Why Crooks LOVE Facebook and Twitter 7

Posted by JD 05/15/2011 at 18:00

Almost everyone likes Facebook and Twitter. We reconnect with our friends, they connect with us. People we don’t even know want to know us – that’s pretty cool, until it isn’t.

This will be old news for some folks. Keep reading … Here’s a story about someone named Wigginbottom who tweeted just a few too many details.

Going on a Trip

Some tweets …


Wiggy107: Amped tor South America trip to fire up Colombian sales force! Landing Tues 5/12 around 4:10pm

Wiggy107: Airport time Z reading time. Briefcase locked & loaded w/ Q4 projections and R&D reports. Then Tetris!

Wiggy107: Did I leave front door unlocked? Will find out when l’m back next week LOL! Preboarding 1st class now!

Wiggy107: Wheels down! Bogota airport kinda sketchy. Hooray, admin musta remembered car service ~ driver has sign for Wiggy107!

Wiggy107: NO SE PREOCUPEN, TODO ESTA BIEN. POR FA\/OR ENVIEN MUCHO %$$$ A ESTA OEICINA DE LA WESTERN UN|ON..,
Transation: DO NOT WORRY, EVERYTHING IS OKAY. PLEASE SEND A LOT OF $$$$ TO THIS WESTERN UNION OFFICE

So some bad guys saw that our hero was going on a trip and decided to take advantage of the situation. Sure, he was in a foreign country, but this could have happened on your way to the grocery store near your home. With your name and your friends, it is pretty easy to find where you live for anyone.

Tweeting : Headed to Safeway to grab some snacks and beer tells lots of people interesting information. Saying that you’re going on a flight gives them hours to plan.

Back Home

Here’s what Mr. Wigginbottom tweeted when he got back home:


Wiggy107: Good thing my company had some kidnap & ransom insurance set up or I would have never made it out of Colombia alive.

Wiggy107: Thanks to the Crisis management team too for getting me out.

Wiggy107: and yes I did leave my front door unlocked even thou the alarm was turned on and the front gate was locked. Good I am in a gated community.

Wiggy107: Good thing I’am not going to Colombia!! woohoo

Clearly this Guy was NOT Thinking About Security

Moral – Be careful what you share online. Little pieces of data don’t seem important until you put them all together. If I worked for the same company he does/did and ever get sent to Columbia, I will demand armed guards, if I’m even willing to go. I definitely won’t be tweeting about it.

A friend working for the same company I did visited Columbia around 2005. He had armed guards the entire time he was in-country. I don’t think is it that bad anymore, but anyplace can be bad, even your neighborhood.

That last group of tweets provides more information. I wonder how many times his home has been robbed since? I’m sorta surprised that his home wasn’t robbed that same trip after he told everyone he was getting on a plane to a foreign country.

What sort of tweets do you post?
Do your friends think they shouldn’t share information about you? If you tweet a bunch, they will probably feel like tweeting a bunch about you. Is that really what you want?

Good News About Our Hero

I just visited his twitter page and he is significantly less open these days. Last tweet was 9/2010, but he still said that he was out of town and provided a location. It would be great to get his take on the experience and learn directly from him what he learned. Here’s something that he learned:

Just because someone holds up a sign with your name on it at the airport does not mean they are always friendly.
- Wiggy107
Harold Wigginbottom
6:48 PM May 23rd, 2009 via web

Previously …

A few years ago, I did some overseas travel and posted daily reports to this blog with what day it was, where I as visiting, who I saw and sometimes plans for the following day. Thinking back, this probably wasn’t the smartest thing I’ve done.

I even posted photos for my friends and family to check out, but anyone could have seen those too. Some folks followed my trip closely, based on emails. It was fun for them AND me. I suspect if I’d been using Twitter or Facebook, then even more people would have followed along. More people would have had photos of me and my friends which would help identify us to bad people. That’s handy if you want to rob or kidnap someone, I guess.

My home could have been robbed when I came home. I wasn’t too bright. Since then, I’ve pulled most photos from the web and only share them with family – carefully. When I go on trips, my blog still gets a few posts published … just like normal, about normal things, even if I’m not here and don’t have an internet connection. I don’t say anything about the trip(s) until I’m back home. I hope the people who I travel with do the same.

