Research carried out on by Infosecurity Europe has revealed that 92% of people were willing to freely dish out all the personal information needed to steal their identity in exchange for the chance to win a theatre ticket.
The study was conduced on the streets of London of as part of a survey into identity theft.
The researchers asked passers-by questions about their theatre going habits, telling them that by taking part in the survey they would be entered into a draw for theatre ticket vouchers worth £20.
In a cunning piece of mind-mending double-think deception, the pedestrians were asked seemingly innocent questions about their attitudes to going to the theatre, sneakily interspersed with questions to find out the details needed to steal their identities, such as date of birth and mothers maiden name.
The survey of 200 people on High streets across London was designed to act as a “wake up call” to highlight how easy it is for fraudsters to use social engineering to carry out identity theft.
By revealing how easily people can be duped into giving out personal information, it is hoped that the experiment will raise awareness of the need to be very careful about the information people give to complete strangers, either face-to-face, by post or online.
Researchers started off asking people their names – a reasonable enough question if someone is potentially going to send you freebie vouchers – and every person surveyed gave their names.
Next, the researchers dipped into their evil bags’o’deception and devised a simple yet effective means of finding out personal information.
People were asked a series of questions about their views on the theatre in London, with researchers asking if they knew how actors came up with their stage name.
When they were told that it was a combination of their pets name and mothers maiden name, they were asked what they thought their stage name would be. Like a bunch of chumps, ninety four percent (94%) of respondees then blabbered out their mother’s maiden name and pet’s name.
Next up, researchers were tasked with finding out the address and post code of their ‘victims’.
And, once again, they were like putty in their evil, plotting hands.
Researchers simply asked for people’s address details so that vouchers could be mailed to them if they won. And like sheep to the slaughter, 98% of those asked obediently barked out their full address and post code.
Next up, the researchers managed to find out the name of their interviewee’s first school by asking, “Did you get involved in acting in plays at school?” followed by, “What was the name of your first school?”
Once again, almost all those asked (96%) gave the name of their first school.
This information, along with the name of a person’s mother’s maiden name, are key pieces of identity information used by many banks.
Finally, the researchers said that in order to prove they had carried out the survey they needed the interviewee’s date of birth. 92% duly handed over the information along with their home phone number “in case there was a problem delivering the vouchers”.
At the end of a three minute survey, the researchers were armed with sufficient information to open bank accounts, go on a wild spending spree with credit cards, or even to start stealing their victim’s identity.
Incredibly, the researchers did not give any verification of their identity, offering only a trusty clipboard and the offer of the chance to win a voucher for theatre tickets.
Claire Sellick Event Director for Infosecurity Europe who took part in the research said, “For the past 10 years we have endeavoured to highlight many of the common IT security concerns and vulnerabilities – such as information breaches via employees and consumers.
This survey showed how easy it is to steal a person’s identity and breach a company’s security – security is only as good as the awareness of the people it protects.”
Chris Simpson, head of Scotland Yard’s computer crime unit, agreed that the results of the survey were disturbing, commenting: “Preventing the theft of your own identity is relatively simple, but it relies on the individual taking steps to protect themselves i.e. restricting the people to whom you reveal sensitive personal data (whether in the physical or virtual context); shredding or destroying personal correspondence before disposing of it and never sharing passwords to access computer systems.”
The Home Office reports that more than 100,000 British people every year suffer identity fraud, with online scams such as phishing, forged emails and spoofed Web pages a growing problem.
There is a happy ending to this story however: all the information collected was destroyed by Infosecurity Europe but – bless ’em – they honoured their word about the draw and three lucky winners were selected at random and sent theatre ticket vouchers.
Identity Theft UK (Home Office)
Infosecurity Europe
Identity theft affecting one in four UK adults (silicon.com)