Do these questions look familiar:

What was the name of your high school?
What was your high school mascot?
What is your favorite color?
Where were you born?
Whats your favorite sports team?

If you have a MySpace profile, a Xanga account, even an e-mail address in some cases, you probably recognize these as questions from surveys you may have received. Now how a look at this:

Those are the security question options from a major financial website. The similarity of the questions to common survey questions is alarming to me. If its not already happening, I’m sure its only a matter of time before some unsavory phisher and/or scam artist hops on MySpace (or any other social network), creates an account, and begins collecting friends and sending out surveys. In a matter of hours, the scammer would have information good enough for authentication about many of the “friends”.

It seems as though social networking can easily cross the line into social engineering. Sure people know not to share their passwords and social security numbers but what about the other identifying information? How much information is too much information? The line between social networking and social engineering seems to be really fine and really fuzzy. Here’s hoping some education for companies (because the example given above is really piss poor) and individuals will help to make this line a little more broad and definitely more clear.