Slashdot Mirror


ID Theft Made Easy

chiagoo writes "You may remember that 70% of the time, people will reveal their passwords for chocolate. Well, at this year's Infosecurity Europe, it was revealed that 92% of the 200 attendees surveyed would gladly trade enough information to steal their identities for a chance to win theater tickets. Social engineering at its best. Why spend time writing bots and rootkits when people will give you what you want for a piece of candy or a ticket to see The Pacifier?"

6 of 435 comments (clear)

  1. Information is king. by Dimentox · · Score: 5, Insightful

    Personally I think that most people are not aware that the information that they are giving could be used in that way. The problem is that our personal information has become more and more frequently asked. I remember back years ago when you could actually refuse to give your SSN but now your SSN has become a more Unified Personal ID number. This in itself is a shame. People need to be educated about what information should be given. With the article there I am sure there are quite a bit of people who actually use social engeneering to gain what they seek. But there are the other ones who would rather do things anon. What have you all done/given to win things? I know that when i refure to give out my information they usually say they cant give me what I won. It really makes you question what this information they gain is being used for when you win something. I am sure it goes into some marketing DB somewhere that the company uses. But one can never be sure or safe. My X Wife one time had identity theft happen to her and it was a major hastle for us to sort it out. Though we have no idea how the information was gained. Let me tell you tracking down where the information was gained is close to impossible.

    --
    string sig = llGetSig("dimentox"); llSay(0,sig);
  2. Re:No matter how careful you are, you aren't enoug by tehcrazybob · · Score: 5, Insightful

    How about the gas station that writes down your license plate information when you purchase gas w/o paying at the pump. It's just for their economic safety they say. Do you know how much information you can get on the owner of a car from their license plate?

    They can get very little, actually, without access to police computers. Even if they could, it's no different from just driving around. You proudly display your license plate to hundreds of people each day. In light of this, it's not very easy to get much information from them, and it requires police cooperation. That gas station doesn't punch in the plate and go vigilante on you, they call the police and give the plate numbers to the police.

    The gas station writing down your information is totally different from someone scanning your ID. Scanning your ID is a much more private process, and it requires your cooperation. However, anyone can write down a plate number. It's not even remotely the same, and it's definately not a security risk.

    --
    Computers need to explode more often.
  3. I would definitely give out my password... by sssmashy · · Score: 5, Insightful

    and other personal data, just for a bit of candy. Heck, I'd do it for free. I just wouldn't give them the correct password. I'd also make sure that the personal data I gave them was total BS.

    So how do we know that the seemingly credulous participants in the survey weren't lying?

  4. Re:No matter how careful you are, you aren't enoug by phauxfinnish · · Score: 5, Insightful

    In this society, we use various forms of identification for various reasons. Go ahead and get mad at a gas station clerk if you want. If they arn't writing it down then your plate is on tape. Privacy is one thing, but your licence plate is there to PUBLICLY IDENTIFY you. That is its purpose. The poor guy would lose his job if you drove away without paying for your gas, not to mention that everyone would have to pay more for theirs.
    A driver's license it there to privatly identify to those you show it to, a choice you make.
    Your social security number should not be used for identification except to services (taxes, social security) that require it.
    If you are mad that too much information is available to someone just by your license plate, fight to change what information is linked to it, don't get pissed at some schmuck for writing down a number that is plastered on both ends of the outside of your car!

  5. Re:Any good info though by dnoyeb · · Score: 5, Insightful

    The problem is not with the people. The information they give out _should_ be giveoutable. The problem is with the system that allows such simple information like a drivers license number allow someone to take your identity.

    Its unreasonable to expect people to keep something private they are required to give out so frequently. It don't make sense.

  6. Re:Any good info though by MankyD · · Score: 5, Insightful

    But that's where it gets interesting. Take an American Social Security Number for instance. Technically, no one but the government can require you to give out the number. Workplaces, however, often ask for it, when applying, so that they can fill out government income tax forms. Health care facilities often ask for things like medic-aid and medicare.

    All someone has to do is convince you that they need that kind of information, regardless of the truth of the matter. There is a famous saying (that I'm about to butcher) in the security world: there should always be three factor identifcation - something you carry (like an id), something you know (like a password), and something you own/are (like a fingerprint or dna). While the first two are in place, with driver's licenses and maiden names and what not, there is no widespread biometric database. And we all know how keen slashdotters are on that ;)

    --
    -dave
    http://millionnumbers.com/ - own the number of your dreams