Now I really don’t know whether this has been conceived as a phishing scheme at the outset or as a reinvention of the playground/pub conversation. However, the fact remains, giving out things like your mother’s maiden name, name of your first pet, the street you grew up on is a Very Bad Idea. Giving them out online in a public forum that is indexed by search engines is Even Badderer™.

 

This sort of information is gold dust to those people who have an interest in breaking into your online accounts through reseting the passwords, see my earlier blog post here where it happened to poor old Salma Hayek.

 

For the record, I don’t remember the name of my first pet, but I grew up on Donkey Street. 

 

Next trend? #twitterluckynumbers post your Credit Card number, CVV and Expiry Date.

 

UPDATE:

 

The “man behind the hashtag” goes by the name of PembsDave. I asked him for his views on the furore surrounding the trend…

 

 

“It genuinely was set up as a fun thing to do and of course become a “trend” – but chinese whispers changed it. OK “proper” porn name is pets name + [mother's] maiden name but I felt that was too personal – hence head teacher. I have trended a few times to gain awareness of JessicasTrust their hashtag is #maternalhealth – and often cross-pollenate the trending # hashtag to theirs.”

 

So, Dave’s view and my own is, let’s hope some good can come of this, both in a raised profile for this worthy cause, and an increased awareness of the value of the information that we share far too readily on the internet.

 

Before you post anything, anywhere, ask yourself this “If a stranger called me on the phone asking me for this information, would I be happy to share it?” If the answer is “No“, then step away from the mouse.

 

UPDATE:

From the “Defies Credulity Dept.” this storm-in-a-teacup made it into the US Department of Homeland Security daily report (check page 15)

 

The actress Salma Hayek has reportedly had her MobileMe account broken into.

 

Images that would appear to prove the exploit, along with details necessary to reset the account password have been published over on the well known web site 4chan.org.

 

The anonymous poster also left the information:

Her email address is [removed]@mac.com
Go to me.com, forgot password, type [removed]@mac.com
Her birthday is Sept. 2
Answer to change password question is: [removed]

 

 

 

So another high profile victim to further illustrate the ease with which many online accounts can be compromised.

 

It’s not just celebrities who need to be more careful though, New european-based research from Trend Micro revealed that over one in 10 teenagers think it’s “cool” or “funny” to pretend to be someone else online, and one in seven 12 to13 year olds admit to having used somebody else’s identity whilst on the internet. It also shows that more than four out of 10 teens have hacked into another person’s profile to read emails, or logged onto another person’s social networking profile. Boys are almost twice as likely as girls to log into someone’s social networking profile.

 
One in three teens have admitted to being tempted to try hacking or spying on the internet to make money; girls are three times more likely than boys to enter into someone’s online shop or bank accounts without the owner knowing.

 
Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks in some cases) of our personal lives in what is essentially a public or at best only semi-private forum, making the work of criminals such as carders and ID fraudsters far more simple. In fact I have seen social networking sites spoken about in underground carding forums as a “free date of birth look-up service” along with a wealth of tips on how best to exploit these kinds of platforms.

 

We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire “25 Things About Me” and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your “Porn Star Name” (first name = name of your first pet, family name = mother’s maiden name), isn’t that exactly the kind of information needed to reset your email account password, or access your financial data? And there is no need to volunteer the email addresses of friends and family when asked to recommend a “joke” website or application to 10 friends

 

When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Salma Hayek or Sarah Palin!

 

Next time, before you hit “Post”, ask yourself this “If a stranger called me on the telephone asking for this information, would I tell them?” If the answer is “No”, then step away from the mouse.