Tuesday, November 6, 2012

Doofi and their financial information


I was going to make this part of our Doofus Of The Day series, but there are so many offenders that it would be impossible to single out the worst of them.  Nevertheless, it's worth highlighting the problem.  The Telegraph reports:

Jack has a new debit card. I don’t know him. I’ve never met him. But I’ve seen his card number and I know where he lives. With a little more digging I could have all the information necessary to steal his identity. How? Because Jack took a picture of his new plastic and posted it on Twitter, where it was then retweeted by @needadebitcard. The account, which popped up in May, retweets images of credit and debit cards uploaded to the social network. Its purported aim is to shame users into being more careful, with its profile reading: “Please quit posting pictures of your debit cards, people.”

The option to customise debit and credit cards with your own choice of picture seems to have been a catalyst for this kind of over-sharing. Searching Instagram reveals plenty of clear card images. It seems some people simply can’t resist proudly showing off their choice of design to the world without thinking about the potential consequences. Foolish photographs uploaded to Twitter aren’t ever likely to be the biggest source of fraud, but they do highlight how stupidity easily undoes security measures.

. . .

Last year I was part of the team that worked on Wired UK’s Privacy Issue. The magazine sent customised covers out to selected subscribers and a long list of prominent individuals. It created them by collating data from many different sources including the edited electoral register, Companies House and social networks. Cross-referencing little nuggets of information allowed us to paint a thorough picture of an individual’s life.

That’s the key – it’s not usually any individual bit of personal information you reveal online that matters, but the way it may be collated with other confessions. With a credit card image, a mother’s maiden name discovered through searching Facebook and location data grabbed from Twitter, someone with malevolent intent could do quite a bit of damage.

There's more at the link.

I found it hard to believe people could be that stupid;  but a quick look at @needadebitcard and Instagram, as the article described, revealed untold numbers of offenders.  I can only imagine how many of them must get ripped off by scammers, then blame the bank and try to recover their lost funds - when in fact, the bank should be suing them for making it so easy for criminals to steal their money!




Peter

1 comment:

Stuart Garfath said...

The uncountable examples of naivety, ignorance and downright stupidity I have seen on social sites beggar description!. I was on a social site for one week, but posted nothing, because what I saw screamed to me, 'GET OFF THIS!. Experience in Military Communications Security, (and other such disciplines) taught me the dangers of sites like these. Had I gone to my superiors way back then, and said, "Would'nt it be great to be able to access just about anything I wanted to know about someone, anytime, anywhere, without their knowledge".
No doubt, I would've been not to be so stupid!.
Social sites are an information gatherers lottery win that I would'nt have dared dream of those years ago.