Jane Bradley: How to avoid gifting your identity to online fraudsters
It is Christmas shopping frenzy season and there is around a one-in-three chance that you are among the 21 million or so people in the UK who handed over their personal data to an online firm last (Cyber) Monday.
You might want to think about that. How many times have you given away your personal data online in the past week?
I did a quick calculation and was surprised at how many of my daily activities over the past seven days required me to part with personal information, which if it fell into the wrong hands, could have dire consequences.
A few Christmas presents picked up in an online shopping spree – sadly after Cyber Monday had ended, I was too busy writing about the deals to actually get any of them for myself – was one. Booking accommodation for a few days away in the new year was another. Then a separate online form to pay for the train ticket to get me there.
The day after that, I handed over my bank details to a friend – so she could pay me the deposit for an outing next year – and booked my daughter’s sports class for next term online.
I handed over my details no less than five times in the past seven days. The vast majority of those things I would have been unable to do offline. Some, perhaps I could have done IRL as the kids say (it means “in real life”), but it would have been far more time consuming and less convenient.
Trips to the train station, hours spent trying to a phone an accommodation provider. A trek into the overcrowded shops in town.
News last month that Uber had concealed a data breach which affected 57 million customers and drivers worldwide – including 2.7 million in the UK, it emerged this week – is no big surprise. Large firms are constantly under fire from hackers with increasingly tricky technology. These particular hackers accessed names, email addresses and mobile phone numbers, while 600,000 drivers for the firm had their names and licence details exposed. And the problem is not limited to Uber. In May, a hack on Debenhams’s floristry business exposed 26,000 customers’ data, while a month earlier payday loans firm Wonga saw 250,000 customer records seized by cybercriminals, including bank account details, sort codes, addresses, phone numbers and email addresses.
In February this year, around 43,000 people were affected by a cyber-attack on the website of travel agency industry body Abta, revealing personal identity information of individuals complaining about Abta-registered travel agents.
These are just a few of the data hacks which have occurred in the UK over the past few months. In October, celebrities who had been patients at a plastic surgery clinic in London were warned that a hacker, called the Dark Overlord, had stolen extremely personal data.
The problem is that once personal data is shared once, it is hard to stem the flow.
In Scotland on Sunday a few weeks ago, I told how police are investigating an eBay seller accused of stealing the identity of a customer, Euan Tennant, following a request for a refund.
After Mr Tennant, a Scottish IT consultant, raised a dispute with the man, who by chance lived in Glasgow, over a part he had bought for his for his Fitbit tracker, the seller allegedly harassed him by email, posed as Mr Tennant to close the dispute with eBay and, most bizarrely, used his details to order multiple meals-worth of unwanted fast food from local restaurants, which were delivered to the home of Mr Tennant’s elderly mother in Perth.
What Mr Tennant, who specialises in data protection in a professional capacity, is most concerned about is how apparently easy it was to access his details.
From his original eBay order, the seller had access to Mr Tennant’s email address and his home address; he actually works abroad, but is based at his mother’s home when in the UK.
Mr Tennant also claimed he had received abusive emails and requests for him to send pictures of himself holding up signs with specified messages on them “if you want this to stop”.
According to correspondence Mr Tennant has shown me, Amazon has admitted that his email address “was shared” in a phone call with the eBay seller, who was allegedly posing as Mr Tennant. It was, Amazon said, a “human error” that this happened. Yet if it happened to Mr Tennant, how many other people could have experienced the same thing without being aware of it?
The problem, which began in the summer, continued for months. The alleged harasser has now been banned from eBay and PayPal, but the damage has been done.
Early figures for this year’s Black Friday/Cyber Monday weekend debacle show that fewer people actually hit the high street this year, opting to spend online instead. Sales are up, but footfall is down. It seems that online shopping is firmly a part of life.
If so, we need to do everything we can to keep ourselves safe online – and that includes not buying from sites which do not have proper encryption security (the little padlock at the top of the page to you and me) – no matter how tempting the bargains may seem.
Use different passwords for every site. Always make sure you tick the boxes which stop firms from selling on your data. Finally, those big companies which you have always thought follow careful protocol to ensure that customer data is protected? Remember that they’re only human. Be prepared.