This is a true story, the names and locations have been changed to protect the innocent.
Some time ago I was on a social networking site called, I'll say..."Clocknovel," checking out posts and keeping in touch.
I came across a business post, which I thought was a excellent marketing idea. It was a picture of a nice person holding a sign, which stated.
"Tell me your birthday !"
The picture came with a goal of every day of the year being represented. Quite a smart idea, its personal, and gets people involved with a simple question everyone can answer. Using a picture to ask the question is genius, especially in todays post and text message world, the less you need to read the better. With 500+ comments the post was driving good traffic compared to the less than 100 comments a normal post would get.
At this point there is no harm done. Yes, some will say not to give out your birthday, but in today's world hiding your birthday is unrealistic because finding a person's birthday is too trival. The next post a week or so later changes everything.
About a week or two later the same business post another brilliant picture of a nice person holding a sign worded.
"What city and state were you born?"
The goal was to get every city in the state represented. With the same fundamentals as the previous post, this one was out of the park with over 11,000 comments last I checked.
So what is the big deal?
Your birthday and where you were born is a major step in identity theft. With a little effort someone can make a good guess the hospital you were born in and obtain a copy for your birth certificate. A birth certificate is gold for a long term identity theft, where someone on the other side of the country takes out loans posing as you. By the time you figure out what happened, it will take years and thousands of dollars for you to clean up the mess.
Whats makes this situation even worse is the simple fact that an attacker can correlate the two posts to make a list of at least 500 people to target. These people are quality targets because if they answered both questions, they are likely not thinking about protecting themselves from identity theft.
The kicker is when someone is successfully attacked, the likelihood of tracing the cause to these two posts on social media is quite low. The business will never know some was a victim of identity theft, especially if they are embarrassed of the theft. Plus, it would be 6 months to a year before someone is attacked and discover the identity theft, making it less likely to find two posts as the cause.
The marketing firm refuses to delete the posts.
I tracked the business down and found they hire a small marketing firm for their web presence. I contacted them explaining the situation they have created, and I gave them suggestions for other possible questions that are personal and might produce decent results. The response I got was excessively over worded so I'll sum it up in my own words,
These are the only two questions we ask that could be an issue, so there is no harm done.
Tips on avoiding identity theft.
When you search for advice on identity theft most of the results are recommendations after you have been a victim of identity theft. The Federal Trade Commission has good info.
Monitor your credit report from TransUnion, Experian, Equifax, and Innovis, Clark Howard has a good post to help: Free Credit Report Guide
In today's online world few explain what information need to protect. I got the list below from Top 16 Pieces of Your Information Identity Thieves Crave below are just the highlights.
- Your Social Security Number
- Your Date of Birth
- Your Full Name (including aliases)
- Your Actual Account Numbers
- Your Online Passwords (including usernames)
- Your Driver’s License Number
- Your Passport Number
- Your Banking PINs
- Your Mother’s Maiden Name
- Where You Were Born
- The Expiration Date or Confirmation Code of Your Plastic
- Your Physical Address (including previous ones)
- Your E-mail Address
- Your Telephone Number
- Where You Hold Financial Accounts
- Your Hobbies, Club Memberships, or Employer
The list above is extensive and some things you probably have out on the internet, so here is some advise I can add.
- Your date of birth is everywhere so I don't consider it as high as place 2 since so many people advertise their birthday on Facebook. If you must have your birthday public consider lying about at least the year or all together.
- Your mother's maiden name is becoming difficult to hide in Facebook so don't use it as a security question, in fact, use fake unrelated answers to all your security questions.
- A big no no is the ladies using a Facebook name with their birth name hyphenated, hide all your previous names
- Avoid personal surveys on Facebook and other places where you answer a bunch of questions about yourself. There are scams on Facebook that ask you questions which lead to an answer for the 16 above. Here is a link to several surveys. http://facebookcraze.com/category/notes-surveys-and-quizes/page/3/ Can you tell which survey has sensitive questions?
____________________________________________________________________________
Thanks for reading my post. You can find me at any the links below.
Facebook
Google +
Thanks for reading my post. You can find me at any the links below.
Google +
No comments:
Post a Comment