...and I thought that I'd share. Mainly as I am just now teaching a Network+ course, and one of the topics in here is Security. And in that, Social Engineering is seen as a risk, as is misdirection of information.
So here's me.
For the last year, I have been receiving email from a medical insurer in South Africa, for, well, me. Not me, me, but a guy there, born in a different month, 6 years before me. Yup, I know LOTS about him. It's been kind of funny, but there is a very serious side to this misdirection of data. I have his bank details, the South African equivalent of his Social Security number. And I know his health history, and his wife’s.
Today, I wrote him a letter, and attached one of his health statements. I hope that it reaches him, and that he takes action with his provider. But what's the lesson here? The lesson is, double check your details with any organisation that you have your financials with. Make sure that all those details are correct. I even did a double check of the handful I have today. This was an innocent enough mistake on the face of it, but with the information that I have, it could have been a lot worse for this guy.
The second funny thing, was Gmail. So there is a lady in the US of A. She lost her job in RIDICULOUS circumstances and rather publically. And I really felt for her, mainly because I have an innate sense of fairness. She writes rather well, and has a great sense of humour. I have been a Twitter follower of hers, since. We have never had email contact. We have never communicated outside of a few tweets on Twitter. Anyhow, I have her home number, and her personal email account, showing up in my Gmail phone concats. What the? I did a lookup on Google and some crazy Russian website showed me that it is in fact a US based number, down to state and town. The rest of the location I won't say.
Here the lesson is to make sure that whatever tools you're using on the internet, make sure they are locked to hide any private data. Check what services are sharing that information, and be very careful with the apps installed on your phone that say “We need access to your details here, and here.” And, where you can, avoid putting those private details online when registering on a website. It's amazing how much people are will to put online for some app or the other. With the current trend in fitness tracking that seems to be all the rage, through to online shopping, minimal is best. Hell, it might sound obvious, but pseudonyms can help a fair bit.
As a last one, PLEASE STOP using your email/password combo as the login/password combo on this that and every website! It's just plain silly.
Cheers,
Malc.
No comments:
Post a Comment