How to Lie to Your Bank and Get Away With It

While we talk about the periodic leakages of personal information from Facebook and how that information is leveraged by cybercriminals, the community of Facebook users can change their ways. Let’s pair up victims with criminals based on what’s broadcast by the victim. Here are Facebook’s seven deadly sins matched up with the most likely categories of interested criminals:

Cybercriminals need…

Address and birth date. Disclosing your home address or your place or date of birth could make you a target of an identity thief. Your home address even could attract a burglar or stalker to your home. If you're throwing a party and need to provide directions, do so through email.

Year of graduation from high school or college. These can help scammers pretend to be former classmates, a common way to win victims' trust.

Mother's maiden name. Businesses often use your mother's maiden name to confirm your identity, so it's prudent to keep that name as confidential as possible. (Keep in mind that pet names are another common security question.)

Sleazy Competitors / Irate ex-partners need…

Business contacts. Professional networking websites typically let people on your contact list see the names and IDs of everyone else on your list. An unscrupulous competitor, dissatisfied customer, or former employee could send a damaging message about you to everyone on the list.

Burglars and Stalkers need…

Travel plans and schedules of groups you belong to. If you mention the dates of an upcoming vacation on a social-networking website, or that you've joined a Wednesday-night book group, you might unwittingly have told a burglar when your home will be vacant.

Your valuables. Don't discuss your expensive art, antiques, or jewelry. It could make you a target for a burglar.

Your address. See ‘cybercriminals’ above.

Medical Fraudsters need…

The name of your doctor or dentist. If a scammer learns where you receive medical treatment, he might attempt to obtain your insurance information. This could be sold to someone who lacks health insurance, who would then pose as you to obtain treatment.

Okay, that was fun but let’s end the reverse psychology with a few lessons.

Try hardening your past as well as hardening your password

I have one simple rule if you happen to feel your personalized passwords are already vulnerable: Don’t use your mother’s maiden name or any other information such as ‘your first friend or pet’ names for authentication for your banking. LIE.

How to lie to your bank and get away with it

  1. For online security question purposes, when your security questions are asking for the name of someone, use something else, such as a color. Put ‘blue’ or ‘magenta’ as your mother’s maiden name, or ‘bluemagenta’ all together.
  2. If your bank asks questions about towns such as where were you born or where did you graduate high school, answer with the name of a pet. I’ll bet very few people graduated from ‘Lassie’ Junior High.
  3. Remember to tell the truth when you’re opening an account with the bank – providing false information then isn’t the time!

Don’t go too far over the top…!

  1. Your answers should be something you can easily remember, yet not readily known by others.
  2. Try to avoid using answers that will change over time. 
  3. If you share account access with anyone else, you may want to establish your security questions together so that you both know the answers if you are ever prompted to provide additional information when logging in. 
  4. Enter your answers carefully as you will need to supply exactly the same answer if you are ever prompted with one of your security questions.

Hat Tip to Terry Zink, Facebook and Security First Associates.

Securing Our eCity Contributing Writer

Author ESET Research, ESET

  • Ralf Muschall

    There is another place where pet names, mother's maiden name etc. are often asked for: Recovery options for forgotten passwords.  I strongly recommend to disable that option (if possible) or enter "What is my secondary password" as the question and something like "2dfG!w4*kW$aF" as the answer.
    I don't know if (and, if yes, why) it is legal to ask for mother's maiden name for business purposes – names like "Cohen", "Mkombo" or "Al Hussein" might be abused for discriminatory purposes; and besides that it helps to reconstruct family networks by data mining.

    • Charles Jeter

      Hi Ralf,

      Recovery authentication is a great mention. I always get a little queasy when using them and tend to spoof the name. The key is to lock it down with something easy to remember. Speaking of easy to remember, I recall that back about twelve years ago when online account access was in its infancy a certain financial institution happened to only give four digit PIN codes as user passwords, and mother’s maiden name was the default authentication if you forgot your PIN. We’re a long way from that and I’m sure that banks and other businesses are simply trying to provide users with something they simply cannot forget.

      Still, getting medieval on your password like you did in that answer (2dfG!w4*kW$aF) is definitely considered hardening the target.

      Great advice!

      Regarding data mining… That’s the world we live in but the criminals are looking for money and money’s not found in the family network, it’s found in the account – unless you’ve got a theory I haven’t considered.

  • Sean Sullivan

    Good post, but I have to say, I don't lie to my bank/credit card providers. I don't need to.
    Years ago, I called Citi for a customer service request and during the call, they asked me if I'd like to update my "passphase", which was, at the time, my mother's maiden name.
    And so I said yes and now I, and Citi, are more secure with a unique passphase that isn't based on personal details. No lie required.
    I don't know how many banks/cc providers offer this option, but I'd like to. Give some customer service numbers a call. Cheers!

  • Charles Jeter

    Hi Sean,
    Thanks for commenting. I think your idea of updating the passphrase is excellent – we all should do that on a regular basis. The hard parts for most banks comes in the 'lost password' method of authentication, or with several of the banks which I use, during their pre-password authentication online where they ask a prefacing question right before showing an image you previously picked, and only then will they proceed for the password.
    Where the danger lies for Facebook and other Social Networking people is that once their personal information (such as a dog's name or mother's maiden name) is lost through breach or mishap, that personally identifiable information (PII) is up for grabs.
    By using information counter to the known quantity (colors instead of names, dogs instead of humans) one more layer of protection is provided, along with a simple system for most people to remember – which is, of course, the hardest part of the entire equation! :)
    Charles

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.