Corporate Data Loss

Besides our hero being kidnapped, his blackberry was not under his control.

  • What data did that device have access to back in the company.
  • Just email or did it have access to internal systems too?
  • What files were stored on it? Where they encrypted?
  • Mergers, HR documents, sales figures, every contact in the company?
  • His bank and/or broker login credentials?
  • Did IT remotely wipe his blackberry immediately? The answer was probably no. I suspect that device didn’t come home with him.
  • Did he stay and accomplish the goals for his business trip? Probably not.

What would your company do about this, in a similar situation?
Do you have a policy?
Does trip insurance always get purchased?
Can the company be sued?

Lots of questions.

Twitter, Facebook and FourSquare AND Teens

If you have teens or college aged kids, it is worth having a talk with them about online security and privacy, just like you had the talk about sex. It could save their lives. If you are in a high position in a company, this is really important, but anyone with kids who may travel should be aware too.

“Seems some other people finally got this message:”https://www.howtogeek.com/723834/6-things-you-should-never-share-on-facebook-and-social-media/ 6 Things You Should Never Share on Facebook and Social Media May 2021

Trackbacks

Use the following link to trackback from your own site:
https://blog.jdpfu.com/trackbacks?article_id=1101

  1. JD 05/16/2011 at 08:37

    Social Stupidity- am I too social to be saved?

  2. JD 05/20/2011 at 16:55

    Today I heard about an issue with facebook authentication. Seems those external apps end up with a token that never expires and may be shared with referral websites. That could mean that anyone on those 4th party websites could access your facebook account as you, if I’m understanding this correctly.

    Spin-Team

    As usual, the Facebook spin-team is saying they haven’t seen any of this behavior, but I wonder whether these folks would bother looking either.

    The Fix? Simple.

    If I can’t convince you to stop all Facebook use, except local and things that you want to be public, then you should at least reset your FB password. This will use new Oauth2 code that the FB team has already deployed. All better.

    Reference

  3. JD 05/22/2011 at 09:04

    When you tweet your current location, you are telling others where you are NOT. If you live in Virginia and tweet, “Loving Hollywood, doing Disneyland tomorrow.” – you’ve just told lots of folks you’re on the other side of the country and your house back in VA is empty. Good for crooks and do your friends really need to know right now what you’re doing?

  4. JD 05/25/2011 at 12:09

    There’s a tool that helps anyone follow based on your tweets and foursquare use called Creepy.

    It works under

    • Ubuntu 10.10 or later
    • MS-Windows

    Enjoy.

    Imagine a stalker likes to follow, literally. Now it is easy.

  5. JD 12/20/2011 at 15:44

    Lady Gaga offers all her followers a free iPad and they are all hacked. Pretty sweet deal!

    • Bonehead passwords don’t work.
    • If something sounds too good to be true, it is 99.999% of the time.
    • Clicking on links that redirect to strange websites is dangerous.
    • Social networks aren’t any safer than other websites. Use, if you must, with caution.
  6. JD 02/16/2012 at 15:28

    Geotagging photos of you and your kids is smart, when you keep those photos private. But it is pretty stupid when you post them online.

    I’m not a fan of posting any photos online with people in them. Posting photos of interesting objects or places online with geotags after a trip is probably fine too, unless you travel in a predictable way. When you post a photo with a person online with a location, or better, geotagged, anyone can see and look up:

    • date – time of day
    • location
    • ZIP code
    • relative affluence
    • race
    • approximate age
    • possibly a name (do your friends tag photos with names?)

    With this information, someone could plan harm against the photo subject. Having your kids playing in a local park would be really scary.

    Can you say kidnapping and randsom?

    Obviously, this is a little sensational, but if I’m forced to remove my shoes and submit to all sorts of indecent security at airports, because everyone is afraid, the shouldn’t normal people fear online photos too, regardless of how small the risk is? It could happen.

  7. JD 02/20/2012 at 15:35

    Add G+ to that list of services that crooks love.

    This is a little old – Oct 2011, but
    Google Upper Management doesn’t use Google+ , at least not for public posts.

    If Google management doesn’t use G+, why should you?
    Why don’t they?