Insight Investigations and our very own Tony Smith were featured in Saturday’s copy of The Sun newspaper, an article which we have produced a copy of for your reading below:
“I HAVE changed the passwords for every website, social media account and banking app that I can think of this week.
I have not been hacked – at least not so far. Yet after the shocking insight I was given into how vulnerable I had made myself to a cyber attack it was surely just a master of time.
A total of 15,000 Brits, and millions worldwide, fell prey to the GameOver Zeus internet virus this week – which steals your banking information.
But as well as hi-tech programs and malicious software used in such attacks, something else gives a huge helping hand to cyber criminals – YOU.
Using information I was happy to have online and on social media one private investigator managed to work out the password to my credit card in just TEN MINUTES.
Using anti-virus software can help in catching viruses that install themselves on to your computer.
But in this modern world of social networking, where we post so much of our lives on websites such as Facebook and Twitter, there is more than enough information to help would-be crooks.
So how did Anthony Smith, of Insight Investigations, do it?
Easy. He looked me up on Facebook, where I had left just enough open to public view for him to harvest the names of my husband, my children and my cat.
‘The drive to brag makes you vulnerable’
From there he went to my Twitter feed, which helpfully had the same profile photograph as my Facebook page so he knew it was mine.
On the site was a picture of the cake I made for my daughter’s birthday.
He then put the name of my cat alongside my youngest child’s name before adding the last two digits of the year my other child was born – worked out from details on the birthday cake.
Anthony only had to juggle the three around a few times and, by just his fifth guess, he had cracked one of my most important passwords.
He explained “I did that off the top of my head, having for the basic information in ten minutes without breaching any security measures.”
A criminal who meant business could easily have access to “brute force” software which allows at least 1,000 guesses at a password every SECOND.
Yet here I was offering up enough personal information about myself to allow a complete stranger to work out one of mine without so much as a pen and a piece of paper.
Anthony added: “I expect you’ve used combinations of your children’s names, pets and dates of birth for other online accounts, because that’s what most people do.”
In the days before social networking was so common that might not have been such a problem.
Bank in particular did – and often still do – ask for these seemingly innocent details in answer to security questions.
But now we are all so comfortable posting on the internet about what we get up to in our day-today lives, details like these easily slip out.
Never for a moment did I think the birthday cake picture would help fraudsters.
More information Anthony was quickly, and legally, able to glean included what my husband and I do for a living, where we live and even our hobbies.
Of course, Anthony was on my side. But others could be harvesting this information with frightening criminal intentions. Dr David Holmes is a criminal psychologist and expert in cyber crime.
He said “It’s human nature to over-share. There are things you want to tell the world about, such as how proud you are of your children, what you’re passionate about and how lovely the cake you made for your daughter look on her birthday. The internet allows you to do just that.
“But unfortunately that inbuilt drive to brag makes you very vulnerable to this new breed of criminals because you’re giving them facts about yourself that they can then use against you.
“I use social media myself but I’m incredibly careful – my golden rule is never to put any pieces of factual information on there.
“I might comment and offer my opinion but I never give away information based in fact because I just don’t know who might on to profit from it at my expense.”
David is absolutely right. The posts I left open to public view were the ones where I was bursting with pride.
One announced that my house was empty for the evening – my daughter was singing in a concert and I posted pictures live from the event that showed that the whole family had turned out.
I also revealed that her grandparents were there, which meant I unwittingly exposed them too.
I also mentioned the time my husband was away, leaving me at home alone. Needless to say this information has now been deleted. It is not just social networking sites that put our personal information at risk.
Anthony says: “If you leave feedback on the purchases you make online and comment on special interest forums you might still be at risk.
‘Cracking password is means of income’
“Very often you’ll give away your email address doing this and also your shopping habits and interests.
“Posts on charity fundraising sites might give away medial details if you’re raising money due to a family illness.
“This can all be very helpful to someone looking for more clues as to what your passwords might be. Or should they want to get in touch to gain sensitive information by emailing you supposedly about a subject that is close to your heart.
“You’d be amazed by how many people put pictures of items they’re selling on eBay without moving a pile of post out of the way that has their address clearly displayed on it.
“It might all sound convoluted but you have to remember that there are people out there who make cracking your password their means of income.
“They’ll happily spend hours nosing around cyberspace for clues to help them do that because of the payday that might result at the end of it if they do manage to access your bank account.”
Copyright The Sun.