How to steal an identity in seven easy steps - GoFuckYourself.com

u-Bob · 01-10-2012, 05:57 PM

How to steal an identity in seven easy steps

http://www.smartplanet.com/blog/thin...asy-steps/9487

Quote:

...
Thompson stole identities as an experiment back in 2008 to show the public how easy it is to get access to personal data and banking information. He proved it only requires some simple surfing for freely available personal data and cobbling it together in powerfully creative ways. Thompson began his experiments by first receiving permission from people he barely knew to try to break into their bank accounts. What the following steps show is how vulnerable we all are to security breach.

The victim:
He knew her name was Kim, where she was from, where she worked and roughly her age. He also knew the name of her bank and her username although as Thompson says, this was easy to guess?it was her first initial and last name. (Note: Change your username to something a bit less obvious.)

Seven Steps:
1) Google search. He googles her. Finds a blog and a resume. (Thompson called her blog a ?goldmine.?) He gets information about grandparents, pets, hometown. Most important he gets her college email address and current gmail address.
2) Next stop: Password recovery feature on her bank?s web site. He attempts to reset her bank password. But the bank sends a reset link to her email, which he does not have access to. So he needs to get access to her gmail.
3) Gmail access. He attempts to reset her gmail password but gmail sends this to her college email address. Gmail tells you this address? domain (at least it did in 2008 when Thompson conducted the experiments) so he knew he had to get access to that specific address.
4) College email account page. Thompson clicks the ?forgot password? link on this page and winds up facing a few questions. Home address, home zip code and home country? No problem, Thompson has it all from her resume. The same resume found from the simple google search done earlier. Then came a stumbling block: the college wanted her birthday. But he only had a rough idea of her age, no actual birth date.
5) State traffic court web site. Apparently you can search for violations and court appearances by name! And such records include a birth date. (Facebook also makes this piece of data very easy to get even if people do not note their birth year?remember Thompson knew roughly how old Kim was.) But he had no luck with the Department of Motor Vehicles.
6) Thompson goes back to the blog and does a search for ?birthday.? He gets a date but no year.
7) Finally, Thompson attempts the college reset password again. He fills in her birth date, and simply guesses the year. He gets it wrong. But the site gives him five chances, and tells him which field has the error. So he continues to guess. He gets access in under five guesses. He changes her college password. This gives him access to her gmail password reset email. Google requires some personal information which he is able to get easily from her blog (e.g., father?s middle name.) Thompson changes the gmail password and that gives him access to the bank account reset password email. Here again he is asked for personal information but nothing that he could not glean from Kim?s blog (e.g., pet name and phone number.) He resets the bank password and bingo, has immediate access to all her records and money.

...

blackmonsters · 01-10-2012, 06:06 PM

Nothing that I didn't know before and yet people think I'm crazy for not posting
certain info.

They think "I'm hiding something". I sure am....I hiding from fucking crooks.

L-Pink · 01-10-2012, 06:14 PM

That's why I use lifelock.

.

pimpware · 01-10-2012, 06:23 PM

Who's the blame? Her!

People dump all kind of personal data into facebook, linkedin, twitter.

You don't need criminal motivations to find such personal info, imagine you work with clients and you want to know a little bit more about who you are really working for, then google is really really your friend. With just an email address your can find a ton of info, full name, phone number, address, employer and much more.

That's why I never had much sympathy with social networks, I see people without a clue exposing their life to the world eyes.

candyflip · 01-10-2012, 10:26 PM

Quote:

Originally Posted by L-Pink

That's why I use lifelock.

.

Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money.

potter · 01-10-2012, 10:46 PM

Yeah, that is a very very obscure example. Thread title should read "How to steal an identity if someone has an email account where the password recovery asks for common information".

NaughtyVisions · 01-10-2012, 10:47 PM

Quote:

Originally Posted by candyflip

Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money.

http://en.wikipedia.org/wiki/LifeLock#Controversy

Quote:

In 2009 the company was found guilty of defrauding customers and Experian by keeping their credit information in a state of constant "fraud alert."[3]

Former LifeLock CEO Todd Davis was the victim of identity theft 13 times during 2007 and 2008, after he "publicly posted his Social Security number on billboards and in TV commercials as part of a campaign to promote his company's credit monitoring services".[4]

Robert J. Maynard, Jr., company co-founder, resigned in June 2007 amid allegations that he had stolen his father's identity and ran up $150,000 in American Express bills.[5]

In March 2010 LifeLock was fined $12 million by the Federal Trade Commission (FTC), "to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO?s Social Security number on the side of a truck."[6][7]

Works so good his identity was stolen 13 times!

Operator · 01-10-2012, 10:49 PM

"I have nothing to hide and therefore aren't worried".

Jarmusch · 01-10-2012, 10:53 PM

Now lets see him steal the identity of someone who doesn't have a personal blog.

96ukssob · 01-10-2012, 10:58 PM

Quote:

Originally Posted by candyflip

Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money.

seriously? thats fucked up

pornmasta · 01-10-2012, 11:38 PM

Quote:

Originally Posted by blackmonsters

Nothing that I didn't know before and yet people think I'm crazy for not posting
certain info.

