Identity fraud: The secrets we share with strangers
Websites such as Facebook are happy hunting grounds for cyber criminals looking to steal our personal details. So why are users not being more careful? asks Annie Shaw
For anyone who cares to read them, Sandy (not her real name) has posted details of her recent divorce on a number of social networking websites.
There's more, too: her children's middle names, her own waist measurements before and after pregnancy, her parents' jobs and places of birth, information about her two husbands, her career progress and earnings, her shopping habits, the names of her pets and blow-by-blow accounts of various disputes she has had with her neighbours – including a photograph of her front drive clearly showing her house number.
The problem with sites such as Facebook and MySpace is that those reading such information could easily include criminals looking for personal data to use in identity fraud.
Sandy is certainly not alone in telling the world so much about herself, says Neil Munroe of credit reference agency Equifax. "The problem is that people don't realise the significance of the kind of information they are putting out on the web and who may be accessing it. More and more consumers are signing up to these sites every day, and chances are they'll put on their date of birth, location, email address, job and marital status, and other useful details. Fraudsters can use this to steal an individual's identity and open accounts in their name."
Only the foolhardy would write down in a handy list their mother's maiden name, the name of their first school or the names of their pets – the sort of information often used for passwords or requested by banks to ascertain someone's identity. But the same details can be put together using a " jigsaw" approach.
David Porter, head of security and risk at information intelligence consultancy Detica, says: "In an age where information and identity is the new criminal currency, social networking sites such as Facebook are goldmines for fraudsters who embezzle data. Even the most innocuous information about a business – people and the departments they work for, day-to-day processes, jargon and codes – can be valuable stepping stones for persistent criminals who want to infiltrate corporate security by trickery and subterfuge."
Once information has been posted online it can become almost impossible to remove because of archiving and file sharing. Mr Porter adds: "The bottom line is, you can't shred information in cyberspace."
However, consumers continue to be keen to part with personal data, often for little in return above a free sachet of hand cream or the chance of entering a free prize draw.
A host of competition and free-gift websites are springing up, coaxing potential customers to type in their name, address and other details for marketing purposes. Among the most popular are www.myoffers.co.uk, which describes itself as "the UK's leading creator of opt-in email databases", and www.free-stuff.co.uk. These are perfectly legitimate businesses and there is no suggestion they are doing anything wrong.
ID fraud has become a very big – and costly – business in the UK: 80,000 people fell victim to it last year, resulting in a £1.5bn bill for the individuals or banks that ended up having to compensate them.
Banks are now reacting with much tighter security. Barclays, for example, is rolling out pin machines for customers to use at home. But it's not just consumers who need to beware: major companies and government bodies have been upbraided for exchanging information without the owner's knowledge or consent – and then not always keeping it safe.
The Information Commissioner's Office (ICO) last week published new guidelines to help people understand why their personal details may be shared by organisations, and to explain their rights under the Data Protection Act. It points out that council tax records, for instance, are often passed on to other local authority departments.
The ICO reported in March that HBOS, Alliance & Leicester, Royal Bank of Scotland, Scarborough building society, Clydesdale bank, NatWest, Barclays bank, Co-operative bank, Nationwide building society and the Post Office had all been found to have discarded customers' personal information in waste bins outside their offices.
Further browsing: Keep a close eye on your credit record by going to www.experian.co.uk, www.equifax.co.uk , www.callcredit.co.uk For more tips on how to stay safe online, go to www.independent.co.uk/money