Thursday, February 12, 2009

All those facebook notes... new kind of phishing?

So, you see, all these "notes about me" popping up on facebook... like this one of mine (you'll have to log into facebook to see it, and you might have to make me your friend if I'm not already, too!)... are they really just a new, well-disguised method of phishing for personal info?  I mean, the one about me, it asks your birthplace.  Now, how many times have you been asked "place of birth" for one of your "forgotten password reminder/reset" questions when setting up an account for something?  And I saw one a little while ago (haven't done it myself), something like "the name game" or something, that subtly asks you to post info like:
  • mom's & dad's middle names
  • first pet
  • street where you grew up
  • current pet
  • favorite color
And so forth.  All cleverly disguised, such as like this (I'm only posting a few more pertinent ones, not the whole list, and I've removed the answers from the list for privacy reasons):
2. WITNESS PROTECTION NAME: (mother and fathers middle names)
3. NASCAR NAME: (first name of your mother's dad, father's dad
5. DETECTIVE NAME: (favorite color, favorite animal)
6. SOAP OPERA NAME: (middle name, town where you were born)
7. SUPERHERO NAME: (2nd favorite color, favorite drink, add "The" to the beginning)
9. STREET NAME: (favorite ice cream flavor, favorite cookie)
10. PORN NAME: (1st pet's name, street you grew up on)
13. YOUR GOTH NAME: (black, and the name of one of your pets)
So... combine that with some of the ones from the note I posted (eye color, hair color, place of birth, do you wear contacts, how did you meet your spouse)... and you start to have a lot of personal info, info that you may be using as "password reminders" or "password reset verification" questions/answers on your bank account, your mortgage account online login, your credit card account, your e-mail account, who knows what else.  Sounds awfully "phishy"* to me.

All I'm saying is be careful.  Careful what info you advertently or inadvertently make available online.  All it takes is a little time and patience by "collectors" to be able to put together something that defines enough info to steal your identity.  (E.g., although you may not think it's such a big deal if someone gets access to your e-mail account, what if they have a "password reminder" or "password reset link" sent to your e-mail, then intercept that password reminder/reset?  Suddenly the "minor" inconvenience of a compromised e-mail account becomes a major liability!  And while you may think, oh, I'll just close down that e-mail account, how tough will it be for the determined hacker to re-open the account before you manage to change all your online account settings to your new e-mail account?)

Yes, it's nice to be able to share the info between friends and acquaintances... just, please, be careful what you share.  And even though you may think it's innocent at the time of sharing, you never know when someone will put 1 and 1 together to get 2... that is 2 your accounts, 2 your identity, 2 your major inconvenience as you're trying to sort out the chaos that has come from completely innocent information sharing.

*phishing (per wikipedia): the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. 

1 comment:

Christy said...

I thought I left a comment here already. Oh well. I don't remember what I said, so it must have been a lie.