Guest blogger Michael Argast: SSN 627-44-3942, DOB July 17th, 1971
I generally consider myself pretty truthy, but increasingly these days I find myself lying. A website needs my date of birth? Make something up. Mother’s maiden name: Jones. Favorite pet: a boa constrictor named Squeeze. Place of birth, Dakron, Ohio. High school attended: Douglas Adams High.
The criminals make money acquiring your identity through phishes, and then using that for identity theft. Rates vary from 50 cents to $40 a record, whether it is a credit card number (Visa: 4502 5643 4335 9443, Expiry 06/12) or SSN number (see above) or favorite colour (Turquoise).
There’s a famous quote attributed to Willie Sutton, the bank robber, on why he robbed banks: “That’s where the money is.”. Right now there is lots of money being made by criminals in identity theft. What if, every time they stole an identity, or piece of information, it had a good chance of being false, or wrong, or landing them in jail.
What if, in all those databases that hold our records, 90% of the records were fake, false, contained information designed to trigger an alarm for having been stolen. The value of those records would fall. Crime would pay less.
Anti-spam advocates have been championing the idea of throw-away, single use email addresses for a while as a way to prevent spam. Facebook, Twitter, Myspace – do they really need your birthday? The right one? They’re just trying to validate you’re not a minor (and if you were, you’d probably lie anyway).
Now, I’m not suggesting that someone build a tool that automatically fills out phishing campaigns with millions of fake records, or purchase billions of dollars of Canadian pharmaceuticals with non-existent credit card numbers, or that banks and retailers create fake trigger credit card records so they know if someone has stolen or intercepted their customer data, or credit card terminals send a dozen fake transactions for every legit one. But if they did…
Michael Argast, writing from Paraguay.