|
you have to understand that "they really ARE out to get you."
Why would someone target the OP? Because it wouldn't be out of their way. There are quite literally tens of thousands of people trolling the internet right now looking for information that they can use fraudulently in order to make some cash. The make a business out of it, and they make bank with it too. That's one of the many reasons why more malware was created in 2010 alone than was ever created beforehand.
Now, in the world of computer security we are very aware of WHY such individuals commit the cybercrimes they do, but you were curious as to how...
Well, first we narrow the field to high school earth science/bio teachers in VA named Alec. I have a location, an occupation, and a first name that is less common than many others, and this narrows down the possible targets quite effectively. Then I take that picture he posted and start trolling social networking sites using the info I have already, find Alec's profile, and start lining up the pieces. Even if Alec hasn't posted his SS# somewhere, it's probably on his license, attached to all of his employment and schooling records, and generally available to anyone with skill and half an hour to kill.
Now I have his SS#, a full profile of his likes and dislikes, and a location for where he lives and where he works. It's off to the races now as I open lines of credit in his name and buy things that he might actually buy so that no alarm bells are immediately raised. (This is much easier around Christmas time since it's even less unusual.) I use the credit for a very short amount of time to acquire resellable goods and then I abandon the whole thing and leave Alec with the bill. Eventually he'll find out what happened, file a fraud report, and have the charges and credit lines removed from his account, but statistically speaking I will feel no consequences due to my actions, because there are simply too many credit and internet frauds happening today to investigate properly.
(In case you're curious, I've watched this happen in demonstration during a fraud lecture.)
My case was much simpler. I didn't post any information online. My information was stolen by a work-study student in the registrar's office at my college, and then used by a network of these thieves. But while my information wasn't stolen directly from an online messageboard, my personal experience only serves to illustrate the fact that information security is NOT properly handled. Even in the military and the medical field, two places with comparatively advanced security, breaches happen.
The moral of the story? "They" are out there, and "they" really are out to get you. It's not personal, it's just business. The trick to avoid being targeted is to avoid making it easy for them. The whole business model depends on "low hanging fruit," and you can avoid giving them that by keeping your personal information off of publicly accessible websites.
|