Or is it really phishing when the victim first broadcasts his bank
BTop Gear presenter Jeremy Clarkson has admitted he was wrong to brand the
scandal of lost CDs containing the personal data of millions of Britons a
“storm in a teacup” after falling victim to an internet scam.
The outspoken star printed his bank details in a newspaper to try and
make the point that his money would be safe and that the spectre of
identity theft was a sham.
He also gave instructions on how to find his address on the electoral
roll and details about the car he drives.
However, in a rare moment of humility Clarkson has now revealed the
stunt backfired and his details were used to set up a £500 direct debit
payable from his account to the British Diabetic Association.
The charity is one of many organisations that do not need a signature to set up a direct debit.
They didn’t see it coming, because they were looking the other way:
Speaking of wildfires, my book of the day is Under a Flaming Sky: The
Great Hinckley Firestorm of 1894. It is the sharply written story of a
how a Minnesota town of 1,200 was devastated by a catastrophic firestorm
that came raging out of the nearby woods with tornado-class winds and
a 300-foot wall of fire, killing 436 people.
…jet travel is safe enough that when someone suffers form fear of
flying, he is asked to seek treatment. Flight attendants don’t grab the
microphone and say, "We have someone on board who is afraid to fly. This
means we are all in great danger." Yet in regard to terrorism, the most
frightened voters are being allowed to dictate security policy. Unless
you are personally anxious, you are considered unrealistic in the face
of the terrorist threat, and politicians feel forced to be "strong on
security," meaning that they must appeal to fear rather than to courage,
patience, and trust. Therefore, it is up to each individual to nurture
those qualities at home and spread their influence to others. Security
is a quality of consciousness and always has been. Now is the time when
personal security needs to come forward to counter mass insecurity.
Since identity thieves are making many people worried
about losing control of their identities, of course
somebody has found a way to cash in on all that free publicity:
By now you’ve heard the stories about Americans whose identities have
been stolen. They’re not pretty…people working for hundreds of hours
over many years to get their lives back in order, kids not getting student loans because someone has already ruined their credit, people losing homes because thieves placed mortgages they never knew existed,
even innocent individuals ending up in jail.
LifeLock can keep this from happening to you and we guarantee our service up to $1,000,000.
I seem to recall reading that the typical identity theft is only
worth $1,000, but nevermind that.
Look who recommends it:
You’ve heard Rush Limbaugh, Paul Harvey, Dr. Laura, Sean Hannity, Howard Stern, Dr. Joy and others endorse us.
Well! None of those people would ever sell pure fear, would they?
I have to give them credit for honesty, though: LifeLock admits right out
that the main four preventive things they do you could do for yourself.
Beyond that, the main substance they seem to offer is essentially
an insurance package:
If your Identity is stolen while you are our client, we’re going to
do whatever it takes to recover your good name. If you need lawyers,
we’re going to hire the best we can find. If you need investigators,
accountants, case managers, whatever, they’re yours. If you lose money
as a result of the theft, we’re going to give it back to you.
For $110/year or $10/month, is such an insurance policy overpriced,
underpriced, or what?
The term "Outrage" suggests that risk cannot or should not be discussed
in a rational manner.
What I think Sandman is getting at is that often risk isn’t
discussed in a rational manner, because managers’ (and security people’s)
egos, fears, ambitions, etc. get in the way.
In a perfect Platonic world perhaps things wouldn’t be that way,
but in this one, people don’t operate by reason alone, even when
they think they are doing so.
Outrage x Hazard may be a means to express risk within the context of the organization, but I like probability of loss event x probable magnitude of loss better for quantitative analysis.
Indeed, quantitative analysis is good.
However, once you’ve got that analysis, you still have to sell it to management. And there’s the rub: that last part is going to require dealing with emotion.
There’s a bit of comment discussion going on in
Metricon Slides, and Viewed as PR
about counting vs. selling, in which the major point of agreement
seems to be that even at a metrics conference there weren’t a lot
of metrics presented that were strategic and business-like.
Let’s assume for a moment that we have such metrics, and listen to
Peter Sandman, whose website motto is Risk = Hazard + Outrage:
Sometimes, of course, senior management is as determined as you are to
take safety seriously. And sometimes when it’s not, its reservations
are sound: The risk is smaller than you’re claiming, or the evidence
is weak, or the precautions are untested or too expensive. But what’s
going on when a senior manager nixes your risk reduction recommendation
even though you can prove that it’s cost-effective, a good business
decision? Assume the boss isn’t too stupid to get it. If the evidence
clearly supports the precautions you’re urging, and the boss isn’t
dumb, why might the boss nonetheless have trouble assessing the evidence
As a rule, when smart people act stupid, something emotional is usually
getting in the way. I use the term “outrage” for the various
emotion-laden factors that influence how we see risk. Whether or not
a risk is actually dangerous, for example, we are all likely to react
strongly if the risk is unfamiliar and unfair, and if the people behind it
are untrustworthy and unresponsive. Factors like these, not the technical
risk data, pretty much determine our response. Risk perception researchers
can list the “outrage factors” that make people get upset about a
risk even if it’s not very serious.
That doesn’t stop governmental entities from using them
even in the grossest cases:
Sec. 5. For those persons whose property and interests in property are
blocked pursuant to this order who might have a constitutional presence
in the United States, I find that, because of the ability to transfer
funds or other assets instantaneously, prior notice to such persons of
measures to be taken pursuant to this order would render these measures
ineffectual. I therefore determine that for these measures to be effective
in addressing the national emergency declared in Executive Order 13303
and expanded in Executive Order 13315, there need be no prior notice of
a listing or determination made pursuant to section 1(a) of this order.
Sec. 8. This order is not intended to, and does not, create any right, benefit, or privilege, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, instrumentalities, or entities, its officers or employees, or any other person.
If people know about security breaches, maybe there’s incentive for
the companies whose customers they are or the governments whose
constituents they are to do something about them,
so this is good news:
New Hampshire, one of a handful of U.S. states that require breaches
involving personal information to be reported to the state as well as
to affected individuals, has made at least some breach notices it has
received available on the net.
Sometimes a politician says something so sensible you wonder why everbody
doesn’t say it:
There are lots of threats to you in the world. There’s the threat of a
heart attack for genetic reasons. You can’t sit there and worry about
everything. Get a life.
You have a much greater danger of being hit by lightning than being
struck by a terrorist.
In terms of what you as individual on the streets should worry about
is not whether the person sitting next to you on the subway is a
terrorist. The likelihood of that is so small it is not something you
should worry about.
The outlet that originally quoted Bloomberg, wcbstv.com,
quotes several people
as saying terrorism is a big threat.
However, it also points out that New York City is the safest city in America,
with violent crime in general low and decreasing.
Maybe if that TV station and others reported that more often, instead of
constant, irrational fear,
more people would understand what Bloomberg is saying.