COLUMN

Three minutes to ID theft

By Anne Saita 28 Mar 2005 | SearchSecurity.com Digg This!     StumbleUpon     Del.icio.us

"Break a leg" is a well-worn good-luck term extended to actors on the eve of a play's opening. But if a new survey on ID theft is any indication, "break a life" might be more apt tidings for those sitting in the audience.

This year Infosecurity Europe took to London's theater district to ask people about their theater-going habits and attitudes. In exchange for answering some questions, they'd be entered into a drawing for tickets to an upcoming show. At the end of all the three-minute surveys, the trade show employees had enough personal information from 92% of the 200 interviewed to steal their identities. Some even divulged their private data after becoming aware the information could be used to drain online bank accounts.

"The results of the survey are disturbing, to say the least," noted Detective Inspector Chris Simpson, who heads Scotland Yard's Computer Crime Unit, in a statement issued

Sound off! Share your thoughts on the survey. Are U.S. users as gullible? Click on the link at the top of the page.

last week. "However, they do highlight the need to raise public awareness of identity theft: what it actually means, how it can happen and the potential consequences."

Would people in the United States fall for such a trick? No doubt awareness that thieves can steal online identities has grown in recent months with the widely publicized security breaches at ChoicePoint and Lexis-Nexis, which together have left some 175,000 consumers at risk. Various college campuses across the country also have been compromised. Bank of America's in trouble, too, for losing unencrypted computer disks containing credit card information for 1.2 million federal employees.

Those incidents have put a lot of political pressure on the custodians of that information, prompting last week's new rulings that will require thousands of financial institutions to tell customers of any serious breach that puts their identities at risk. Those companies also now must turn over details to law enforcement and one of four regulatory agencies included in the laws, including the Federal Deposit Insurance Corp. under which most banks fall. The Federal Reserve, Office of the Comptroller of the Currency and Office of Thrift Supervision round out the list.

But that addresses only half the problem with the ID theft epidemic. Both consumers and enterprises should view this latest survey as a wake-up call that attacks need

Read more details on the study Security no match for theater lovers An annual social engineering survey is a real show stopper -- an overwhelming number of people gave up confidential info within minutes. At least last year they got a chocolate egg.

not be sophisticated to work. Security professionals should place more emphasis on security awareness programs and incorporate harsher penalties for significant or repeat offenders. In other words, focus more attention on the people side of security.

As the London theater experiment clearly shows, thieves need not use malware to snatch secret information within computing systems. All they need is a mouth.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary