25 Random Things that Can Hurt You

Opening disclaimer – this post has zero relevance to offshore outsourcing, so proceed at your own risk ;) I put it here as this site gives me a chance to reach out to the audience I respect and hopefully stop some of people you know from hurting themselves…

A couple days ago a friend of mine tagged me with Facebook’s “25 Random Things About Me” chain letter; a day or so later another one of those tags hit my email. Naturally the topic came up in one of random office conversations, as it turned out I was far not the only one asked to write a few things just ‘cause our friends want to learn about us… The idea to write this post came up after David, one of my engineering directors, mentioned that responding to the tag can really hurt you.

“Just random 25 things!?” you might ask. Yes, very much so, and let me point out just a couple most obvious ways it could happen:

  • Identity theft or identity fraud. That is a common crime that can have substantial financial and emotional consequences. Having been the victim of one I can point out a few immediate consequences – ruined credit score, calls from collection agencies asking me for the money I never owed, police reports, back and force with credit agencies…
  • On-line fraud and direct theft, with money disappearing from your bank, investment account, IRA or 401k fund… Chances are that if you are reading this post you are using on-line banking and can imagine what could happen that if someone can get hold of your ID and password.
  • Well, if someone with bad intentions gets hold of your ID and password they can raise all kinds of havoc in your life even if steeling money is not their cup of tea – think about being locked out of your email, Facebook profile, strange post showing up in your blogs…

What is the connection between 25 random things and identity theft or loss of your password? It is much more straight forward than you might think.

Not too many people put their SSN or mother’s maiden name in the Facebook essays.. yet here are examples of random things I found in my friends notes and in public blogs:

  • I was born in town called Mars but that doesn’t make me Martian
  • I have no creativity – I called my first dog Spot
  • If I could I would move to Barcelona for the rest of my life

Doesn’t those remind you of password retrieval questions? “What city you were born in?”, “What was your first pet’s name?”, “What is your favorite city?”

Thank you for sharing that you snort when you laugh and even more so for giving me enough information to get into your bank account!

Another door which publishing private information opens to a malicious intent is related to the current methods of authentication. Before you establish your account with some secure systems they must authenticate you or identify that “you are who you say you are”. There is a method of doing that which is considered an acceptable standard in the healthcare and financial industries. It is based on asking you a number of random questions that apparently only you would know answers to – “What color was your 1993 Chevrolet Lumina?”, “What year did you graduate from the medical school?”, and so on. If you answer right say to 5 out 7 questions the system deems you as a match and grants you the access permission.

Thank you Dr. B. Raggar for giving me enough information to spoof you (pretend to be you) and sign up for electronic prescription system! Now I can finally get myself enough of a painkiller without begging for it.

Thank you, my dear friend Liz Wiener! Of course I would never hurt you! We had such a great time when we met once in Sugar Bawl… Plus knowing a few private things about you helped only slightly. Yet now with VPN access into the brokerage you work at should give me a few insights for my treading activities.

Please keep in mind – identity theft is usually a crime of opportunity, so you may be victimized simply because your information is available. And even if you are paranoid it doesn’t mean nobody is following you… especially if you are on Tweeter.

Closing disclaimer – my company specializes in software and services for the HealthCare industry, so most of us deal with issues of privacy and security on ongoing basis, most of us much more than we care to. I authored over 50 security policies and went through number of audits and scans. I am very sensitive to this topic and I might sound boring. Yet, this is serious. Please be careful which what you put out there. Avoid posting personal data in any public forums; attackers may be able to piece together information from a variety of sources over time, in case if you are still in doubt please take a look Guidelines for Publishing Information Online for authoritative opinion …

And please spread the word!

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

5 thoughts on “25 Random Things that Can Hurt You

  1. Thanks Nick. More often than not, I have seen people fall in the trap of unconsciously publishing information that has potential to sting them back. I think a lot of people have not yet come to terms with Digital Dangers.

  2. Thanks Abbas, i wish i could reach a wide audience, funny enough since posting this entry i received two more 25 random tags

  3. on behalf of Michael Walter (Linkedin)

    Interesting read, my fiance’ was talking about the “25 random things about me” email on facebook the other day. I’ve often wondered about these “authentication questions”. It seems that most of the information used to authenticate is pretty readily available regardless of some survey you might have done on facebook. I really believe that you cannot be afraid of technology and succeed in business today. But that statement needs to be tempered with common sense on the parts of the end user and IT.

    The gist being that people should understand how ubiquitous anything they post on the internet can become. But IT should understand that too and develop authentication methodologies that protect against it.

    I once had a credit report agency use detailed information from my loan history and credit history to authenticate me. I was impressed, the questions were a lot harder but I did feel a lot safer as a result. They had special access to that information to formulate questions though.

    So the real task is what information is so ubiquitous that everyone who needs access to it to formulate questions has access but yet so protected that it isn’t available to identity thieves?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s