Data breaches sound like something you only have to worry about if you’re in charge of a bank or looking after the details of high value, high security information that you don’t want business competitors or foreign governments to find out about. Unfortunately information security is far more mundane and something that all of us who are shopping online and ordering deliveries during lockdown need to think about.
Millions of usernames and passwords are currently for sale on the dark web. Cheap ones haven’t been verified or tested so the buyer takes pot luck, but expensive high quality data is available to fraudsters, and sometime it even comes with money back guarantees if you, as a scammer, aren’t completely satisfied.
Because it’s quick and easy to order from Deliveroo, McDonalds or JustEat, and the orders are low value not much thought has gone into security, either on their part or by the people making the order. A recipe for disaster.
Hunger Leads to Poor Decision Making
It doesn’t take much brain power, does it? We’re hungry & we can have our favourite fast food delivered to the door in a quarter of an hour. We can’t be bothered with dreaming up new complex usernames and passwords and the retailer doesn’t implement two step authentication, it’s just a few burgers, pizzas and a milkshake after all. Our credit and debit card details are protected so they can’t be used elsewhere, but what happens to all the other data we’ve just handed over? That’s right; it’s stored in a flimsy database which is easily hacked and sold off on the dark web to whoever wants it. So while it’s true that some of that data is of really limited use it could see several people making large orders which are billed to your account, and if they fail then it’s your credit rating which suffers from making numerous orders which you don’t then pay for. Imagine being blacklisted by BurgerKing and Experion on the same day!
When a delivery company doesn’t provide Two Step Authentication it’s cheap for them and hassle free for you, but that hassle is for your protection.
Only the stupidest scammer alive would make an order and have it delivered to their own address, but there’s nothing to stop them sending it to a block of flats and then waiting outside for the delivery. They confirm their name and address as they appear on the bill and that’s it, you’ve just paid for a stranger’s slap-up dinner.
Thinking Up A New Password For Everything Is Hard. That’s The Point.
The fact that you haven’t put a great deal of thought into your security means that if you’re in the habit of using the same password for everything then BOOM! You’ve just been blown wide open and now you have to change all of your passwords. It’s frustrating, it’s annoying, and one method scammers use to get your new details is to present you with verified out-of-date data. It’s a neat trick. They approach you in an email cleverly insinuating that to protect your data they’re verifying you by using a past password as they don’t want to email out your current one, but in order to verify yourself, would you please confirm your current one in a reply.
Stolen data doesn’t just come from low value – high turnaround retailers though. In the past Equifax, Talk Talk and Yahoo have all been subject the attention of hackers, cumulatively costing the companies millions of pounds in fines, security updates and lost business. More recently it’s been hotel chains who’ve lost their customers details and this has proved to be rich pickings for intelligent fraudsters who are paying up to twenty pounds for a single fully verified customer’s account and security details, including full names, DOBs, street addresses, and previous transactions. These details are being sold by the thousands and, as mentioned above, the hackers are so confident that they have sourced the good stuff that they are offering refunds on dud data. The epitome of honour among thieves!
The Key To A Successful Scam: Be Convincing
With these details scammers are able to generate genuine looking online brochures offering realistic looking deals, reminding the customer what a great time when they went to the previous destination, and how much they could save if they booked a return visit now. When you consider that for a confidence trick to work you just need to be convincing and to look like the real thing long enough to get your mark to press ‘send’ it’s easy to see how each of these £20.00 investments could pay back a fortune to the professional fraudster.
At the other end of the scale is the trade in club card details. These only cost a few pence to buy and don’t offer up the same kind of return, but it’s a basic entry level fraud. Someone buys thousands of club card customer’s details and goes through them transferring the points to their own card, buys as much as possible using those rewards and vanishes. It’s not an earth-shattering crime, but if you’re living on limited means and you’ve been collecting club card points for a particular reason then the repercussions can be considerable.
How To Protect Yourself By Increasing Your Own Online Security
Always use a unique, complex password for every new account. That way if your details get compromised they’ll only have access to one of your online accounts, not all of them. Using a password manager when you’re just trying to order a kebab might seem like an awful lot of fuss, but it will help to keep you safe!
Two Factor Authentication
Always use Two Factor Authentication (2FA) if it’s offered by the company you’re doing business with.
Credit and Debit cards
If you’re offered the chance to save your card details, don’t. It may make things easier if you’re a frequent customer, but it also means that your all important long number and security number on the back of your card are stored somewhere which is ultimately vulnerable to attack. Choose ‘guest checkout’ instead.
Briant Communications can’t be there to protect your security when you’re ordering food or shopping, but we do offer a range of the latest Smart Home Security systems which will protect your home and property from intruders. All of our devices are expertly installed by skilled, experienced, qualified engineers who will indeed apply strong, unique passwords to all the equipment they install for you.