I use a password manager. I have 2FA set up on everything. When an organisation asks me to set a recovery question, I generate a 32 character passphrase. I don’t use my mother’s maiden name or my first pet’s birthday on anything sensitive. I monitor my email addresses for breaches, and I regularly check my credit file.
I’m doing everything a geek can to protect their online life. Is it enough?
Is there a market / service for *personal* pen-testing or social engineering?
I like to think I've got all my security set up. But how easily could a fraudster take over my life?
— Terence Eden (@edent) March 30, 2019
This is not an invitation to hack me. I’d like to pay a professional to see how far they can infiltrate my online life. Is my bank particularly vulnerable to social engineering? Does my hosting provider accept a fax to transfer away my domains? Is an image of my passport floating around the dark web? What OSINT should I be scrubbing from the web?
I can find pentesting services for companies. I can find some which claim to test the security of CEOs and celebrities. But I can’t find anything for ordinary people.
Does this service exist? If not, is this a million-dollar start-up idea?