelin's report warned.  "Be careful about publicly exposing personal information that could be used for authentication, like full birth date and high school name.  Use mobile devices responsibly, and report problems immediately."

With over 42, 951 individuals surveyed over nine years, Javelin's identity fraud reports are some of the most comprehensive in the industry, examining not only the impact of identity theft on consumer behavior, but  online and offline identity theft trends.