It’s all fun and games until someone brings up FiFi
As we mentioned earlier, Twitter is where everyone seems to be these days.
Until recently, identity theft on the popular microblogging site seemed to be limited to pranksters impersonating celebrities, the most famous being a fake Tina Fey who, according to rumour, even got a laugh out of Tina Fey herself.
Today, though, it appears the non-famous among us are the targets of the latest identity theft scam — and the consequences are not exactly funny. (here, and here)
Because many of us run out of things to tweet about, even in 140 characters or less, we sometimes take part in games and trends. Among the latest were several variants on the “porn star name game,” where you form a fictional, adult-movie screen name for yourself by combining different names from your past, such as your mother’s maiden name, the name of your first pet, the name of the street where you grew up …
Wait a minute. Each of those names is often used as a security question when accessing online email services, using online banking sites, or even when speaking to your bank on the phone. Is it any wonder that phishers encouraged everyone on Twitter to take part in the fun?
Maybe the hilarity of introducing yourself as “Sasha Johnson Mount Royal” to the entire online world isn’t worth the chuckle after all.
5 Responses
10:58 am
What a great blog! Kudos for communicating with Canadians this way. I’ve tweeted this particular post @SocialMediaMash
8:39 am
I wonder if this post would have been better spent explaining what is wrong with using information like this for security and identification purposes.
Anyone involved with security thinks these “maiden name” questions are used to provide the user with a feeling of security, not to actually make anything more secure. There are genuine “two factor” authentication methods, methods that use a password and something else, but these questions do not represent a second factor, they are just a second password. Passwords that we are encouraged to make as guessable as possible and never change. It’s absurd when you think about it.
8:51 am
Thanks, Mike. That’s an important point. I guess the point of the post was to emphasize to people that they should safeguard their information more carefully, even if the existing security measures could be improved. We’ll certainly talk about security measures in the future.
4:07 pm
Nice post, and good advice – but I think it should go further. For one, middle names, and related family names can be picked out from numerous databases (many from the gov’t itself). You don’t need twitter to get this information, so perhaps the target of your article could have been web sites with terrible security, such as those described (banks, etc using middle names as passwords…).
At the same time, I’ve never used a bank or website that asked such trivial information for a secret question…
4:12 pm
First of all, I’d like to thank Alice Cooper for dropping by. It’s nice to see that we’re connecting with the old school rockers.
I agree that there’s a lot more to say about this. I also have to point out that my bank asks for my mother’s maiden name as an identity check when I call the online service centre.
Leave a Reply