Sophos Cloud Optix
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.
Here’s a typical message that is currently being spread by well-meaning users across the social network:
In honor of the big wedding on Friday, use your royal wedding guest name. Start with either Lord or Lady. Your first name is one of your grandparents' names. Your surname is the name of your first pet, double-barreled with the name of the street you grew up on. Let's do this! Post yours here. Then cut and paste it into your status.
Regally yours,
Lady Edith Spanky-Rushmoor
Do you see the problem?
By playing the game, you might be unwittingly making life easier for identity thieves and hackers.
Look at it this way. Think of all the websites which ask you to give it a “secret question” which can confirm your identity in the event of you forgetting your password.
If you tell everyone your Royal Wedding Guest name then you are giving away information which might help someone break into, say, your email account.
So, here’s my advice.
Firstly, don’t post this kind of personal information onto the internet – the few seconds worth of amusement you may get by telling people your Royal Wedding Guest name are not worth the potential pain of having your identity stolen.
Secondly, when websites ask you for a “secret answer” to reset your password… lie. You don’t need to tell the truth when you’re asked by a website what your mother’s maiden name was, or the name of your favourite TV show. So, say something random but memorable that no-one is likely to guess like “Xena Warrior Princess” or “Artichoke Sandwich”.
If you use Facebook and want to learn more about threats, you should join the Sophos Facebook page where we have a thriving community of over 70,000 people.
Of course, if you do happen to be one particular couple getting married tomorrow, you’re not going to have any chance keeping your grandparents’ names secret..
Hat-tip: Thanks to Naked Security reader Paul who brought this particular issue to our attention.
Lying on the security questions… that is actually a really good piece of advice.
That is genius. I always get annoyed when the questions ask things I don't have answers to. "The name of my first child?! I'm not married! I can't remember the name of my first grade teacher!" I can't believe I never thought to lie. What's it going to do, call my bluff? 🙂
lol i lie !!!! from lady amybeth thorne-deane ;o) that was the name of my fave tv char as a child my maths teacher and my science teachers rabbit from 2 differnt schools in 2 diferent districts
Trust me… If any of those words were even close to any of my passwords, there's no way in hell I would have played along.
Hey… I like Xena!
What a weird way to write up a fluff piece about the royal nuts. yeesh.
total hogwash of course, due to teh manual hunting.
besides, anyone that deep into royal weddings likely doesn't have anything worthwhile on their hdd.
the first time i saw this being posted i actualy asked..(.what is this a password cracker or what?i got no reply from anyone who was posting this..ive lost count on how many times i told people not to do this but i was ignored..
…or how about just making up the answers to the Royal Wedding game? You don't HAVE to give away any real security info at all!
none of those answers are regular security questions though. isn't this an over alarmist scaring article? it did make me think about those things but most people are probably not sharing personal log in and passwords on this one 🙂
Actually things like pet names and street you grew up on *are* commonly used as security questions when you forget your password.
Check out the screenshot from Yahoo that I used in the article, which asks for a pet's name for instance.
And remember – when you take part in these sort of games, or the common "pornstar name" variant, you may be publishing your answers *forever* on the web. Which means someone could pick them up in years to come, long after everyone's forgotten so-and-so married thingummybob in 2011.
who’s marrying who and when lol (i so wish that statement was true as cant turn on the tv without hearing about it)
Yea that's a stretch to say this is a security issue (playing this FB status-post game).
I'm sure I'm more vulnerable if part of my guest list name is schnookie-wookems.
I mean, come on…lets be real, people.
wow I never ever would have thought of this! many thanks 🙂 fortunately I haven't given any secrets away but I could easily have done!
Think this one through: someone has to
1)target you for identity theft
2)figure out what web sites you go to that
3)have info that they want and
4)correctly predict which of several different security questions you have chosen to use as *your* security question.
And all of that, plus they'll probably need your email address too.
Much more dangerous: announcing in church or to your mom's playgroup that you're going out of town on vacation next week.
Have just had a go at the BBC over them running this on local radio… the had consider the issue but conclude was fine as “nobody had their last name or email address associated with any of the comments so it was safe to run with but thanks anyway” Ok… that sign-off has really annoyed me…
1) these were being announced on air as “Lord XXX XXX XXX, thats YYY from TOWN”
2) were being posted by the people in question onto the shows Facebook page… and last time I looked that included a last name next to the posted item
3) clicking around a couple of these listerners who had posted I gained on public profiles DOB, home town, “orignates from” towns, school and university, course details and dates, names of spouses, children, parents, friends, past and present employers
Ideal for social engineering without them adding a few more details in this with this latest “game”
I am reminded of the Mr. T Name Generator:
http://replay.web.archive.org/20100102185122/http…
All they need is your First Name, Last Name, Gender, Date of Birth, Social Security Number, and Mother's Maiden Name.
I put my royal guest name, but i lied….
My dog's name is Sydney which is constantly mentioned on Facebook and Twitter so it's hardly a secret.
Want your identity stolen? Write checks.
People can steal it in any means they can. My dogs names are on my page as well. Someone stole my debit card number at a shell gas station w/one of those scanners and used 200.00 on it, luckily I am a freak about my account and check it more than twice per day to make sure all is well, I got that stopped real quick. You have to be active in keeping track of things.
Great article.