GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   How to steal an identity in seven easy steps (https://gfy.com/showthread.php?t=1053061)

u-Bob 01-10-2012 05:57 PM
How to steal an identity in seven easy steps
 
How to steal an identity in seven easy steps

http://www.smartplanet.com/blog/thin...asy-steps/9487

Quote:
...
Thompson stole identities as an experiment back in 2008 to show the public how easy it is to get access to personal data and banking information. He proved it only requires some simple surfing for freely available personal data and cobbling it together in powerfully creative ways. Thompson began his experiments by first receiving permission from people he barely knew to try to break into their bank accounts. What the following steps show is how vulnerable we all are to security breach.

The victim:
He knew her name was Kim, where she was from, where she worked and roughly her age. He also knew the name of her bank and her username although as Thompson says, this was easy to guess?it was her first initial and last name. (Note: Change your username to something a bit less obvious.)

Seven Steps:
1) Google search. He googles her. Finds a blog and a resume. (Thompson called her blog a ?goldmine.?) He gets information about grandparents, pets, hometown. Most important he gets her college email address and current gmail address.
2) Next stop: Password recovery feature on her bank?s web site. He attempts to reset her bank password. But the bank sends a reset link to her email, which he does not have access to. So he needs to get access to her gmail.
3) Gmail access. He attempts to reset her gmail password but gmail sends this to her college email address. Gmail tells you this address? domain (at least it did in 2008 when Thompson conducted the experiments) so he knew he had to get access to that specific address.
4) College email account page. Thompson clicks the ?forgot password? link on this page and winds up facing a few questions. Home address, home zip code and home country? No problem, Thompson has it all from her resume. The same resume found from the simple google search done earlier. Then came a stumbling block: the college wanted her birthday. But he only had a rough idea of her age, no actual birth date.
5) State traffic court web site. Apparently you can search for violations and court appearances by name! And such records include a birth date. (Facebook also makes this piece of data very easy to get even if people do not note their birth year?remember Thompson knew roughly how old Kim was.) But he had no luck with the Department of Motor Vehicles.
6) Thompson goes back to the blog and does a search for ?birthday.? He gets a date but no year.
7) Finally, Thompson attempts the college reset password again. He fills in her birth date, and simply guesses the year. He gets it wrong. But the site gives him five chances, and tells him which field has the error. So he continues to guess. He gets access in under five guesses. He changes her college password. This gives him access to her gmail password reset email. Google requires some personal information which he is able to get easily from her blog (e.g., father?s middle name.) Thompson changes the gmail password and that gives him access to the bank account reset password email. Here again he is asked for personal information but nothing that he could not glean from Kim?s blog (e.g., pet name and phone number.) He resets the bank password and bingo, has immediate access to all her records and money.

...

blackmonsters 01-10-2012 06:06 PM
Nothing that I didn't know before and yet people think I'm crazy for not posting
certain info.

They think "I'm hiding something". I sure am....I hiding from fucking crooks.

L-Pink 01-10-2012 06:14 PM
That's why I use lifelock.

.

pimpware 01-10-2012 06:23 PM
Who's the blame? Her!

People dump all kind of personal data into facebook, linkedin, twitter.

You don't need criminal motivations to find such personal info, imagine you work with clients and you want to know a little bit more about who you are really working for, then google is really really your friend. With just an email address your can find a ton of info, full name, phone number, address, employer and much more. :2 cents:

That's why I never had much sympathy with social networks, I see people without a clue exposing their life to the world eyes.

candyflip 01-10-2012 10:26 PM
Quote:
Originally Posted by L-Pink (Post 18681767)
That's why I use lifelock.

.
Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money. :1orglaugh

potter 01-10-2012 10:46 PM
Yeah, that is a very very obscure example. Thread title should read "How to steal an identity if someone has an email account where the password recovery asks for common information".

