On your facebook, can you tell me:
– When is your birthday?
– What’s your hometown?
– Name of your high school?
– Name of your elementary school?
– What are your favorite books?
– Favorite actors and actresses?
– Favorite TV show?
– Post pictures of your pets, and tag the photos with their name?
– Links to your family member’s facebook pages?
– Or, their names?
– Maybe you can tag your parents & their names on your photos?
– Maybe post pics of your car, and show off?
OK, so I admit the last 2 are a stretch – but have you seen the default security questions asked for your email, bank account, retirement accounts, etc?
With just a few key pieces of personal info – birthday, address, SS# – many of which are floating around in electronic and paper forms… (e.g. was the SS number REALLY necessary for the doctor’s office, hm?) – a “Black Hat” / cyber criminal can very easily get at & steal your ID?
Actual, real examples that I’ve personally seen from financial institutions to reset passwords, grant access, and the like include:
– What’s the day and month of your birthday?
– What town did you grew up in?
– Where did you go to grade or high school?
Hint: Even if you didn’t list the schools – the town name can be used as a cross-reference to find out easily!
– What’s your mother’s maiden name?
– What was the first make and model of your car?
– What’s the last name of your favorite actor?
– What’s your favorite TV show?
– What’s your favorite pet’s name?
You may be thinking: “…but Steve – set the info to private! I should be safe, right?”
OK – let’s take a step back. Look at your friends list. I assume there are a few hundred, if not thousands listed. How do you really know if that friend request that you got from “a friend from High School” was REALLY from your friend in High School? How do you know that someone didn’t go through the effort of creating a “fake profile” to send you a friend request, just to gain access to your personal details / likely the answers to your security questions?
Granted – the above scenario may seem far stretched, and I may sound paranoid – but let’s weigh the pluses and minuses here. Humor me and answer the following:
– What do you REALLY get out of sharing all of the above info with the world?
– What can potentially go wrong if an ID thief gets their hands on this info? How long will it take to fix?
It’s obvious that posting personal details is really of minimal benefit (I have to admit, I do/did enjoy than the wall of ‘Happy Birthdays” that are posted on the wall annually…) The potential cost, hassle, and burden caused by identity theft from this huge gap / security loophole here is too great. Too many “security questions” about seemingly private things are in fact – publicly available!
To date, I’m still puzzled why there’s been no “forwarded campaign” that’s pointed out the shocking similarities between the most common security questions used by many websites to prove identity, versus the profile questions posed by Facebook.
Conversely – I see alot of these hoax posts about “post this message to preserve your privacy rights on facebook.” You want to REALLY protect your rights? Clear out unnecessary info from your profile, tell your friends why, and PASS IT ON!
Let’s be frank here – I’m no security expert, but it doesn’t take a genius to figure out that any truly complete FB profile is just ripe for the picking for ID thieves. Why hasn’t this received more exposure?
Please – for your identity’s sake – delete all that extra crap off your facebook profile. It can cause alot of potential problems, with really minimal benefit.
Or, hey – if it’s already posted / out in the open, then maybe it’s time to create an alternate identity…
– With a birthday of 1/1/75
– “none” for parents because I’m adopted
– A graduate from “The School of Hard Knocks”
– A fan of “50 Shades of Grey,” “Butch Cassidy & the Sundance Kid,” and Garth Brook’s country music
– A proud owner of 4 turtles named Leonardo, Donatello, Michaelangelo, Rahpael, plus my favorite mouse called Splinter
– ..and I’ll call myself… “Rusty Shackleford.”
– Rusty M. Shackleford