Personal Information and Identity Theft
From BBC:
The chance to win theatre tickets is enough to make people give away their identity, reveals a survey.
Of those taking part 92% revealed details such as mother’s maiden name, first school and birth date.
Fraud due to impersonation—commonly called “identity theft”—works for two reasons. One, identity information is easy to obtain. And two, identity information is easy to use to commit fraud.
Studies like this show why attacking the first reason is futile; there are just too many ways to get the information. If we want to reduce the risks associated with identity theft, we have to make identity information less valuable. Too much of our security is based on identity, and it’s not working.
Armin • March 25, 2005 10:22 AM
I think this quote misses the point:
People would have given away their details even without the prize. And not because they are too dumb, but because the questions were quite cleverly disguised.
They weren’t just “What’s your mother’s maiden name?” questions but disguised under the “Actors often use their mother’s maiden name for their characters, what would your name be?” guise. They are playing with people’s ego and also the fun to participate in an interesting game. Social engineering at its best.
I think even a lot of security conscious people would have fallen for the trick (at least to an extent), because you only recognise what’s behind it if you get a chance to take a step back and consider all the questions in combination.
I fully agree with the conclusion though.