Sunday, July 19, 2009

How I'm going to use social networking to steal your identity!


I liked this article so much that I wanted to share it with you. Although I am a huge fan of social networking there are people out there that will take advantage of you and Ron really shows you how it could be done and it can really make you think! I look forward to your comments...

Sharon
LaMothe Services, LLC
http://lamotheservices.com/

How I'm going to use social networking to steal your identity!

Ron Shulkin
Chicago Social Networking Examiner


I think about all my trusted advisors in real life: my attorney, my doctor and others. There are questions that if posed by my insurance agent, I’d react by getting up from the table, letting him know it’s none of his business. But in the spirit of connecting socially, I easily answer these same questions in a Facebook quiz. It’s a cathartic release, a confession. Sometimes it makes up for the close mouthed, private way I act in real life. I know it seems great to “share” with others. And social network communities are the perfect place to dive in. Somehow sitting alone at the computer gives us license to answer some very intimate questions.


So the first thing I’ll do to steal your identity is find out everything I can about you. I can take a quiz, as apparently 34 million others did and with almost 200,000 fans, for “How Well Do You Know Me”? I’ll find out your birth date, where you were born, the names of your parents, your spouse, and your children. And I’ll find out their birthdates. I’ll find out your hobbies and your interests. I’ll see who all your friends are.


I’ll read “25 things you didn’t know about me”. I’ll know what sports you like, what your middle name is. I’ll know what your favorite stores are. I’ll figure out where you live by seeing where you shop. Your grammar school and your high school will be listed. It won’t be long until I find out the name of your first pet. Oh look, you used to have a space between your two front teeth!


I’ll read what Greek god you are, what Sex In The City character you think you are and who is your celebrity twin. Then I’ll figure out your childhood nickname, in what city you met your significant other, the name of your favorite childhood friend, the street you lived on in third grade. It won’t be long before I know your oldest sibling’s birthday month and year, the middle name of your youngest child, your oldest sibling's middle name, the school you attended for sixth grade, and your childhood phone number including area code. You’ll have listed your oldest cousin's first and last name, the name of your first stuffed animal and the city or town where your mother and father met.


Your MySpace or Facebook Info page will tell me your email address and your employer. The “Who Are You Related To” will tell me all your relatives. It’s great to know what cities you’ve visited, so when I start using your credit cards I won’t set off any suspicious behavior.


Somehow or another, one of the eight thousand eight hundred and eighty four Facebook quizzes that everyone’s taken will provide me with the answers I’m looking for.


Because your bank, your credit card, your school, your payroll company and your employer might ask these security questions, I’ll read your blog so I can find out the first name of the boy or girl that you first kissed, the last name of your third grade teacher, where your nearest sibling lives and your youngest brother’s birthday. After reading your blog, even if I don’t have a direct answer to any of the security questions, I’ll know enough about you to start making really good guesses.


On LinkedIn you’ve listed the name of your elementary / primary school and the city or town where your first job was. I can see your college history and even all the people who connect with you doing business.


Even without all this data I could probably figure out what your passwords are. Most people use the same password for every web site. Here’s the top ten according to PC Magazine:
1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)


Didn’t have to do any research for those. And the default password usually included from your vendor will also let me try: sun123, Cisco, Alcatel, Kyocera, McAfee and IBM. A surprising number of people never change the password from the default after installation. If it’s a six character requirement I can guess, and likely be correct with shadow or summer. Eight characters? Then desklamp or portable. I’m guessing people start looking around when they have to come up with a password quickly. If the password requires a number, it is almost always “1”.


But unless you’re using a combination of upper and lower case letters, numbers and symbols in a random order, I can either try a top ten favorite from above or dig into your (not very) private life and figure out your password. Or if I can’t figure out your password, I can answer the security questions that let me reset your password to one I like. Then you can’t get in, but I can.
My first step will be to break into your email. Most of us have had our email addresses for a very long time, so it is likely the password we used was a product of that time period. I signed up for my Yahoo email when it came out, probably a decade ago. I wanted to grab my name before other computer savvy “shulkin”s did. These were eras with less security concerns about password strength.


I’ll do this hacking into your email account late at night, so when the notifications of password changes come in, I can delete them before you wake up and check your email. Hopefully you’ll have a folder in your email system called “passwords”. That will make the rest of this identity theft easier. And if there’s anything good in your inbox, I’ll read them and mark them “unread” before I go.


Once in your email system, I’ll crack your credit cards and bank. I’ll answer the security questions to change the password, “in case I forgot it”. Then they’ll send that notification to the email address and I’ll delete those too. I’ll know what web sites you subscribe to, so I’ll go on eBay, Hoovers and all your other resources. This will let me know more about you, as well.


My next pass will be to get into your cell phone account. You manage it on line, so I can get that password with security questions. I can look up all the phone numbers you get calls from and to whom you call. These friends of yours might be my next targets. Maybe your girlfriend is using a combination of your first name and your birthday as her password. Worth a try. It will still be hours before either you or she wakes up.


So if you wake up one morning and all your credit cards are cancelled or you’ve bought some airplane tickets or a nice HDTV (and had it drop shipped to an address one door down from yours where I’ll be waiting wisely informed as to when with the results of the record tracking on shipping); if your cell phone has ordered a bunch of custom ring tones or if your bank has had most of its funds transferred to my favorite charity, you’ll know that you answered one too many questions on that Facebook quiz.


Some things are meant to stay private. When you get on Facebook, stick to reminiscing about high school.

No comments: