Recently Joshua R. Duclos, of Florence, Massachusetts was convicted of hacking into the email account and modeling website account of photographer Megan E. LaBonte. After hacking into the accounts, Duclos sent emails to women that appeared to come from LaBonte in which he posed as LaBonte and told the women that he, posing as LaBonte, was interested in doing paid modeling photo shoots of the women, but first needed some nude photos of the women for assessment before they could be hired. Several women complied and sent Duclos the photos thinking that they were sending the nude photos to LaBonte.
Duclos, who is not a sophisticated hacker was able to take control of LaBonte’s email account and account at ModelMayhem.com, a modeling website by merely answering her security question, which was the name of her favorite artist, which anyone who knew LaBonte or even followed her on social media would know her favorite artist is Freda Kahlo.
This case is another example of the ease by which accounts can be taken over by merely knowing or guessing the answer to a security question. The answers to security questions such as mother’s maiden name, where you went to high school, favorite sport team and other commonly used security questions can, in many instances be readily found online either at various sources of public information or even unwittingly disclosed by the intended victim on his or her Facebook page or other social media. A good way to avoid this problem is to set a nonsensical answer to your security question. For example, if you use a security question of, “what is my favorite color,” make the answer “apple.” This is so illogical, no one will be able to guess it, but it is silly enough for you to remember.