issuhub.com

CEH

(Jeff_L) #1

Identity Theft 251


Although some sites are moving away from the practice, it is not

uncommon to run into websites that use standardized questions to assist

users in gaining access if they lose their password. Questions such as your

mother’s maiden name, the name of a childhood friend, your girlfriend’s

or boyfriend’s name, and others are often used. The problem is that this

information can be easily obtained using the footprinting techniques you

learned about earlier in this book.

To thwart attackers, websites have started to use passphrases and custom

questions to strengthen security. In the latter case, users can enter their

own questions along with the appropriate answers, making it possible to

use questions that can’t be easily answered by an attacker.

For example, in recent years Sarah Palin’s e-mail account was hacked, and Paris Hilton’s
personal accounts and cell phone were hacked and photos posted online. Technically, they
weren’t hacked in the technical sense of someone attacking the system and breaking in—
rather, they had security questions that could easily be researched from publicly available
sources. The answers were available to anyone who bothered to use Google. You may not
be a celebrity, but once your personal information is online, it’s not personal anymore.


Know What Information Is Available


If you have googled yourself, you’ve learned firsthand what is available about you online,
but you probably missed quite a bit. If you haven’t done so already, try googling yourself:
See what types of information are available, and note the level of detail that can be found.
Note whether any of the information gives clues about your background, passwords,
family, or anything else that can be used to build a picture of who you are.
Sites that may contain personal information include:


■ Spokeo


■ Facebook


■ Myspace


■ LinkedIn


■ Intellius


■ Zabasearch


■ People Search


■ Shodan


There are tools that reveal more about a victim or target than a Google search does.
Some companies mine, analyze, and sell this data for a few dollars without regard to
who may be requesting the information or how it may ultimately be used. By combining
information from multiple sources using social engineering and footprinting techniques,
you can paint a pretty good picture of an individual, up to and including where they live in
many cases.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.