« How is security affected by the credit crunch - Post 3 (of many) | Main | Facebook Scam (aka Social Phishing) »

What have Sarkozy, Clarkson and Palin got in common?

For clarification, I should mention that I mean Nicolas Sarkozy, Jeremy Clarkson, and Sarah Palin, but the question remains what have they got in common?

The answer is they have all had high profile identity theft issues in the past 6 months.

Now granted, Jeremy Clarkson (a British TV presenter and Journalist) deserved it. He deliberately published in a UK national newspaper personal information to prove that the whole identity theft problem was overhyped.

Having briefly met Clarkson, a man who in the two minutes I chatted to him used more swear words than I normally use in a year, I can only imagine that his wife had to put her hands over her childrens ears when he found out someone had used the information he published to transfer £500 from his bank account to a charity, proving how dumb he had been.

Sarah Palin had her Yahoo email account compromised. This was more a cantakerous prank than malicious fraud but it proved how easy it can be if you know some information about the cardholder. The fraudster got in by guessing correctly (or more accurately researching Sarah Palin on Wikipedia and Google) the password reset questions.

And finally Sarkozy. A man who I can only presume given his position as President of one of the leading world economies is an intelligent man, fell for a phishing scam.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117548&source=rss_topic17

Each one of these could have been prevented with some form of stronger authentication:

1) Clarkson: With stronger authentication the reader would not have been able to transfer money.

2) Palin: Password reset functionality would not result in a compromise if the account was protected by some kind of token.

3) Sarkozy: If his account had been protected by Stronger Authentication, even if he had responded to a phishing email, it would be unlikley (but not impossible) for the fraudster to have completed a real time attack.

There are some positives to take out of this:

1) The general consumer becomes more wary of publishing data or phishing

2) The more these things happen, the more likely we will adopt stronger authentication technologies to help protect online accounts. This is not just because a high profile person such as Sarkozy says so, more that the general population will demand better security the more they realise they are under threat.

3) Jeremy Clarkson got scammed for £500.

I know the last one sounds a but malicious but I really didn't like him when I met him...

Posted by Mike Davies on October 22, 2008 8:24 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)