Every time I speak to Rik Ferguson, I lose a little faith in the ability of ordinary people to survive in the digital world.
Rik, who is a security expert at TrendMicro, is a very nice guy, but he's incredibly knowledgeable about what's going on in the criminal cyberworld and he's more than happy to tell you about it. After listening to him for about 20 minutes, you begin to ask yourself: "Are people really that dumb?"
The answer seems to be "yes".
Rik this week told a group of journalists in Dubai about a "game" being played online. Tweets going around on the popular social network Twitter have been asking people to post their "porn star name" by combining the name of their first pet with their mother's maiden name.
You may think there are a number of problems with a game like this, but the one problem you're probably overlooking is that when banks set up security questions to protect online accounts, they often ask for the name of your first pet and your mother's maiden name.
"If you played the Twitter porn star name game, you gave away both answers to your security questions in a game in a public searchable format that can be tied to an e-mail address," Rik said. "How much more stupid can you be?"
No one has the official answer to that yet, but we're working on it.
Apparently there are a lot of "low-hanging fruit" out there like this for cybercrimals to pick.
Consider the "25 things about you" questionnaire that was popular on Facebook several months ago. Millions of people responded and provided private details that should have remained that way.
This type of information doesn't put just your bank account at risk, nor is it the biggest target for cybercriminals. That distinction belongs to your e-mail account, since it links you to all of your secured accounts and services. "If you can get access to someone's e-mail account, that is the biggest prize possible, because you can use that to reset any other service that person uses," Rik said.
You don't even have to be on a PC either. Cybercriminals long ago figured out that desktops and laptops aren't the only way you get online, so they are now looking at how to trick you into giving up information on your mobile phones and even your gaming consoles. Rik thinks over the next year we're going to see a huge spike in social engineered attacks on mobile platforms.
Rik isn't the only one beating the drum about this. The governments of both the US and China have recently announced major campaigns against this type of activity. China is now requiring all PCs to be shipped with a security program that will filter out pornography sites, among other things. China has a lot of reason for this - many of them political - but it also has some legitimate ones. Pornographers are often linked to cybercriminals who are trying to steal your information.
I'm not condoning China's new policy - far from it - because obviously the software does far more than filter porn, but if people are dumb enough to give away their personal information playing the Twitter pornstar name game, it certainly becomes more difficult to argue that the Chinese doesn't have at least one legitimate point.