Live phishing shows risk of personal info

Despite all the warnings about giving out personal information, many people still freely give away seemingly innocuous details that can be used to crack their passwords, according to the results of a "live phishing" survey.

The 18-question survey, conducted by RSA Security in New York City, asked respondents for information such as birth date, mother's maiden name and pet's name. The survey was touted as being about tourism in New York.

It found that 70 percent of the 108 respondents gave their mother's maiden name, and 90 percent gave their date and place of birth, according to a news release from RSA.

Additionally, almost 85 percent of respondents provided their full name, street address and e-mail address.

"A lot of personal information actually functions like a password and, as such, needs to be robustly protected," said Chris Young, RSA's vice president of consumer authentication services.

According to the news release, the survey was deliberately designed to feel official and safe, to reflect how many phishing attacks use real corporate logos and industry terminology to appear legit.

More than half of respondents explained in the survey how they devise their online passwords. Even those who declined to, though, did give personal information that can lead to figuring out their password, Young said.

"Many consumers have called their credit card company to check their account and be asked for their mother's maiden name as a personal identifier," said Young, noting one reason not to give out such personal information so freely.

"On top of this," Young said, "with a bit of sleuthing, motivated phishers can guess what a New Yorker's password is just by having his address and trying combinations that assume he's a fan of the Yankees or Knicks."

Federal Trade Commission research found that damage and loss resulting from identity theft and cyber-crime costs nearly $50 billion annually.

Consumer concerns go beyond their own personal information to the security of companies that index personal data. A controversial bill pending in the House of Representatives called the Data Accountability and Trust Act includes a provision that states that companies whose data are compromised must notify each individual in writing, only if the company terms it a "significant risk."

ChoicePoint Inc. announced last February that thieves posing as small-business owners had gained access to the company's database the previous September. Authorities said that the compromise resulted in at least 750 cases of identity theft.

ChoicePoint only notified its affected customers months after the breach, when it publicly announced it, and some 17,000 customers only received a notice in writing in September 2005, a full year after the breach.

RSA offered several suggestions for people to avoid identify theft. Among them were not sharing your method for devising your password, not sharing any personal details with strangers and using a variety of different passwords.

"Our survey reminds us that we all need to be more aware of such vulnerabilities, and take appropriate precautions," Young said.

Copyright 2005 by United Press International

Related stories:

Study looks at way US boards and CEOs manage risk
A recent Carnegie Mellon University CyLab survey of corporate board directors reveals a gap in board and senior executive oversight in managing cyber risks.
Psychiatric disorders common among college-age individuals; few seek treatment
Psychiatric disorders appear to be common among 18- to 24-year-olds, with overall rates similar among those attending or not attending college, according to a report in the December issue of Archives of General Psychiatry. Almost half of college-aged individuals meet criteria for substance abuse, personality disorders or another mental health condition during a one-year period, but only one-fourth of those seek treatment.
Study on aging still going strong some 50 years later
The University of Washington has been awarded a five-year, $4.5 million grant to research specific challenges related to aging with a disability.
Mobile banking prospects seen better in Asia
Polillo, a remote island in the northeastern Philippines with poor road infrastructure and no public transport, is set to get a taste of mobile banking long before the developed world does.
How Washington hospitals unleashed a MRSA epidemic
Year after year, the number of victims climbed. But even as casualties mounted - as the germ grew stronger and spread inside hospitals - the toll remained hidden from the public, and hospitals ignored simple steps to control the threat.
Track your fitness, environmental impact with new cell phone applications
(PhysOrg.com) -- Planning on gobbling a few extra treats this holiday season? Soon, your cell phone may be able to help you maintain your exercise routine and keep the pounds off over winter months, without your having to lift a finger to keep track.
Study helps identify beachgoers at increased risk of skin cancer
Identifying the sun-protection practices and risk profiles of beachgoers may help determine those who would benefit from targeted interventions intended to reduce the risk of skin cancer, according to a study in the November issue of Archives of Dermatology.
Colonies in collapse: What's causing massive honeybee die-offs?
“To the bee, a flower is a fountain of life, and to the flower, a bee is a messenger of love,” wrote poet Kahlil Gibran. Whether or not love is involved in the exchange, the evolutionary dance between pollen-transporting honey bees and nectar-producing flowers is one of nature’s most extraordinary symbiotic relationships, a hundred million years in the making.

News discussion:

Technology news