Your child’s data could be used in ‘sophisticated’ identity fraud | Personal Finance | Finance

During Family Safety Week we’re taking a look at how valuable your family’s data is and how you should take steps to protect it. Firstly, so that it doesn’t fall into the hands of scammers who would use it against you, and secondly so that you can use your personal data to your advantage to get value from it and create better outcomes for yourself.

You may have heard a lot of people and organisations talking about data over the past several years. Data, data, data, we hear it all the time. Too much data, too little data, personal data, company data, stolen data. But how valuable is your and your family’s data? How much is it worth and what would someone pay to get hold of it? And if it has value, how can you make the most of your personal data? After all, your data belongs to you.

Your data has value and so it’s right that you should have control of it, know who has access to it and how they will use it.

Unfortunately, for most people, their data has been shared widely and often ends up in the databases of companies they have never even heard of.

Data breaches

Data breaches are happening all too often and regularly show up in the news pages. The breaches are often instigated by hackers who find ways to break into company databases and access various levels of personal data. If they get hold of enough of it, it becomes valuable and they sell it on the dark web to other criminals including scammers who will use it to carry out scams. The scammers will try to trick you into parting with money, or go fishing for more of your personal data that will enable them to access bank accounts, your social media profiles and email systems.

How valuable is your family’s data to hackers?

If data didn’t have a high value, hackers wouldn’t bother to steal it.

There are several angles to the world of the hacker. Firstly, some hackers target businesses. Sometimes they hack data lists and use them to sell on to data brokers. But, if the data they’re capturing includes bank details, health records or other more personal information, then the value of this data goes up dramatically.

Other hackers steal data to use for ransom and blackmail purposes.

Hackers may also be directly selling information or using bank details to access individual or company accounts. Sometimes they build profiles for individual family members by combining various data sources. For example, just a credit card number on its own is worth a relatively small amount to the hacker. But if they can associate that with other information they can find, such as a name and address scraped from social media profiles or other sources, suddenly the value shoots up.

If they’re able to obtain the card’s owner’s address and email, then its value on the dark web could become around £20 or £25. That has a similar market value to a driver’s licence. So, one debit card, two credit cards and a driver’s licence, plus your email and physical address, commands a price of around £100.

It’s not just adult data that the criminals are interested in. What value is there in children’s data, you may ask. More than you might think as it turns out. Stolen children’s data gets used in scams and frauds involving tax fraud, in the form of falsified tax returns that involve claiming for child tax credit in the child’s name.

Synthetic skins

Worse still, children’s data can be used in sophisticated cases of identity fraud, sometimes known as ‘synthetic identity fraud’. Sounds like something from Blade Runner, doesn’t it?

This kind of fraud is different from identity theft that you may have heard of. In this kind of fraud, the criminal creates a new ‘synthetic’ identity rather than stealing an existing one. The process begins with someone stealing real data associated with a child that isn’t actively being used. For example, young people get issued with a National Insurance number quite young. The fraudsters take that information, along with, for example, other social security references, and then set about creating identities by adding fake addresses. It may surprise you to discover that they are playing a long game that can take years to pay off. They slowly build a credit rating for these new identities, interacting with banks, often using burner phones. Eventually, the fraudsters rack up substantial debts, take out loans in the names of the synthetic identity and of course disappear without a trace.

Bought and sold out

Some stolen identities are bought and sold on the dark web and then used by sophisticated criminal gangs to create new identities that are sold at a profit. Many of the personal data sources advertised on the dark web are real, by which we mean that they were stolen from a genuine citizen and illegally sold to a new identity seeker. A full package can be found on the dark web, all stolen from unsuspecting victims. The credentials can include credit card details, email logins, bank accounts, passports, PayPal accounts, and driving licences. It can cost as little as £1,200 to acquire a complete identity on the dark web.

For anyone who has experienced identity theft, the devastating emotional cost is all too real. The victim will often see their bank accounts get emptied, their credit rating destroyed, and their lives become ruined. It can lead to deep depression and even suicide. There are insurance plans which offer protection against the threat of identity theft to help you get back on your feet.

There are legal ways of trading data and the chances are your and your family’s data is washing around the databases of data brokers. Data brokers collect consumer data, such as preferences, lifestyle, stage of life and various other attributes, and sell it to other companies, usually for marketing purposes. They are making millions from trading your data. Organisations like Facebook and Google gather great swathes of data about you every single day. They sell that to advertisers who then target you.

But how do they access your personal data? Thousands of brands sell information from store loyalty cards to data brokers, meaning that if you’ve ever signed up for a loyalty or store credit card, there’s a good chance the data you provided was sold to a broker.

Be careful out there

Imagine you’ve found an amazing-sounding family holiday. You don’t recognise the website, but it’s such a great price, and there are reviews right there on the site, so it sounds too good to miss. So you enter all your family names, credit card details or your bank information, your full names and address, passport and health details. But then imagine that at the other end of that website, a scammer sitting there gathering all that information on your whole family. Suddenly there is a great deal at risk.

Always make sure you know exactly who you’re dealing with. Check websites are genuine by navigating directly to them, not following a link you found on, for example, social media. And remember, if it seems too good to be true, it probably is.

Your personal data and that of your family is a valuable product. You need to look after it carefully because If it falls into the wrong hands, it can have serious consequences, including financial loss, emotional distress and loss of privacy.

Most data that ends up in the hands of hackers and scammers is lost in large-scale data breaches. Most of these breaches are a result of a business process that has gone wrong or not been managed properly. Sometimes it’s just human error. But there are several, simple steps that you can also take to protect yourself and your family online:

• Watch out for phishing attacks that try to grab your login or bank details
• Choose strong, unique passwords for each online account and consider use of a password manager app to help you
• Use two-factor authentication whenever possible
• Don’t use unsecured Wi-Fi networks unless you have strong VPN software protection
• Use data breach notification services to learn if your details have been stolen in a known data breach

Scambusters Mail bag: Your questions answered

Question: I was intrigued by your article on women’s health a few weeks ago as I use multiple lifestyle apps every day to keep track of my menstrual cycle and support with tracking my health and fitness. I’ve started to realise how much private data I’m handing over and I wanted to know whether I should be more careful?

Many of these health apps are genuinely useful, but in order for them to function, they need to collect a large amount of intimate personal data. This information is usually private, so it’s important you have control over who has it, who can access it, and that you know how to delete it from anywhere you don’t need it to be anymore. Be aware that most apps don’t always say they share information with third parties, but this data can be incredibly valuable to advertisers. It could also fall into the hands of scammers, giving them the ability to make scams even more personalised. The easiest way to get control of your data is to ensure it’s completely erased from the companies that no longer need it.

Top Tip: Regularly check if you’ve been hacked
Make a habit of checking if any of your information has been breached. You can do this for free at haveibeenpwned.com, which checks your email against databases on the dark web. You can then change key information and passwords to prevent being hacked or scammed.

Remember: If you have received a text, you think is a scam then you can forward to 7726 or take a screenshot and send it to report@phishing.gov.uk. If you are receiving lots of unwanted phone calls or text messages you can also consider removing your details from data brokers, ensuring that you use a right to object to processing of your data. You can learn more about this on Rightly to stop the sharing of your data exposing you to scams. And you can take a free training course on how to fight against scams on www.friendsagainstscams.org.uk. The more we talk about scams the more we take away the shame.