Comment on Buying or Selling? An Investigation into Craigslist Scams by Eric Vanderburg.
Your name, address and phone number alone will not allow them to access your email or other accounts but it will give them more information on you that they can use to try to build an attack profile.
So what can you do, you ask? Well, first, make sure that you are using a secure password. A secure password consists of letters (both uppercase and lowercase), numbers and special characters (&, %, $ and so forth). It should also be sufficiently long. I like to use oddball pass phrases with special characters built in such as “FunkyMonkeyLikes2Save$$4Christmas”. Funky monkey likes to save money for Christmas.
Next, make sure that your password reset options do not use information that could be obtained by doing Internet or background research on you. For example, birthplace is easy to obtain so don’t put a city in like Lakewood. Instead, type something that you would remember when prompted with the question but something that would not be guessed. For example, instead of Lakewood, you might make your special question answer “The place with the cute boutiques”.
Third, keep an eye on your accounts. Report any suspicious activity on your bank or credit cards immediately.
I hope that helps. Let me know if you have other questions.
Eric Vanderburg Also Commented
I’m sorry to hear that. You can report Internet crimes here:
Internet Crime Complaint Center (FBI, NW3C and BJA partnership)
FTC online complaint form
Ohio Attorney General Consumer Complaints
Unfortunately, in many of these cases the money is not recovered.
Unfortunately, Craigslist and Western Union do not offer any recourse.
Buying or Selling? An Investigation into Craigslist Scams
You can report Internet crimes here:
Recent Comments by Eric Vanderburg
What else would you suggest?
Friday Fun – Which workspace do you prefer?
Well Bruce, you seem to be in the majority. It seems that the quad is a better setup than the 180 degree. Thanks for your feedback.
Risk Homeostasis and its impact on risk reduction
Thanks Henry. You can join our mailing list and receive updates via email if you wish. Here is the subscribe form. http://www.jurinnov.com/infosec-newsletter-signup-page
A Certified Lack of Confidence: The Threat of Rogue Certificate Authorities
Yes, I expect to see certificate exploits in 2013 as well.
iPad in the Enterprise: What is the Risk?
Set a password on the device and make sure it will erase all data if the password is entered incorrectly a set number of times. Encrypt the storage on it and create an administrative account that you use to lock it down and then operate with a standard account. Turn off location services and do not jailbreak your phone.