[ news_security_news ]
Experiment Shows Many Consumers Phish Bait
John Stith
Staff Writer
2005-11-09
 Insider Reports RSS Feed
RSA Security recently conducted a survey to determine just how much personal information people would cough up. The survey was conducted in New York's Central Park by a team dressed in I LOVE NY shirts. The survey was supposedly about tourism in the Big Apple and they reeled a lot of people in.
The experiment was set up to feel official and safe, to represent the environments people experience in online phishing scams. In many phishing scams, official logos and industry jargon are used to lure people in to a false sense of security.
The questions centered on information people use as passwords or to remind them of passwords yet don't feel the need to protect. Some examples include the mother's maiden name, favorite sports team, date of birth, etc.
RSA concluded the survey shows consumers freely willing to give up their personal data that can be used in various forms of identity fraud. They found more than 70% of people gave their mother's maiden name. Nearly everyone provided the date and place of birth. 55% explained how the devised their passwords and nearly 85% provided their full name, current address and email.
"A lot of personal information actually functions like a password and, as such, needs to be robustly protected," commented Chris Young, vice president of consumer authentication services at RSA Security. "Many consumers have called their credit card company to check their account and been asked for their mother's maiden name as a personal identifier. On top of this, with a bit of sleuthing, motivated phishers can guess what a New Yorker's password is just by having his address and trying combinations that assume he's a fan of the Yankees or the Knicks. Our survey reminds us that we all need to be more aware of such vulnerabilities, and take appropriate precautions."
They point out recent FTC research suggests ID fraud and cyber-crime among U.S. adults has increased to almost $50 billion a year. RSA does provide some measure to help protect you from these type of problems.
First, don't share your password or the method of devising your password with anyone. They also suggest being prudent with some personal information like the mother's maiden name, date of birth, etc. They are often either passwords themselves or inspirations. They also recommend using a variety of passwords for your various accounts. This will protect people from getting into all of them. Finally, check with your various service providers and see what security products they offer to provide "more robust proctection" versus invaders.
The problems here are really seem to stem from people's innate trust of others. Some would see these as naive and perhaps foolish. There are people who take advantage of such people. So people do need to be a bit more aware. The problem is in the end, you've got two sides of human nature competing. It's the innate trust versus the side that wants to get ahead others.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
