Many Internet users, especially those who use social networking accounts, expose information about themselves but also friends and colleagues on the Internet.
You have probably read stories in newspapers in the past that cyber criminals are using those information to create false identities, or trap friends and colleagues into thinking that they are actually someone they know. What has not been discussed nearly as much is if and how companies and organizations like banks deal with those information.
It is common knowledge that many companies search for information online about future employees, but the story that Roger Thompson, AVG's chief research officer, posted on his blog seems to suggest that companies use publicly available information for other things as well.
Roger went on a business trip to London and was told during checkout that his Credit Card was declined. A call to his bank revealed that the bank had suspended the card because they did not know that he was traveling overseas.
The scary bit happened in the process that followed on the phone to un-suspend it. It started with the usual questions including the last four digits of the security number or the mother's maiden name. What then followed was unsuspected. The bank employee told Roger that they had a couple of more questions "from publicly available information".
The employee asked questions about Roger's daughter in law using her maiden name (which she apparently has not used for more than nine years). The only publicly available information that connect Roger to his daughter in law is their friendship at Facebook.
Now, I’m not accusing Facebook of _anything_, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting” it?
The bank employee did not reveal the source of the information and it might have been that this has nothing to do with Facebook as there are other public records available that can be used to connect people to each other.
The bank might however have used Facebook in this case and other publicly available information in other cases for the verification process. The danger with those kinds of information is obviously that they are publicly available meaning that the bad guys can also access those information.
How would you react if your bank would ask you these questions?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.