Why you need to look after your personally identifiable information

Although we tend to think of scams and deceit as modern concepts, the Trojan Horse story illustrates how people have always sought to compromise one other using stealth and deception.

However, the internet has placed wind beneath the scammers’ wings.

In today’s post-truth world of fake news and deepfake images, you simply can’t be too careful when engaging with unknown agents, especially online.

That website selling an affordably priced product might look legitimate, or it may be a front for credit card fraud.

A social media friend request or dating app invitation could be a phishing expedition, and an unsolicited email might contain hidden malware in its attachment – the modern-day Trojan.

The target of all these fraudulent activities is personally identifiable information – the Holy Grail among most cybercriminals.

Being able to obtain credit/debit card details alongside contact details, date of birth and passport/driving licence numbers could facilitate a variety of invasive frauds and crimes.

As such, protecting your personally identifiable information (henceforth referred to as PII) is more vital now than it’s ever been.

The threat is real

We listed three fairly mundane examples of cybercrime in the previous section, but criminals are becoming increasing innovative.

One incident recently highlighted on LinkedIn encapsulates cybercrime’s progression from garbled and indiscriminately distributed spam emails to highly targeted activities.

A candidate seeking work was invited to apply for what appeared to be a legitimate job vacancy – but was actually an elaborate sting operation.

The scammer pretended to be a recruiter, conducted an ‘interview’, sent through a job ‘offer’ and then requested proof of the candidate’s right to work as part of the ‘onboarding’ process.

The victim duly sent over a passport scan alongside other personal information, which the recipient immediately used to apply for loans and credit cards in their name.

And while this is extreme example of playing the long game, criminals are endlessly innovating and refining their techniques.

We reported two years ago about payment fraud involving fake QR codes stuck on top of genuine ones, and the rise in Authorised Push Payment scams.

Fraudulent corporate phishing emails are increasingly being customised with logos and even authentic hyperlinks, engineered to look like they came from a real person working at that organisation.

And then there’s AI-driven fraud, such as voice cloning, where recordings of someone’s speech are used to generate fake calls or voicemails requesting money or sensitive data.

Simple steps to take

Anyone could potentially fall victim to a cybercrime incident, particularly if a legitimate website/file has been compromised, or your data is being sent via insecure public WiFi.

However, there are plenty of steps we can all take to protect our personally identifiable information:

1. Don’t store copies of PII on digital devices. If you need to provide a passport scan, save it and upload it before deleting the file, so it can’t be downloaded at a later date.
2. Approach any unexpected or unsolicited enquiry cautiously, regardless of whose name displays on your phone screen or how plausible an enquiry might seem.
3. Never act in haste. Scammers rely on people panicking and not conducting due diligence. If a ‘bank’ rings you up, call them back at their head office using a different line.
4. Always study the sender address on an email. It remains hard to clone a legitimate email address, so scammers will use misspellings, Gmail accounts or obscure top level domains.
5. Only trade with secure websites. Look for a padlock symbol or HTTPS address prefix, search Companies House data, and explore review sites like Trustpilot.
6. Be suspicious of bargains. Why is a website selling something far cheaper than everyone else? Why are you being offered free postage on a large item coming from China?
7. Maintain device security. Install antivirus software on PCs and Macs with automatic updates enabled, use two-factor authentication if it’s offered, and never open unsolicited email attachments.
8. Keep away from P2P and torrent sites. These are repositories of malware, including newly created zero day software which antivirus packages may not detect.