I've always thought myself to be a little too overzealous in withholding info for fear of identity theft/fraud. But there seems to be more and more stories of data breaches/theft. Reading other forums, even seeing threads on identity theft and fraud where people can't place where their stolen info might have been obtained from by the thieves. It seems much worse now than it was even a couple of years ago.


maybe im getting a little pm33 about it all and reading too many bad bedtime stories. but whats everyones thoughts on freely providing info to anyone that asks for it because "required"? Have we reached a point where we need to ask first, what's your online security like? Or is that still conspiritard territory? Im not seeing any good reasons to go lax on being cagey when someone asks for said info.


Tax seasons always a winner for the scammers.

Stay cautious. I won't even use PEXA property settlement just because it went bad for someone once. I don't have phone banking or a google funds account. My bank even froze my account because I refused to speak to them when they called; took a while to fix it after I phoned them. Wife had $15 stolen from her account on our last holiday. It's definitely not just a conspiracy.

Never say never, but i actually regard banks as one of the safer businesses to provide info to. There are plenty of other smaller entities, and situations where people are expected to hand info over, and its then on the good graces of said companies to look after the stored info appropriately. For example, applying for a rental. A real estate agent will require personal id and store it electronically. But i doubt their online security is going to be anywhere near the level of a bank.

It's all good taking extra care and looking out for scams/data harvesters. Most people today have a fair idea what to look out for. But it seems there are also now problems coming about from data sharing/online security breaches. One of the more recent ATO ones, the ATO being the primary scammee, scammers/hackers make false tax return adjustments by creating a new my gov/ATO profile using someones stolen data.

Subsonic said..
I've always thought myself to be a little too overzealous in withholding info for fear of identity theft/fraud. But there seems to be more and more stories of data breaches/theft. Reading other forums, even seeing threads on identity theft and fraud where people can't place where their stolen info might have been obtained from by the thieves. It seems much worse now than it was even a couple of years ago.


maybe im getting a little pm33 about it all and reading too many bad bedtime stories. but whats everyones thoughts on freely providing info to anyone that asks for it because "required"? Have we reached a point where we need to ask first, what's your online security like? Or is that still conspiritard territory? Im not seeing any good reasons to go lax on being cagey when someone asks for said info.


Tax seasons always a winner for the scammers.

These are very good points, very well made Subsonic.

I have some extremly interesting facts and opinions that I know you are going to find both fascinating and very useful.

I think it would be very advantageous if I sent them to you directly first, before they became more widely known on the forums.

If you could send me your email address, plus confirmation you really are Subsonic - so proof of your date of birth, street address and the three numbers on the reverse of your credit card, then I'll have somewhere to send them and be able to trust you to receive them. Just drop the details in a PM on this forum and I'll be sure to get them.

Warmest regards

PS:

Are you by chance a Nigerian Prince?

FormulaNova said..

Subsonic said..

maybe im getting a little pm33 about it all and reading too many bad bedtime stories. but whats everyones thoughts on freely providing info to anyone that asks for it because "required"? Have we reached a point where we need to ask first, what's your online security like? Or is that still conspiritard territory? Im not seeing any good reasons to go lax on being cagey when someone asks for said info.


Tax seasons always a winner for the scammers.

I used to work in IT security and one of the things that really bugs me is the 'can you confirm your full name and date of birth' spiel that lots of places use.

It is terrible security. They generally don't mean 'confirm', they want you to tell them what they are, which is fine if they are who they say who they are, but if its a clever scammer, say 'Raj from Westpac', then you have just given them enough info so that they can then pretend to be you.

I even objected to this from the ATO once and the best they could do was tell me to ring the ATO switchboard and ask if 'whatever his name was' worked there. This is also terrible security. A clever scammer could have figured out there was a "Mike Smith" at the ATO and just told me that was his name, as there was no way to make sure the person you spoke to was that person.

I had to give credit to one place recently though, as after I explained that I don't give out these details to unknown people on the phone, they gave me part of my birthdate and I gave another part. It provides some measure that the person calling you at least knows something about you.

