Lesson in posting security

[JimF-LowBari]

This originally was to be a response to a post in a DCI forum thread. Thread got locked before I posted and the post I was responding to got deleted. Main idea was the poster does not post any personal info and got slammed for it. Just something that IMO needs to be repeated every now and then.

Let's not forget that anyone can read DCP posts without having a login. Each year I have to go thru security training with my job and I basically get taught how to scam the crap outta someone with just a few pieces of personal info (#### easy too). A job or school reference on DCP, last name on Facebook, hometown somewhere else, someone who knows you responds and drops a personal tidbit, etc, etc. All it takes is enough time to surf the web and you can pick up enough to be able to place a phone call or email and it's off to the races.

Jesus... my wife has an uncommon name and signed up for facebook. So far she has had three people trying to get buddy, buddy with her claiming they know her. Weird thing is there IS someone with her name in Philly so we don't know if it's scam attempts or someone is sincere and has the wrong KF.

PS - If this gets moved to the Non-DC Forums I don't have access there (spend too much time in the DC area ).

[bawker]

. . .I put this in the Member Service Area, since it's kind of a . . .well, general posting to members.

[Slow Adam]

99% of the population has first name or initial, last name, address and phone number publicly available...it's not like we're posting credit card or social security numbers.

[JimF-LowBari]

99% of the population has first name or initial, last name, address and phone number publicly available...it's not like we're posting credit card or social security numbers.

Nah, I was thinking of someone dredging up enough info from places and and then sending an email or calling you and claiming that they actually know you. Or better yet, to claim that they are someone you knew but haven't heard from from a while. Drop enough stuff or a old personal rememberance that you wouldn't think of being on the web and you might not be as suspicious.

Who knows, they might be targeting someone else and might get a piece or two of info on that person from you. Fer instance after the goundwork is laid you hear: "Hey, calling because I'm trying to find Dave Davis and can't remember his hometown." or "I'm going to be in the area and want to look up Dave Davis parents. Do you know their names or if they're still around?". Then when Dave is contacted the hometown and parents info could be used to make things look legitimate.

Hell I got a phone call at work once from someone claiming to be with my Credit Union. Pretty good trick considering those numbers are not in the general public. Took me a while to google and yahoo searching but ####ed if I didn't find a one paragraph article that had my name and work phone number. Never did find out how my choice of banking was found. (Unless some a-hole in my office did it.)

Members Services Area!!! thanks Bawker

And Nick (just saw the below post): Yeah a certain few letters in my sig (PADCHOF) really give me away with about two minutes of checking. LOL, good thing I'm a suspicious little ####. And that's the point I wanted to make: Just about all of us have given away enough tidbits here to make us targets, so let's keep that in mind when we're contacted by "person/persons unknown" <$1 to my training>.

Edited March 26, 2010 by JimF-3rdBari

[euponitone]

If someone has the will and ability to scam me like that, its not going to matter whether my name is in my sig here. Its already available on facebook, and if you google it it comes up for a bunch of band / corps related stuff. Im even listed online as a 2006 ageout by DCI.

[76strad]

This originally was to be a response to a post in a DCI forum thread. Thread got locked before I posted and the post I was responding to got deleted. Main idea was the poster does not post any personal info and got slammed for it. Just something that IMO needs to be repeated every now and then.

Let's not forget that anyone can read DCP posts without having a login. Each year I have to go thru security training with my job and I basically get taught how to scam the crap outta someone with just a few pieces of personal info (#### easy too). A job or school reference on DCP, last name on Facebook, hometown somewhere else, someone who knows you responds and drops a personal tidbit, etc, etc. All it takes is enough time to surf the web and you can pick up enough to be able to place a phone call or email and it's off to the races.

Jesus... my wife has an uncommon name and signed up for facebook. So far she has had three people trying to get buddy, buddy with her claiming they know her. Weird thing is there IS someone with her name in Philly so we don't know if it's scam attempts or someone is sincere and has the wrong KF.

PS - If this gets moved to the Non-DC Forums I don't have access there (spend too much time in the DC area ).

Any tips in how to scam someone?

[JimF-LowBari]

Any tips in how to scam someone?

Get a job when you have to get a ####### security clearance. All the free tips and training that can be crammed down your throat.....EVERY YEAR!!!

And for the double whammy: work in the IT area that relys heavily on the Internet for information.

7yrs 5 mo. until my planned retirement.....

Edited March 26, 2010 by JimF-3rdBari

[Slow Adam]

Nah, I was thinking of someone dredging up enough info from places and and then sending an email or calling you and claiming that they actually know you. Or better yet, to claim that they are someone you knew but haven't heard from from a while. Drop enough stuff or a old personal rememberance that you wouldn't think of being on the web and you might not be as suspicious.

Good luck - it's hard to pull the wool over these eyes. Most people get scammed because they are stupid, not careless with personal info on the net, IMO.

[JimF-LowBari]

Good luck - it's hard to pull the wool over these eyes. Most people get scammed because they are stupid, not careless with personal info on the net, IMO.

Well the "you" was meant for the reading public as a warning, not you personally.

Dang English words that have multiple meanings.

Edited March 26, 2010 by JimF-3rdBari

[cowtown]

As some may have noticed I take this issue very seriously. My preference of maintaining my personal privacy has little to do with the way I conduct myself here or the opinions I may express and everything to do with my privacy and security.

The internet has its own rules, eetiquette and codes of conducts that really need to be understood and followed, more so if you are posting in an official capacity. One of the cardinal rules is maintaining a person’s personal privacy and for good reason too

Here are a few things that I have seen on my little, snake pit of a message board that I offer up as a warning to others

The most recent stunt – a guy just out of law school ticked off a British guy who then bought the domain of the lawyer’s name. He created a very nice, professional looking website filled with out of context quotes from the lawyer, attacks from others posters on the lawyer and personal details the lawyer provided over the course of years. Now when a potential employers Goggles the guy, this hate page pops up. Not good

Another one

Some guy on that same website stole other posters identities and antagonized hate groups. The thief registered at hate group web site using other posters handle name, avatars, signature lines and general tone. He pretended he was ‘them’ and connected the hate site back to our board. Some Russian hacker took the bait, joined our board, acted nice, posted a link like an LoL Cat, when posters hit the link he captured their ISP and other data. He began posting our posters ISPs on our site and on a hacker sites, some people were hacked. Our web site was attack with a ping attack which took it down and got us kicked off that server. Then we got attacked on our new server, went down and had to find another host – in the meantime, we explained the situation to the mod of the Russian Hate site, and called a truce. I went around and registered Cowtown on several site to prevent my identity from being used in such a fashion

I already mentioned the house up for sale, some Brit living in Australia did that to a guy in London – nasty court battle and restraining orders were also involved. Another guy was jumped in London by other posters and beat down. There was that credit card fraud thing with the Canadians. One poster had their sister called by another angry poster – real name to face book to friends. Many have been harassed at work. Another had to change their work phone number because it was posted. The more common ones are signing people up for extreme porn sites, spamming their email address to internet marketers, posting craiglists ads and the sort

I’ve seen these all played out and more on a web site that has about 100 posters that have been posting together for the past 7/8 years

Another issue is liability. When you out someone you become libel for any repercussions that occur due to that outing. So, say someone googles my name, figures out where I live and kills my cats. The cat killer and the Outer are both responsible – why take that risk?

I think its in everyone's interest to try and maintain each others privacy.