They think "I'm hiding something". I sure am....I hiding from fucking crooks.

same thing here, some people thought that i'm paranoid.
(in fact i'm, but not for that :p )

VenzuelanChick · 01-11-2012, 01:37 AM

Quote:

Originally Posted by Jarmusch

Now lets see him steal the identity of someone who doesn't have a personal blog.

No shit... My favorite piece of info he got from the blog was her father´s middle name (how do you work that into a post not knowing you are giving out too much info)

cooldude7 · 01-11-2012, 02:08 AM

so what did we learn, dont make personal blogs., :D

TubeSubmitters · 01-11-2012, 02:36 AM

The original article is from 2008....

u-Bob · 01-11-2012, 03:24 AM

Quote:

Originally Posted by Jarmusch

Now lets see him steal the identity of someone who doesn't have a personal blog.

These days kids post the same amount of info or more on their facebook page.

helenaBlue · 01-11-2012, 03:42 AM

thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away

Paul · 01-11-2012, 04:36 AM

Quote:

Originally Posted by helenaCamPrime

thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away

Burn them

helenaBlue · 01-11-2012, 06:38 AM

Quote:

Originally Posted by Coatsy

Burn them

i live in a tower building

wooden floor.. so this is a GREAT idea :D

Jarmusch · 01-11-2012, 06:49 AM

Quote:

Originally Posted by helenaCamPrime

thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away

http://en.wikipedia.org/wiki/Paper_shredder

barcodes · 01-11-2012, 07:15 AM

ajrocks · 01-11-2012, 07:22 AM

so much work, if they are willing to work like that why don't they just a get a real job.

Jensen · 01-11-2012, 07:34 AM

Quote:

He resets the bank password and bingo, has immediate access to all her records and money.

Would a simple password give you access in any bank?

videosc · 01-11-2012, 07:48 AM

I was a ID theft victim last year. One thing I learned that I now tell everybody to do is call your bank and credit card companies and set up a verbal password that only you know. If anyone calls in and does not know the password they can't do anything. And for bank accounts, set up an alert so you get a text message or phone call whenever any changes happen to your account.

seeandsee · 01-11-2012, 07:48 AM

Quote:

Originally Posted by Jensen

Would a simple password give you access in any bank?

not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...

bronco67 · 01-11-2012, 08:06 AM

Anyone smart enough can have your identity if they want it.

Once you've been unlucky enough to fall into their crosshairs for whatever reason, there's not much you can do about it.

ottopottomouse · 01-11-2012, 10:06 AM

Quote:

Originally Posted by VenzuelanChick

No shit... My favorite piece of info he got from the blog was her father´s middle name (how do you work that into a post not knowing you are giving out too much info)

All the family tree research sites help with things like the father´s middle name too and also the way people tend to re-use names within families. I had someone tell me there was no way I would be able to work out what his middle name is as it is too obscure - turned out to be his great granddads name.

People don't help themself either with having the same password everywhere. Get it right for one site and you're into anywhere they have an account.

DamianJ · 01-11-2012, 10:14 AM

Quote:

Originally Posted by helenaCamPrime

thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away

http://www.amazon.com/Fellowes-Power...6302037&sr=8-1

Colmike9 · 01-11-2012, 10:23 AM

Last person that stole my identity, I found him and broke his knee with a wrench and he turned himself in for an unrelated crime in Indiana since he was scared of me and he's still there..

u-Bob · 01-11-2012, 11:28 AM

Quote:

Originally Posted by seeandsee

not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...

True in the case of most banks. Paypal etc still have to catch up.

IMO, the biggest problem illustrated in OP is the 'cascade effect'. One account get compromised and all others that were built on top of that crumble as well.

I use a unique email address for every service, affiliate account, news letter etc. Works also great to identify those programs that spam their affiliates.

Jensen · 01-11-2012, 01:59 PM

Quote:

Originally Posted by seeandsee

not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...

This was 2008. Doubt any bank would be pass around that time. 1998 perhaps...?

helenaBlue · 01-12-2012, 03:04 AM

Quote:

Originally Posted by DamianJ

http://www.amazon.com/Fellowes-Power...6302037&sr=8-1

I guess you are right, but how many of you have a paper shredder?

Btw Damian, i 've been reading your blog, and found some good tips

u-Bob · 01-12-2012, 03:27 AM

Quote:

Originally Posted by helenaCamPrime

I guess you are right, but how many of you have a paper shredder?

I do

helenaBlue · 01-12-2012, 03:49 AM

Quote:

Originally Posted by u-Bob

I do

All right, 3 more i do's and i'm gonna buy one too :D

u-Bob · 01-12-2012, 04:28 AM

Quote:

Originally Posted by helenaCamPrime

All right, 3 more i do's and i'm gonna buy one too :D

for added security: don't put the shredded pieces of paper all in the same bin, box, bag, whatever you use to dispose of paper...

lagcam · 01-12-2012, 07:31 AM

Quote:

Originally Posted by helenaCamPrime

i live in a tower building

wooden floor.. so this is a GREAT idea :D

Are you housebound?

