Not too long ago I was sitting in the executive lounge at the airport in Sydney waiting for a flight to Hong Kong. I decided to use the computer kiosk to print out the map to a restaurant some friends told me about. The printer was out of paper so I loaded it up and out popped about 5 sheets of paper, 2 were my directions and the other 3 were the banking and investment account information of a gentlemen we will call Peter, we’ll call him Peter because that’s his first name. The printout had his bank name, full account information including account number, his name, credit card account with about $14k balance and the last 5 transactions, an investment account with a $128k balance, and the date the accounts were open. Couple this information with some creative social engineering and credit card fraud or a bank transfer would not have been that difficult to execute.
For years now, the Security Community have been struggling to keep up with the rest of the Computer industry. Public key encryption algorithms were used to encrypt sensitive data and online transactions are ported to more secure channels. Security Specialists have been telling us again and again to remain vigilant when it comes to online transactions. Think about how many times you have been adviced to use strong passwords or to change them often. Yet most users are still clueless and often carelessly makes their private data vulnerable.
I agree with what the author of the above quoted blog entry said: users are, indeed, always the weakest link and we cannot assume they will do the right thing no matter how much we attempt to make them security aware.
I think this kind of users should, every now and then, be prompted by something like this:
It’s sad but it’s true that users these days tend to be careless with their own personal information. Remember, It won’t hurt to remember to be a little more careful.