DRJ Spring 2020

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 32, Issue 4

Full Contents Now Available!

Thursday, 07 July 2016 00:00

Thanks For Your Help

Written by  JIM SHARP

I know you! Not personally, of course, but take my word for it.

You don’t know me but I know you, and you’d be surprised (shocked, really) by just how well I know you.

We’ve never met and yet I know your name, your home address, where you work and how long you’ve worked there, where you used to work (and how long you worked there), your hobbies, your interests, where you go to church, even your birthday and your wedding anniversary. I know who your favorite sports teams are – along with your favorite players for each. I know what kind of car you currently drive, the make and model of your first car, and the kind of car you’d like to have. I even know all about your pets (those you have now, those from your past, and that one that was really special).

I know where you went to high school and college, your school mascots, your favorite teacher, and the sorority or fraternity to which you belonged. Your daily life is an open book to me: where you bank, where you shop for groceries, your favorite restaurants or bars (along with your favorite meals and drinks), where you shop on-line, the name of your hair stylist. I’ve got it all down, right down to your tattoos and piercings. Yes, all of them.

I know the names of your parents, their wedding anniversary, your dad’s middle name and your mom’s maiden name. Better still, what I know about your children and grandchildren should make you sit up and pay attention. I know their names, how old they are, their birthdays, where they go (or went) to school, and their extra-curricular activities. I know what colleges they are interested in, or if they’ve already graduated, I know when they graduated and what their major was. I even know what they look like, and in what hospital the younger ones were born.

Oh, I almost forgot! I know all about your military service: the branch in which you served, how long you were in, your rank when you separated or retired, your job while in uniform, and where you were stationed. I know about your vacations, too, the ones you take regularly and the special, once-in-a-lifetime ones.

So what, right? What’s the harm?

The “harm” is that I am equipped with the knowledge to answer those pesky security verification questions when I finally decide to log in as you and steal every penny you have to your name. Or maybe I’ll decide to log in as you at work, pretending to be you while I steal, alter, or just plain destroy your employer’s data or assets.

Getting your login information was easy. I looked up your employer on-line, checked out your company’s Website, and sent a quick email on the “contact us” page asking for some basic information. Once I received a reply – and its only good business to reply to a potential customer – I looked at the responder’s email address format and figured it was probably the same format company wide.

Know what? I was right! And once I had your login it was a fairly straight-forward matter of clicking through the security questions until I came to one I knew I could answer.

It didn’t take long.

I said I had forgotten my password (your password), so they were only too happy to help me create another one once they were sure I was really you. I should thank you for being so very generous with your personal information.
And the best part is I didn’t have to lift a finger to get it – any of it. You told me. You told me all of it, voluntarily. You gave me every little piece to your personal on-line puzzle, and all I had to do was sit down, turn on my computer, and read what you wrote. You wrote a lot!
Those automatic birthday reminders on social media? Very useful to someone like me, especially when you also post all about the year you graduated high school or college. That allowed me to figure out your exact date of birth. I found out all kinds of things about your parents from the anniversary notice that appeared in your local newspaper. Thank you for scanning and posting it, it made my work so much easier. That old photo from when you were in high school? You know, the one you posted for TBT with you and your friends packed into the car you had just bought with the money you had saved from your after school job? That told me what your first car was. And I learned plenty from the picture of you and your sorority sisters.

But I hit the information jackpot with your kids and grandkids! That picture you posted of you holding your newborn grandbaby, still in the hospital room, and introducing her to the whole world (including me) with her full name? Great stuff! Plus the GPS data from your phone was automatically embedded in the picture, so now I know at which hospital she was born. Keep it up! A child’s personal information is priceless to me because between now and the time he or she needs credit (when they buy their first car, get their first job, or apply for a student loan to go to college) I can do what I want with it. They’ll never know, and neither will you … at least until it’s too late.

Who bothers checking their child’s credit, right? Same goes for the photo of your son graduating kindergarten. Now I know his full name, where he goes to school, and even what he looks like! Hey, I’m just interested in data, but I’d be willing to bet that someone out there is “interested” in kids – and not in a good way. In fact, they’re interested in the very worst way and now they have that very same information. You really have to start being more careful.

Anyway, I guess I should be going now. Stealing your money, your data, or both is still hard work, but not nearly as hard as I thought it would be. Thanks for your help!


Sharp-JimJim Sharp, vice president and chief training officer with Aegis Emergency Management, is a 30-year veteran of the emergency response and emergency management professions and a highly-sought trainer and presenter. An experienced incident commander and emergency operations center manager, Sharp is a certified professional continuity practitioner and respiratory protection program manager for incidents involving weapons of mass destruction. Prior to starting his own firm in 2010, he spent the immediately previous 10 years with an Illinois jurisdiction working his way through the ranks (from officer through corporal, sergeant, and lieutenant) and holding positions as their emergency management agency's field training officer, public information officer, and assistant coordinator (equivalent to deputy chief). Sharp has trained literally thousands of people – civilians and first responders – on topics that include severe weather safety, continuity of operations, CERT, pandemic preparedness, incident command, the National Incident Management System, and many more.