…and a phone call from somebody representing herself as an agent of an insurer of ours. They need to meet with us about a really important new feature of our insurance, and could they do this tomorrow, oh, and we’re going to need our insurance papers.
Right. The more we talked to this individual, who did not have our account number, and who needed our papers, the more suspicious we got. For all we knew, somebody would show up, get the account numbers, do us both in, and go to Argentina on the insurance.
So we hung up, called our insurance company, who assured us it wasn’t them, and we called both our local agent and the police. We back-traced the phone number, which we provided to the police.
Just not the way we’d planned to spend a significant part of the day, thank you.
Just a few items gleaned from various sources: 1. Never twitter that you’re out of town (the network can be penetrated). 2. never provide an account number or other info to somebody who ought to know it but doesn’t 3. never hand out an SS number, and don’t come back and drink from an unattended glass at the bar.
Disconcerting that they knew your insurance company. Nothing is
truly a secret anymore with so many scrambling to hack and wack
every facet of our lives. I can’t imagine anyone doing online banking anymore. Good for you to be paying attention and not being sucked in by nimble patter!
I am glad you weren’t scammed.
A good example of why I never post that you are out of town!
Also be careful about how much info you put in your profile on social media or other publicly accessible sites. Information like that can be used to reset passwords for other accounts by helping criminals answer your ‘secret Questions’.
also glad you weren’t scammed. the drink at the bar notion is the first thing they teach women at college nowadays. in general it’s shocking how much information can be found on the internet if you know how to look. i once had a summer ‘can’t-find-better-work’ fling at a company that called themselves a “sales intelligence firm.” really we were supposed to find the personal phone numbers of CEOs of small businesses. can you believe i found the info of 680 of the 700 names they listed, simply by searching google?
of course this job was, at the end of the day, rather unscrupulous, and i was happy to haul my morally righteous tuccus back to college 😛
Guys should pay attention to that precaution, too, or they may find themselves face-down in the bar’s alleyway sans wallet.
And, of course, on the other side of the equation is the new concern about jurors twittering during the trial. Apparently there are several court cases that are being challenged because a juror leaked information by using Twitter/Facebook, etc. And for some reason the obvious solution (confiscate all electronic devices from the jury) is considered to be an undue hardship on them, so they can’t do that.
Actually, the last time a had jury duty (about a year ago), they told us, “No, cell phones or other electronic devices.” Of course, that was a federal court; so, the requirements may be different for state and local.
Oh, and I love getting the phishing mails from banks that I do not have an account at!
And I was highly amused to get a spam once that had the most appropriate subject line: “I do not have your personal information”. My thought as I deleted was “and you still don’t!”
Also don’t use passwords like ‘password’, ‘123456’, ‘[username]123’, ‘idontcare’, and ‘whatever’ on important accounts.
Seriously, these are some of the most popular passwords. If you use something easy to guess, you are just asking for your accounts to be hacked. Hackers have lists of thousands of popular passwords.
A good password should be at least 10 characters, should contain upper and lower case letters as well as numbers. It should not be based on your name, birth date, cat’s name or anything easily available on your Facebook account, blog, etc.
Don’t use the same password on different sites. Each site should have a unique password. Get a good password manager like KeePass to remember your passwords.
Actually, I read an article on how to come up with good, hard-to-hack passwords that are relatively easy to remember. Start with a phrase, like: My favorite breakfast is bagels and lox with orange juice. Then you take the first letters: mfbibalwoj. Then, you can do a pretty simple substitution to get in those capitals and numbers: Mfb1bAlw0j. It’s pretty much impossible to guess, and as long as the phrase is memorable and meaningful to you, not that hard for you to remember. The hardest part would be keeping track of the numbers and caps, and you could work some system for that (every other letter is either a cap or a number, whichever is appropriate, for example).
Now, do I actually do this? Not yet. But I do have my “simple” password, which I use for sites like this where I don’t particularly care if someone hacks my account, and several “secure” passwords, which I keep strictly for sites where I do care. And the work passwords, which never get used on my personal computer, and vice versa.
Since I don’t have a Facebook or active Twitter account, I think I’m pretty safe as far as social engineering attempts based on phishing those sites.:)
For other sites, I have a ‘simple’ password, or several more complex ones, depending on how annoyed I would be if it should get hacked. Another way to generate relatively hard passwords is to ‘haxxorize’ a proper name, preferably one not easily associated with you.
You can generate random numbers from 1 to 26 and use those for letters. It makes even simple passwords more difficult.
More good advice: if you’re going to use a real word, misspell it; hackers use dictionaries, too. Put numbers inside the word, not at the end.
One thing I do with those bank phishing e-mails is cheerfully forward them off to the appropriate bank — or eBay, or even once the IRS. I always copy over the headers too so they have all the lovely info to track back. Hopefully they get somebody. I handle my passwords like philospher 77, but the ones for work just drive me nuts. We have to change every 60 days and it won’t take anything even remotely like the last 24. Sometimes you just gottan write those things down and then they pissy that you did. I like the option for remembering a hard to hack one that philosopher 77 pointed out.
Yeeks! I’m very bad with passwords (I use the same one for a bunch of stuff). A clever trick I learned from someone: say you need an 8-character password with alphanumeric data: just slide your finger diagonally down the keyboard’s first two rows (aka 1qaz2wsx), migrate across (2wsx3edc), then use the shift key to get more options (!QAZ2wsx). Works for the someone (not me; I use made-up words, mostly). 🙂 Or capitalize all consonants.
At my old job, we had to change passwords every 30 days, and they also kept 25 generations. I finally thought of a system that would get me 32 passwords in a sequence I can easily remember, and, while the individual password may not be as secure as it could be, it won’t be easily cracked either. The ugly secret: if your installation forces people to use secure, frequently-changed passwords, which is what pure security doctrine calls for, the things will get written down on a convenient piece of paper kept close to the workstation, because nobody will be able to remember them; if the users are too security conscious for that, the IT department will be kept busy resetting forgotten user account passwords. Which is why most installations will hesitate to unleash the full power of their password checking software on the common user.
A word of warning but ones likes 1qaz etc. are in the dictionaries of most password cracking tools. Keep your passwords at least 10 characters long, mixed case, at least two numbers (not next to each other), no repeating characters e,g no DDD and no sequences when the password gets changed e.g. password1234 password 1235. Stick in none numbers and letters as well. Yes they are a pain to remember but better than having to sort out a hacked life. Never re-use passwords and change them every 30 days.
That’s the minimum recommended in my industry.