My mothers maiden name was Sullivan, my first pet was named Snoopy, my fathers middle name was Joseph and I was born in Schenectady, NY. I can tell you because I would never use real answers in any so called security questions. While it’s handy when forgetting your password it’s the easiest way to have your password reset and stolen.
Yes, companies still use these questions with answers that are publically available and having numbers, letters and special characters in your password won’t help you. Truth is programs that keep trying different word combinations are obsolete. Your password will most likely be incorrectly stored and stolen by someone you do business with or figured out using data in the password security or “challenge” question.
Remember when Sarah Palin’s Email was compromised? It wasn’t some brilliant hacker, it was someone who Google’d where Palin attended high school.
So are there really companies that still use predicable and lame questions? I won’t say who but the following were actually from a banking site.
And people wonder why I don’t list my birthday on Facebook?
The Results
So what typically happens when someone get your Email and password?
First it’s usually not personal. Once your Email is compromised it’s entered into an automated program. The program will log in and collect all the names and Email addresses from your contact list. It could be on AOL, GMail or Outlook; your address book is easy to access programmatically.
It won’t be long before the program breaks up your contacts and sends them all an Email with either a link to malware or something as benign as an advertisement for Viagra. It could just be an ad because these guys could be earning a couple cents for every view. Since it’s all automated it could add up to thousands of Euro a month. 
Two things will happen next. Half of your friends may contact you to let you know you’ve been hacked. The other half will click the link and ask why you sent them to a Viagra site. You’ll be very surprised by how many people click on the link because it came from someone they trust.
Obviously, the first thing you’ll want to do is change your password. After that unplug from the internet and run scans from any security program you’ve ever installed on your computer.
You’ll be very embarrassed because the Email will go to people who you still have on your contact list but aren’t close friends. You may feel violated. Don’t be embarrassed. It can happen to anyone and it does. Just think about it the next time you provide answers for security questions. Come up with out of the ordinary answers that you’ll still remember.
Q: “Where were you born”? A:”In bed”
Q: :What’s your mothers maiden name”? A": “Miss”
And if one of your friends send you an Email with just a link, send them here to read BitsFromBill.com.
0 comments:
Post a Comment