NaughtyVisions 01-10-2012 10:47 PM
Quote:
Originally Posted by candyflip (Post 18682044)
Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money. :1orglaugh
http://en.wikipedia.org/wiki/LifeLock#Controversy

Quote:
In 2009 the company was found guilty of defrauding customers and Experian by keeping their credit information in a state of constant "fraud alert."[3]

Former LifeLock CEO Todd Davis was the victim of identity theft 13 times during 2007 and 2008, after he "publicly posted his Social Security number on billboards and in TV commercials as part of a campaign to promote his company's credit monitoring services".[4]

Robert J. Maynard, Jr., company co-founder, resigned in June 2007 amid allegations that he had stolen his father's identity and ran up $150,000 in American Express bills.[5]

In March 2010 LifeLock was fined $12 million by the Federal Trade Commission (FTC), "to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO?s Social Security number on the side of a truck."[6][7]
Works so good his identity was stolen 13 times! :1orglaugh:1orglaugh:1orglaugh

Operator 01-10-2012 10:49 PM
"I have nothing to hide and therefore aren't worried".

Jarmusch 01-10-2012 10:53 PM
Now lets see him steal the identity of someone who doesn't have a personal blog.

96ukssob 01-10-2012 10:58 PM
Quote:
Originally Posted by candyflip (Post 18682044)
Their new CEOs identity was stolen. Their original founder/CEO was convicted of STEALING HIS FATHER'S identity.

Yeah...I'd give them my info/money. :1orglaugh
:1orglaugh:1orglaugh seriously? thats fucked up

pornmasta 01-10-2012 11:38 PM
Quote:
Originally Posted by blackmonsters (Post 18681740)
Nothing that I didn't know before and yet people think I'm crazy for not posting
certain info.

They think "I'm hiding something". I sure am....I hiding from fucking crooks.
same thing here, some people thought that i'm paranoid.
(in fact i'm, but not for that :p )

VenzuelanChick 01-11-2012 01:37 AM
Quote:
Originally Posted by Jarmusch (Post 18682062)
Now lets see him steal the identity of someone who doesn't have a personal blog.
No shit... My favorite piece of info he got from the blog was her fatherīs middle name (how do you work that into a post not knowing you are giving out too much info)

cooldude7 01-11-2012 02:08 AM
so what did we learn, dont make personal blogs., :D

TubeSubmitters 01-11-2012 02:36 AM
The original article is from 2008....

u-Bob 01-11-2012 03:24 AM
Quote:
Originally Posted by Jarmusch (Post 18682062)
Now lets see him steal the identity of someone who doesn't have a personal blog.
These days kids post the same amount of info or more on their facebook page.

helenaBlue 01-11-2012 03:42 AM
thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away :(

Paul 01-11-2012 04:36 AM
Quote:
Originally Posted by helenaCamPrime (Post 18682244)
thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away :(
Burn them :2 cents:

helenaBlue 01-11-2012 06:38 AM
Quote:
Originally Posted by Coatsy (Post 18682292)
Burn them :2 cents:

i live in a tower building :) wooden floor.. so this is a GREAT idea :D

Jarmusch 01-11-2012 06:49 AM
Quote:
Originally Posted by helenaCamPrime (Post 18682244)
thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away :(
http://en.wikipedia.org/wiki/Paper_shredder

barcodes 01-11-2012 07:15 AM
:Oh crap:Oh crap:Oh crap


:Oh crap:Oh crap:Oh crap

ajrocks 01-11-2012 07:22 AM
so much work, if they are willing to work like that why don't they just a get a real job.

Jensen 01-11-2012 07:34 AM
Quote:
He resets the bank password and bingo, has immediate access to all her records and money.
Would a simple password give you access in any bank?

videosc 01-11-2012 07:48 AM
I was a ID theft victim last year. One thing I learned that I now tell everybody to do is call your bank and credit card companies and set up a verbal password that only you know. If anyone calls in and does not know the password they can't do anything. And for bank accounts, set up an alert so you get a text message or phone call whenever any changes happen to your account.

seeandsee 01-11-2012 07:48 AM
Quote:
Originally Posted by Jensen (Post 18682591)
Would a simple password give you access in any bank?
not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...

bronco67 01-11-2012 08:06 AM
Anyone smart enough can have your identity if they want it.

