[Discuss] Most common (or Most important) privacy leaks

[sweetser at alum.mit.edu (Doug)]

Say the thug Bob has a fidelity statement of Carl.  It says there is
$434,211.12 in Carl's account (this is certainly not my situation).  Bob is
going to keep Carl kidnapped for a week, so long as the money gets
transferred to Bob's island account.

Carl has been worried about this type of situation.  He has separate email
addresses.  carl at theworld.com is the real username in lastpass that goes to
all the sites and allows him to work.  carl27 at gmail.com is the address to a
bogus lastpass account.  It does have a username and a password.  The edit
page does appear to have a lot of stuff on it.  But it doesn't work.  Carl
swears at f---ing lastpass and fidelity.  It is a long password (he shows
it Bob), but it doesn't work.  There is a history of the passwords too, a
fake one, but still, Carl and Bob spend 20 minutes using the 6 passwords
without f---ing lastpass piece of crap software trying to get in, all to no
avail.

Bob says, go here:
https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/Resolve/Init

Last 4 digist of your SSN
First Name:
Last Name:
Date of Birth
Next

We've verified your identity

   - Look Up Your Username
   <https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/SetACI/Entry>

You will need to enter your current password.

*Note:* If you forgot your password, please contact a representative
at 800-544-0187.

All the passwords will not work.  You need to contact a representative.
With Bob on the phone, it would then depend on how stringent the policies
were to getting the login info.

> My money would be in Bob succeeding.  If Bob was experienced at this kind
> of thing, he might skip the computer and do the phone call first - get
> people involved, not computers.
>