John-ACWM · 01-12-2012, 08:41 AM

Spy stuff

Verbal · 01-12-2012, 09:31 AM

Quote:

Originally Posted by helenaCamPrime

I guess you are right, but how many of you have a paper shredder?

Absolutely have one. Everything with my name on it, including junk mail goes in there.

2ndxachrm · 01-12-2012, 10:07 AM

great hacker book about all the recent stuff is Fatal System Error. by joseph menn. that book scared the crap out of me about how bad it really is and how the corp and gov hide a lot of the info from us.

01-10-2012, 06:06 PM	#2
blackmonsters Making PHP work Industry Role: Join Date: Nov 2002 Location: 🌎🌅🌈🌇 Posts: 20,227	Nothing that I didn't know before and yet people think I'm crazy for not posting certain info. They think "I'm hiding something". I sure am....I hiding from fucking crooks. __________________ Make Money with Porn

01-10-2012, 06:23 PM	#4
pimpware Confirmed User Join Date: Jan 2006 Location: Pt Posts: 1,673	Who's the blame? Her! People dump all kind of personal data into facebook, linkedin, twitter. You don't need criminal motivations to find such personal info, imagine you work with clients and you want to know a little bit more about who you are really working for, then google is really really your friend. With just an email address your can find a ton of info, full name, phone number, address, employer and much more. That's why I never had much sympathy with social networks, I see people without a clue exposing their life to the world eyes. __________________ icq: 284494832 realsexforyou.com

01-10-2012, 10:46 PM	#6
potter Confirmed User Industry Role: Join Date: Dec 2004 Location: Denver Posts: 6,559	Yeah, that is a very very obscure example. Thread title should read "How to steal an identity if someone has an email account where the password recovery asks for common information". __________________

01-11-2012, 02:36 AM	#14
TubeSubmitters Confirmed User Industry Role: Join Date: Aug 2006 Posts: 2,683	The original article is from 2008.... __________________ Buying sites with income, paying by paxum, hit me up

01-11-2012, 03:42 AM	#16
helenaBlue Confirmed User Industry Role: Join Date: Oct 2010 Posts: 158	thats why i hate to throw away utility bills and bank statements :o but i have no place to store them, so i have to throw them away __________________

01-10-2012, 06:14 PM	#3
L-Pink working on my tan Industry Role: Join Date: Mar 2005 Location: Florida/Kentucky Posts: 39,152	That's why I use lifelock. .

01-10-2012, 10:49 PM	#8
Operator So Fucking Banned Industry Role: Join Date: May 2009 Location: ΠπΠ Posts: 2,419	"I have nothing to hide and therefore aren't worried".

01-10-2012, 10:53 PM	#9
Jarmusch Industry Role: Join Date: May 2003 Posts: 12,464	Now lets see him steal the identity of someone who doesn't have a personal blog.

01-11-2012, 02:08 AM	#13
cooldude7 Confirmed User Industry Role: Join Date: Nov 2009 Location: Heaven Posts: 4,306	so what did we learn, dont make personal blogs., :D

01-11-2012, 07:15 AM	#20
barcodes Confirmed User Industry Role: Join Date: Mar 2011 Location: Florida Posts: 2,040	Last edited by barcodes; 01-11-2012 at 07:22 AM..

01-11-2012, 07:22 AM	#21
ajrocks Confirmed User Join Date: Nov 2004 Location: On Uranus Posts: 4,526	so much work, if they are willing to work like that why don't they just a get a real job. __________________ SEO Strategy - Digital Strategy - Cannabis Lead Generation Skype aj.durden1

01-11-2012, 07:48 AM	#23
videosc Confirmed User Join Date: Jan 2008 Posts: 375	I was a ID theft victim last year. One thing I learned that I now tell everybody to do is call your bank and credit card companies and set up a verbal password that only you know. If anyone calls in and does not know the password they can't do anything. And for bank accounts, set up an alert so you get a text message or phone call whenever any changes happen to your account.

01-11-2012, 08:06 AM	#25
bronco67 Too lazy to set a custom title Join Date: Dec 2006 Posts: 29,035	Anyone smart enough can have your identity if they want it. Once you've been unlucky enough to fall into their crosshairs for whatever reason, there's not much you can do about it. __________________

01-11-2012, 10:23 AM	#28
Colmike9 (>^_^)b Industry Role: Join Date: Dec 2011 Posts: 7,224	Last person that stole my identity, I found him and broke his knee with a wrench and he turned himself in for an unrelated crime in Indiana since he was scared of me and he's still there.. __________________ Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

01-12-2012, 08:41 AM	#36
John-ACWM Work Work Work Industry Role: Join Date: Nov 2008 Location: EU Posts: 20,060	Spy stuff __________________ Video Chat Forum

01-12-2012, 10:07 AM	#38
2ndxachrm Confirmed User Industry Role: Join Date: Dec 2011 Location: Boston Posts: 353	great hacker book about all the recent stuff is Fatal System Error. by joseph menn. that book scared the crap out of me about how bad it really is and how the corp and gov hide a lot of the info from us. __________________ Sex. My favorite vice. www.myxxxpornvice.com