One of the most awkward situations people experience on a regular basis is being approached by someone who supposedly knows you but who, for some reason, you are unable to identify. The scene usually unfolds as follows: a stranger walks up to you with a big smile, calls you by name and starts asking all the ritual 'how are you' and 'how have you been' questions. In response to your puzzled look, the person then provides you with a range of specific information concerning you and your previous encounters: from that music festival you attended last summer to a class you shared at your old university or high school.
In the majority of cases this is sufficient for you to finally realise who that person is, often leading to relieved laughter on both sides. Other times, you are just forced to either acknowledge your bad memory and apologise, or pretend that you remember and improvise. But what if the cause of your apparent blackout is that you have never actually seen your interlocutor before?
This is exactly the kind of scenario recently investigated by the global company Experian as part of a project aimed at raising awareness about the importance of identity protection. An experiment was conducted in a bar in London, involving a team of actors who approached customers and tried to persuade them that they were old friends. This was done exclusively by relying on personal information about the victims which was easily retrieved from the Internet. The results were quite astonishing, and have been collected into a short video available below.
Together with the victims' surprised and somewhat frightened reactions, the experiment also captured an important trend underlying British society today: citizens not only tend to widely underestimate identity-related risks, but they also often lack even the most basic understanding of how to avoid them. A survey run on behalf of the company showed that 25 percent of Britons doubt that they will ever be affected by forms of data breach. At the same time, 28 percent claim that there is little they can do in order to prevent themselves from becoming a target of identity theft.
According to Mr. Peter Turner - Managing Director of Experian Consumer Services UK&I - the experiment highlights how unsavvy most of us are when it comes to protecting our identity online. "As this video shows, it's amazing to see how many people are not aware just how much of their personally-identifiable information is available online, and also how willing they were to share even more information to people they didn't know and trust. In the wrong hands, this information could all be used directly to commit identity theft or sold onto fraudsters."
Experian is not alone in its commitment to drawing the public's attention to the dangers of identity theft. Almost two years ago, another video was created by the Belgian Financial Sector Federation as part of a campaign to promote safe online banking. The video portrays a psychic trying to read people's minds and revealing incredibly accurate information about them, from the details of their love life to the number of their banking account. Then all of a sudden, a curtain drops, showing the victims the secret behind the clairvoyant's trick: a team of masked hackers working on their computers and a big screen saying: "your entire life is online... and it might be used against you".
This is a warning we should all take seriously. The UK has one of the worst records in Europe in terms of cases of identity fraud. In 2012, as many as 25 percent of British citizens claimed to have been a target of identity theft at least once in their lives, as opposed to a European average of only 17 percent. When a year later the UK's Fraud Prevention Service (CIFAS) reported an 11 percent decrease in the overall number of frauds, 60 percent of these were still constituted by crimes involving either the illegal hijacking of people's accounts or the exploiting of their personal information to impersonate them.
What a similar trend suggests is that on the front of ID protection much has yet to be done by the organisations managing our data but also by individual users. Research carried out by Experian demonstrates that the majority of UK citizens have no problems with giving out their personal details online. Information such as full name and birth date are shared on social media platforms by, respectively, 27 and 23 percent of people interviewed. Yet few of them are ready to take even the smallest steps needed to guard against possible data breaches. Indeed, less than 4 out 10 respondents admitted to using a different password for each of their online accounts.
Even more worrying, perhaps, is the fact that those who have already experienced some form of identity fraud in the past still engage in the same kind of unsafe behavior. Almost half of the victims reported having changed the password on their targeted account, whereas less than a quarter proceeded to set a new one on the other accounts. Overall, only 1 out of 5 respondents said they behave differently since they have been affected by an identity crime.
Yet adopting a few simple measures would contribute significantly to enhancing our digital security. According to the Experian team, these include using more complex and varying passwords for every account we own; considering the amount of information we need to share with an organisation before giving our consent (e.g., location, birth date, e-mail address); sharing only information consciously (e.g., by disabling auto-fill settings on all our devices); setting social media privacy standards to high so as to control with whom we are sharing data; and, finally, making sure that we are comfortable with the level of information that can be publicly accessed from our social media profiles.
As is illustrated in the above videos, identity theft can be a surprisingly easy process if we choose not to adequately protect our data online. Most of us tend to overlook the problem until we find out we have become victims, and when this realisation occurs it's usually too late to fix it. Understanding and implementing some basic security standards should be a major concern for anyone active in the digital world. The consequences resulting from not doing so could be far greater than having a few seconds of embarrassment recorded on camera.