For years we’ve been told to shred paperwork revealing personal details – such as our address or date of birth – before throwing it away, lest an ID thief finds it. But are we revealing too much about ourselves online?
With ever more of our lives moving online, ID fraudsters may be able to get this info without ever getting their hands dirty.
In fact, in a recent investigation we found that some people are leaving so much information online that it would be possible for us to successfully apply for credit cards.
With permission, we were able to use the information we found, plus a few educated guesses, to successfully apply for credit cards in the name of three of our volunteers.
Details left online
We asked security experts to look at how much they could find out about 42 different volunteers using publicly available sources of information online, such as social media or the electoral register.
Many of them were revealing far more than they realised – even information such as their home address, telephone numbers and date of birth in some cases. Together with other details like job title and employer – easily findable on websites liked LinkedIn – they were vulnerable to ID thieves.
Even if you think you’ve taken precautions, like not publicly listing your date of birth on Facebook, for several of our volunteers there were posts thanking friends and family for their kind birthday wishes which allowed the security experts to pinpoint the date. In combination with other information such as the dates you attended school or university on LinkedIn this could be enough to confirm your full date of birth.
Targeted phishing or vishing scams
For some of our volunteers it was also possible for us to get a strong sense of their hobbies and interests. This information would clearly not be enough to commit fraud on its own, but with security experts telling us that ID thieves are upping their game, this kind of information could put you at risk of a targeted phishing email of vishing (voice phishing) phone call.
Fraudsters are becoming masters at jigsaw identification – so-called ‘social engineering’ – taking a small piece of information, combining it with others from elsewhere, and using this to trick you into revealing even more.
So how about you, do you think you’re taking enough precautions to protect your identity online?