ID Theft Made Easy
chiagoo writes "You may remember that 70% of the time, people will reveal their passwords for chocolate. Well, at this year's Infosecurity Europe, it was revealed that 92% of the 200 attendees surveyed would gladly trade enough information to steal their identities for a chance to win theater tickets. Social engineering at its best. Why spend time writing bots and rootkits when people will give you what you want for a piece of candy or a ticket to see The Pacifier?"
No matter how many privacy "protections" there are, it won't stop people from volunteering their own personal information.
But you wouldn't be getting theater tickets now would you, seeing as how they need a real address to mail the tickets to.
-dave
http://millionnumbers.com/ - own the number of your dreams
Personally I think that most people are not aware that the information that they are giving could be used in that way. The problem is that our personal information has become more and more frequently asked. I remember back years ago when you could actually refuse to give your SSN but now your SSN has become a more Unified Personal ID number. This in itself is a shame. People need to be educated about what information should be given. With the article there I am sure there are quite a bit of people who actually use social engeneering to gain what they seek. But there are the other ones who would rather do things anon. What have you all done/given to win things? I know that when i refure to give out my information they usually say they cant give me what I won. It really makes you question what this information they gain is being used for when you win something. I am sure it goes into some marketing DB somewhere that the company uses. But one can never be sure or safe. My X Wife one time had identity theft happen to her and it was a major hastle for us to sort it out. Though we have no idea how the information was gained. Let me tell you tracking down where the information was gained is close to impossible.
string sig = llGetSig("dimentox"); llSay(0,sig);
TFA: Last year, people at a transit station gladly gave up their passwords for a chocolate Easter egg.
What passwords? Did they check them? This doesn't sound too credible.
Tsunami -- You can't bring a good wave down!
How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump. It's just for their economic safety they say. Do you know how much information you can get on the owner of a car from their license plate?
They can get very little, actually, without access to police computers. Even if they could, it's no different from just driving around. You proudly display your license plate to hundreds of people each day. In light of this, it's not very easy to get much information from them, and it requires police cooperation. That gas station doesn't punch in the plate and go vigilante on you, they call the police and give the plate numbers to the police.
The gas station writing down your information is totally different from someone scanning your ID. Scanning your ID is a much more private process, and it requires your cooperation. However, anyone can write down a plate number. It's not even remotely the same, and it's definately not a security risk.
Computers need to explode more often.
and other personal data, just for a bit of candy. Heck, I'd do it for free. I just wouldn't give them the correct password. I'd also make sure that the personal data I gave them was total BS.
So how do we know that the seemingly credulous participants in the survey weren't lying?
In this society, we use various forms of identification for various reasons. Go ahead and get mad at a gas station clerk if you want. If they arn't writing it down then your plate is on tape. Privacy is one thing, but your licence plate is there to PUBLICLY IDENTIFY you. That is its purpose. The poor guy would lose his job if you drove away without paying for your gas, not to mention that everyone would have to pay more for theirs.
A driver's license it there to privatly identify to those you show it to, a choice you make.
Your social security number should not be used for identification except to services (taxes, social security) that require it.
If you are mad that too much information is available to someone just by your license plate, fight to change what information is linked to it, don't get pissed at some schmuck for writing down a number that is plastered on both ends of the outside of your car!
The problem is not with the people. The information they give out _should_ be giveoutable. The problem is with the system that allows such simple information like a drivers license number allow someone to take your identity.
Its unreasonable to expect people to keep something private they are required to give out so frequently. It don't make sense.
"Replacing a compromised retina scan is mighty difficult, however."
I'd rather give up my wallet in a mugging than have to fork over MY EYE.
Seriously, I have a feeling that biometrics will just be spoofed. I'm sure I read an article about Gummy Bears and foiling a finger-print scanner. As long as there are people in charge of information, social engineering will be able to cut through all of these countermeasures.
Tech News, Reviews and Tutorials
But that's where it gets interesting. Take an American Social Security Number for instance. Technically, no one but the government can require you to give out the number. Workplaces, however, often ask for it, when applying, so that they can fill out government income tax forms. Health care facilities often ask for things like medic-aid and medicare.
;)
All someone has to do is convince you that they need that kind of information, regardless of the truth of the matter. There is a famous saying (that I'm about to butcher) in the security world: there should always be three factor identifcation - something you carry (like an id), something you know (like a password), and something you own/are (like a fingerprint or dna). While the first two are in place, with driver's licenses and maiden names and what not, there is no widespread biometric database. And we all know how keen slashdotters are on that
-dave
http://millionnumbers.com/ - own the number of your dreams
I still have a bag full of old receipts with full credit card numbers I'm trying to figure out how to dispose.
Wait until winter. Burn as fuel. Stir around the ashes. Easy-peasy-lemon-cheesy. No need for cross-cutting shredders.
Wait.. Wait, forget I said that. As luck has it, I have a "data destruction" company. I've got some really advanced cross-cutting shredders, right here, siree! Just fork over your metric loads of privacy-sensitive information, and a few hundred bucks for disposal, and go and have a good night's sleep. And if people from the credit-card company call, saying some-one's been using your cards out-of-state, just remember they're most likely identity thieves trying to scam you into giving them your personal information. After all, all your data was safely destroyed....
SCO employee? Check out the bounty
Think system wide and find the real
flaw here. Are people really stupid
to provide a handful of facts about
themselves? Or are the banks stupid
to accept a handful of facts as
evidence of authorization to access
an account?
Seems to me this whole "identity theft"
is an exercise in blaming people for the
banks' failures. I haven't had my
"identity stolen" -- whatever that's
supposed to mean. No, the bank has been
tricked, defrauded into giving up my
money to someone who happens to know my
mother's maiden name. That's the bank's
policies hurting the bank's ability to
do its job -- keep my money safe. That's
not my problem.
Calling it "identity theft" and holding
me responsible for preventing it is just
an attempt to turn the banks' problem into
my problem -- one they are happy to help
me solve for a fee of $10 a month.
No, thanks, I decline to pay a monthly
fee to do the bank's work for it.