facebook
twitter
rss
account
search
search

Live phishing shows risk of personal info

By ELLIOT SMILOWITZ   |   Nov. 9, 2005 at 4:20 PM   |   Comments

WASHINGTON, Nov. 9 (UPI) -- Despite all the warnings about giving out personal information, many people still freely give away seemingly innocuous details that can be used to crack their passwords, according to the results of a "live phishing" survey.

The 18-question survey, conducted by RSA Security in New York City, asked respondents for information such as birth date, mother's maiden name and pet's name. The survey was touted as being about tourism in New York.

It found that 70 percent of the 108 respondents gave their mother's maiden name, and 90 percent gave their date and place of birth, according to a news release from RSA.

Additionally, almost 85 percent of respondents provided their full name, street address and e-mail address.

"A lot of personal information actually functions like a password and, as such, needs to be robustly protected," said Chris Young, RSA's vice president of consumer authentication services.

According to the news release, the survey was deliberately designed to feel official and safe, to reflect how many phishing attacks use real corporate logos and industry terminology to appear legit.

More than half of respondents explained in the survey how they devise their online passwords. Even those who declined to, though, did give personal information that can lead to figuring out their password, Young said.

"Many consumers have called their credit card company to check their account and be asked for their mother's maiden name as a personal identifier," said Young, noting one reason not to give out such personal information so freely.

"On top of this," Young said, "with a bit of sleuthing, motivated phishers can guess what a New Yorker's password is just by having his address and trying combinations that assume he's a fan of the Yankees or Knicks."

Federal Trade Commission research found that damage and loss resulting from identity theft and cyber-crime costs nearly $50 billion annually.

Consumer concerns go beyond their own personal information to the security of companies that index personal data. A controversial bill pending in the House of Representatives called the Data Accountability and Trust Act includes a provision that states that companies whose data are compromised must notify each individual in writing, only if the company terms it a "significant risk."

ChoicePoint Inc. announced last February that thieves posing as small-business owners had gained access to the company's database the previous September. Authorities said that the compromise resulted in at least 750 cases of identity theft.

ChoicePoint only notified its affected customers months after the breach, when it publicly announced it, and some 17,000 customers only received a notice in writing in September 2005, a full year after the breach.

RSA offered several suggestions for people to avoid identify theft. Among them were not sharing your method for devising your password, not sharing any personal details with strangers and using a variety of different passwords.

"Our survey reminds us that we all need to be more aware of such vulnerabilities, and take appropriate precautions," Young said.

Topics: Chris Young
© 2005 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Most Popular
1
Dinosaurs shrank for 50 million years before becoming birds
2
Cape Cod scientists tag first great white shark of season
3
Five-minute video visualizes history of human culture
4
Music helps cows relax, produce more milk
5
Mars to get newer, more high-tech rover in 2020
Trending News
Video
x
Feedback