Once you've been unlucky enough to fall into their crosshairs for whatever reason, there's not much you can do about it.

ottopottomouse 01-11-2012 10:06 AM
Quote:
Originally Posted by VenzuelanChick (Post 18682149)
No shit... My favorite piece of info he got from the blog was her fatherīs middle name (how do you work that into a post not knowing you are giving out too much info)
All the family tree research sites help with things like the fatherīs middle name too and also the way people tend to re-use names within families. I had someone tell me there was no way I would be able to work out what his middle name is as it is too obscure - turned out to be his great granddads name.

People don't help themself either with having the same password everywhere. Get it right for one site and you're into anywhere they have an account.

DamianJ 01-11-2012 10:14 AM
Quote:
Originally Posted by helenaCamPrime (Post 18682244)
thats why i hate to throw away utility bills and bank statements :o
but i have no place to store them, so i have to throw them away :(
http://www.amazon.com/Fellowes-Power...6302037&sr=8-1

Colmike9 01-11-2012 10:23 AM
Last person that stole my identity, I found him and broke his knee with a wrench and he turned himself in for an unrelated crime in Indiana since he was scared of me and he's still there..

u-Bob 01-11-2012 11:28 AM
Quote:
Originally Posted by seeandsee (Post 18682616)
not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...
True in the case of most banks. Paypal etc still have to catch up.

IMO, the biggest problem illustrated in OP is the 'cascade effect'. One account get compromised and all others that were built on top of that crumble as well.

I use a unique email address for every service, affiliate account, news letter etc. Works also great to identify those programs that spam their affiliates.

Jensen 01-11-2012 01:59 PM
Quote:
Originally Posted by seeandsee (Post 18682616)
not today, maybe then, now most of them have better security, even A/4 or C/7 blocks (same as paxum ask when sending from wallet to mc) of code will protect you account now days, if you have that data on paper given by bank...
This was 2008. Doubt any bank would be pass around that time. 1998 perhaps...?

helenaBlue 01-12-2012 03:04 AM
Quote:
Originally Posted by DamianJ (Post 18682928)

I guess you are right, but how many of you have a paper shredder?


Btw Damian, i 've been reading your blog, and found some good tips :)

u-Bob 01-12-2012 03:27 AM
Quote:
Originally Posted by helenaCamPrime (Post 18684127)
I guess you are right, but how many of you have a paper shredder?
I do :)

helenaBlue 01-12-2012 03:49 AM
Quote:
Originally Posted by u-Bob (Post 18684142)
I do :)
All right, 3 more i do's and i'm gonna buy one too :D

u-Bob 01-12-2012 04:28 AM
Quote:
Originally Posted by helenaCamPrime (Post 18684154)
All right, 3 more i do's and i'm gonna buy one too :D
for added security: don't put the shredded pieces of paper all in the same bin, box, bag, whatever you use to dispose of paper...

lagcam 01-12-2012 07:31 AM
Quote:
Originally Posted by helenaCamPrime (Post 18682498)
i live in a tower building :) wooden floor.. so this is a GREAT idea :D
Are you housebound?

John-ACWM 01-12-2012 08:41 AM
Spy stuff :1orglaugh

Verbal 01-12-2012 09:31 AM
Quote:
Originally Posted by helenaCamPrime (Post 18684127)
I guess you are right, but how many of you have a paper shredder?
Absolutely have one. Everything with my name on it, including junk mail goes in there.

2ndxachrm 01-12-2012 10:07 AM
great hacker book about all the recent stuff is Fatal System Error. by joseph menn. that book scared the crap out of me about how bad it really is and how the corp and gov hide a lot of the info from us.


All times are GMT -7. The time now is 12:20 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc