Sophos Cloud Optix
Guest blogger Michael Argast: SSN 627-44-3942, DOB July 17th, 1971
Lie.
I generally consider myself pretty truthy, but increasingly these days I find myself lying. A website needs my date of birth? Make something up. Mother’s maiden name: Jones. Favorite pet: a boa constrictor named Squeeze. Place of birth, Dakron, Ohio. High school attended: Douglas Adams High.
The criminals make money acquiring your identity through phishes, and then using that for identity theft. Rates vary from 50 cents to $40 a record, whether it is a credit card number (Visa: 4502 5643 4335 9443, Expiry 06/12) or SSN number (see above) or favorite colour (Turquoise).
There’s a famous quote attributed to Willie Sutton, the bank robber, on why he robbed banks: “That’s where the money is.”. Right now there is lots of money being made by criminals in identity theft. What if, every time they stole an identity, or piece of information, it had a good chance of being false, or wrong, or landing them in jail.
What if, in all those databases that hold our records, 90% of the records were fake, false, contained information designed to trigger an alarm for having been stolen. The value of those records would fall. Crime would pay less.
Anti-spam advocates have been championing the idea of throw-away, single use email addresses for a while as a way to prevent spam. Facebook, Twitter, Myspace – do they really need your birthday? The right one? They’re just trying to validate you’re not a minor (and if you were, you’d probably lie anyway).
Now, I’m not suggesting that someone build a tool that automatically fills out phishing campaigns with millions of fake records, or purchase billions of dollars of Canadian pharmaceuticals with non-existent credit card numbers, or that banks and retailers create fake trigger credit card records so they know if someone has stolen or intercepted their customer data, or credit card terminals send a dozen fake transactions for every legit one. But if they did…
Michael Argast, writing from Paraguay.
Hi "Michael":
"My name is Boovney Padoonxt. I was born on July 1, 1950. My social security number is 111-22-3333. My mother’s maiden name is Enema Squee. I live at 12 Aulsdich Lane, Throes-on-Pompany, Hogwhistle 12, Nottingshire. My first pet’s name was Cher…or possibly Chewbacca. I raise goats and do some quantum physics on the side. On weekends I play in a Lebanese surf band. We get a lot of work playing for bar mitzvahs in Beverly Hills."
Your point is well taken. The number of websites that want my real date of birth and other personal information they absolutely do not need is staggering. So, like you, I make up stuff like the phony personal information above. I've been doing it for years…ever since some ne'er-do-well got an oil company credit card using only my name, address, and date of birth. It took eight years to clean up that mess.
I've had arguments with so many of these stupid websites that it has now become comedy (to me, anyway). For example, when I explain to them that they can't possibly "need" my date of birth for any reasonable purpose, they reply "We have to verify that you're old enough to view all the content on our site, some of which might be objectionable to minors." I reply, "Then ask me to verify that I meet your minimum age requirement. Don't ask me for my date of birth". Sheesh.
Not only is it none of their business, but what guarantee do they offer that they can keep my information secure? (None, of course.) They won’t listen to reason, and they won’t back down. Their stupidity encourages lying. (Perhaps “stupidity erodes ethics” is a general principle…I dunno.)
Anyhow, if they insist on acting like jerks, then they can have “Boovney Padoonxt” as a user.