What's your racing horse name?
I was down in London this week delivering a presentation on Cyber Security and was asked to do a bit about Social Engineering. If you’re not sure what social engineering is, it is when someone tries to trick you in to revealing some information about yourself. This can be done in various different ways and one of the most common would be the phishing email.
However, there are lots of other ways that we accidentally leak information about ourselves in everyday life, from conversations to the things we post online.
During the conference I struck up a conversation with one of the attendees. We had a chat about where he was from and the schools he went to. We also talked about horse racing and the fact that horses always seem to have strange names. Then I played a game with him, telling him that his racing horse name was made up from his first pet’s name, the last thing he ate and his mother’s maiden name. He was amused and told me what his name would be. After the conversation he gave me his business card.
It wasn’t until during the presentation when I was talking about the types of security questions that we answer to reset passwords or get asked at the bank, that he realised what I had done. In a five minute conversation I had managed to potentially find out the answers to three of his security questions. And if that was not enough, I now also had his email address.
This gentleman isn’t unique. We all give away these answers all the time!
Think about how many people that you know who have the school they attended on their Facebook or Linkedin profiles. You might even be friends on Facebook with some cousins, aunts or uncles who still use your mother’s maiden name. It might even be on your mum’s Facebook profile.
What’s the lesson here?
Think about how you answer these questions when asked by your bank or website. You are under no obligation to tell the truth, as long as you remember how you originally answered the question. When I phone my bank and they ask for my mother’s maiden name they always sound surprised but it matches with what they have on my record.
If you have any questions or enquiries about cyber security contact us on [email protected]
Written on 10 January 2018