For those that don't know, caller-line ID is almost no protection from the person calling you being somebody else. Voice over IP phone calls and their use have allowed people to s**** incorrect info, (edit: Haha, apparently sp00f is not an allowed word, although a commonly used word in IT...) so the person that is calling you with "ATO" coming up on your caller-line ID, may or may not actually be from the ATO.

I think Telcos are finally trying to stop this, but I think they are doing it begrudgingly.

Also, lots of these hacks seem to be relying on the scammer getting your phone number assigned to them so that they can then bypass two-factor authentication or the target can call "you" up on that number. The problem with this is that mobile number portability was implemented in 2000 and there are fines if a losing Telco does not port out your number with a certain timeframe. As a result, sometimes the person on the phone at the Telco doesn't ask for what they really should ask for, or the scammer has gotten what he needs in other ways, such as calling you and asking 'you to confirm your...'.

The phone number is then ported to the scammer, the scammer then calls your bank saying they lost your password and no longer have access to that email address, and with enough info, they can become 'you'.

There is a lot of work that needs to be done on this stuff, but the government needs to force the issue as a lot of places only do what they have to to meet requirements. But if the people in the government are also retards, then it can fail or worse become a huge project that never meets its objectives or gets finished.

What I would recommend to people is to use a different DoB for services that you use that have no real reason to know your DoB, and don't advertise it on things like Facebook.

As for asking places what their online security is like.. they won't know, and will no doubt tell you it is fine, because they think it is or their management does.

Australia has rules on where some sorts of information can be stored, but there will be an awful lot of information that can also be stored in places that may not be as secure, and that may well be enough to allow identity fraud to happen.

Keep in mind that ALL these places that have been hacked have clearly never expected it and would have insisted that they have 'industry standard' security.

I hope you read all that. Just post your DoB after this so that i can verify your machine had the virus.

Thanks for the insight formula.


one thing i've always wondered (and by the sounds, maybe you know the answer) when a ph nom gets sp00fed, how does tge nom stay active for the actual "owner"? I know people who've had there nom sp00fed, and there nom still stayed active, they could still be called on it, and they could still call people from it etc. I would've thought that once ported, that they would essentially have lost the nom?

Just on this topic, a friend was telling me about people losing huge sums on conveyancing of houses.

These days, every conveyancer/lawyer should be using some sort of system where you verify their bank account details for deposits/transfers. Not just email. Generally not even email due to security issues. I know that the last one I used you had to get onto their website and then access something to show you their bank account details.

What has been happening is that scammers have been sending fake invoices to buyers of houses and submitting their bank account details instead of the conveyancer or lawyers trust acccount. People then transfer the money to that account and it then generally gets transferred somewhere else so that the banks cannot retrieve it when they discover the fraud.

If you ever see these sort of emails and are unsure, phone the conveyancer or lawyer and confirm the info before transferring anything.

Banks do seem to be getting across this too. I had to transfer a deposit and wanted to use an international money transfer. I think the transfer was the only easy way to transfer the money to the seller's trust fund. Despite my insistence that I knew what I was doing, the bank manager insisted on calling my conveyancer and checking the details themselves. I guess they have had a few scams going through by the sound of this. I think part of the issue was that I was funding it myself instead of a bank, as its more likely that an individual would be scammed than a bank.

As to how the emails get intercepted, I am not sure. They could have been intercepted using some sort of program on the user's machine or otherwise. Don't trust email for something important. Call them to check.

I studied network engineering because i was into hacking etc etc started with phonebox phreaking beige boxes orange boxes etc etc ended up with ln2 cooled folding at home on yellowdogged ps3fatboys
Then i got into game design and quit computers all together and decided instead of stunt kiteing and wakeskateing id get started into kitesurfing in early 2000s

Given my background (used to use credit card generators from age of like 12) i always knew it was completely insane to use your real information online.

Instead if it was REQUIRED then id just use a simularish name simularish details etc etc

Ive always used many many multiple emails ive always used kept and maintained a network of simcards purchased abroad pre passport / id registering them and subsequently i have multiple networks of emails phones g0vlog1ns etc etc

Its like they were TEACHING me to commit fraud one baby step at a time

Then came a period of time where boomers started useing facebook and facebook started requireing real names etc etc so i would have to modify in photo shop (cheers game design courses) so i ended up with a slew of id cards with people called stuff like funky fraggle etc etc obviously takeing the piss

But progressively overtime that would get reported by boomers for not being my real name facebook would ask to prove it and then (as if they were teaching me) id have to create a more likely one.

Now.... do you have any idea how many nguyens or zhaos or zhangs theyre are? Or muhummads??? Its like theyre teaching us to just jump on the jon smith train keep your data roughly accurate your details skewed and essentially as long as you dont do something silly like transfer one account to a new phone etc therefor linking your old accounts your pretty much untouchable.

Essentially what i have is a series of phones and tablets that inevitably got too slow to run modern apps etc and were turned into ip cameras or tracking devices but they kept theyre original fake details. These come in handy if for example my current phone was to become banned from a watersports forum as long as the ips s****ed the mac address is already different cause its a different physical device your pretty much unbanable.

Again if you were there from the begining with every incremental change in security its like theyre pushing you down a tunnell to make a work around.

If you want security learn to linux and obviously dont use any real details.

If you want **** for free (as all data always has been and will be) use linux and obviously dont use any real details

Case in point torrented the new deadpool movie pre release ( it helps to know a little russian )

The internet never has and never will be safe i dont see any reason why i couldnt skyshark into a stockmarket trade at a "server border line" and input something else then have the new data continue as it were. Any sort of delay in the network of information kinda leaves you a small window to attack and with ai and apps etc this will become suuuuuuch a huge common problem one day

Ukraine has always had a strong hacking background and altho everyones kinda busy with all the drone killing videos etc etc you should really look up some of theyre antics on russia at the moment and whatever hacking can happen at war i believe much easier if was just a small team preferably of alternative roller skaters working on something outside of war.

Your white black grey hat etc etc is really just who is at which end of getting the money and always has been. Your only hearing of the data leeks when the pricks dont pay because they dont actually give a **** about your data. So if nab or combank has a data leak just know they were given an opportunity to USUALLY employ the hacker to fix or negate the hole and more importantly they simply dont give 2 ****s about your data

Me personally i hope with enough data breaches on job application data and rental application data we will have a system set up so we dont have to give those assholes our private data just for job application or rental application. Sure maybe we can give after we are somewhat successfull but i find being forced to give all this data is bull**** when big chances they dont even look at it they just store and keep the data for themselves or to sell



Just to further my theory that they are simply training us... watch what happens when they implement new RULES for us to get around.... it goes dark .. no more .....attacks... i mean... we gotto follow the

RED CROSS RULES OF ENGAGEMENT

keep that in mind next time your donateing to red cross btw

Eight hundred Russian websites, including Roscosmos, were attacked by the IT Army, from June 27 to July 10. They posted congratulatory messages to Ukrainian Constitution Day on those websites. Besides that, distributed denial of service attacks carried out by the IT army has crippled Russian ability to work on some CRM systems for extended periods.[

18]Ministry of Digital Transformation reported about cyberattacks on over 6000 of Russian web resource in the period from February 26 to July 30.[

19]In September 2022 the group had reportedly collaborated with Anonymous to commit cyberattack against Yandex Taxi's systems, causing a traffic jam in Moscow

.[20]The group claimed to have hacked the website of Wagner group and stolen its personal data. On the defaced website, photos of dead soldiers were shown

.[21]On Oct 7th 2022, the IT Army hacked the website of the Collective Security Treaty Organization (CSTO), through which they congratulated the Russian president on his birthday.[

22]In October 2023 they said they would abide by International Committee of the Red Cross rules of engagement for civilian hackers even if it put them at a disadvantage.

[23]......

Anyways fun fun shame i dont own a computer i do miss photoshopping memes