What Makes Our Emails So Valuable To Fraudsters?
Everyone knows it is important to have a secure password on their email accounts and keep their messages private – but the question is, do most of us understand why it is so essential to do this?
Many Brits might not realise how their personal emails, shopping receipts or family photos can be valuable to other people. However, according to the latest research from UK General Insurance together with Cyber Aware, fraudsters can both use and manipulate this information for their own personal gain.
- Purchase history
Findings from the research revealed 79 per cent of Brits have emails that could be easily retrieved and taken advantage of by hackers. Some of the most common uses for these emails are identity theft, fraud or impersonation, which could cost the account holder financially and emotionally, London Loves Business reported.
Perhaps the most popular thing for fraudsters to do when hacking into someone’s emails is to find details of their bank accounts to gain access to their monies. This would not be that difficult, as 51 per cent of adults hold on to e-receipts that show detailed information about their purchase history.
By gaining access to previous purchases, hackers can learn what bank accounts were used to make the payments; find out what name the account holder uses on their bank cards; and even gain a greater understanding of their purchasing habits. Knowing this information makes it easier for them to buy things for their own use without it being discovered for some time, as the user and online retailer might not think the purchase activity is suspicious if it fits in with their previous buying patterns.
- Personal information
According to the research, more than a third of us (34 per cent) store messages from their loved ones, whether that’s in the form of photos, loved letters or private correspondence.
While many people might not think these are either interesting or useful to strangers, the facts contained within them can be ‘gold dust’ to hackers.
All these snippets of information can help them steal your identity, as they can find out more personal facts to be able to impersonate you better. Alternatively, if they regularly see emails from your loved ones, there is nothing stopping them trying to steal their identity instead, which means you put your friends’ and family’s data at risk if you do not properly protect your email account.
National Cybercrime Programme Lead and detective superintendent from the National Police Chiefs’ Council Andrew Gould said: “Just imagine someone posing as you and the reputational, emotional and financial damage it could do to you and your loved ones.”
Someone who has been a victim of hacking is Alison Marriott, who said she found the whole situation “very distressing”.
“Emails were being sent from my account to my contacts which I had no control over. It caused a great deal of embarrassment,” she stated.
As well as embarrassment, it can also put your and your loved ones’ safety at risk if emails are hacked and photos are stolen by someone else; while information about children’s schools, holiday plans, and financial arrangements could also put you in danger.
- Guessable passwords
Something that makes a hacker’s job easy is by having a password that is too predictable. Some people find it difficult to choose complicated passwords for all their bank, retail, social and other online accounts, but the importance of setting up a secure password has been emphasised by Cyber Aware.
Many Brits simply choose passwords that are linked to themselves, such as their favourite sports team, their children’s names, or words that have easy-to-guess number substitutions. However, these are all incredibly simple for fraudsters to predict, and therefore, puts the account holder at increased risk.
Mr Gould reminded people to “treat [inboxes] in the same way we treat treasured possessions in the offline world, by taking the simple step of having a strong and separate email password”.
He added using three random words and using special characters and numbers is the best way to create a password that other people will not be able to hack into easily. Another layer of security is having a two-factor authentication, which means users require another device that has already been registered to the account to log into it.
Cyber Aware also pointed out to users that they should avoid using public Wi-Fi when transferring sensitive data, such as when making purchases, using their bank cards or sending emails with important, private information in.
- Sending money to wrong accounts
Fraudsters have made a habit of crippling people financially by diverting money being sent to an account to their own.
When setting up a new, or editing an existing, payment online, you have to enter the account name, sort code and account number. However, this information is not currently checked thoroughly enough, and the account name could be incorrect.
Hackers have taken advantage of this and have been able to trick people to send the money to the wrong accounts by giving them false information about the sort code and account number.
This can be incredibly distressful for those who send the money, as they believe in all honesty that they are transferring the cash to the right person, when all along it is going to the account of someone else whom they cannot then retrieve it from, Money Wise revealed.
Chief executive of Pay.UK Paul Horlock was reported by the news provider as saying: “Sending a payment with an incorrect sort code of account number is like addressing a letter with the wrong post code.”
He went on to explain: “Even if you have used the correct name, it won’t read the intended destination – and fraudsters have become increasingly sophisticated in using this to trick people into sending money to the wrong account.”
- Fraudsters will face another hurdle with new ‘Confirmation of Payee’ service
That is why the recent news there will be a new ‘Confirmation of Payee’ service has been well received by the public, as fraudsters have to go through another challenge when trying to divert payments to their bank accounts.
Pay.UK – which was formerly known as the New Payment System Operator – revealed there will be new name check safeguards put in place from next year. This will work by the bank taking an active part in checking the name on the account the money is being sent to. If the name matches, the sender will receive confirmation and can then proceed with the payment.
If the name is similar but not identical, the sender will be alerted and given the actual name of the account holder so they can check if it is right. At this point, they can update the information and try sending the cash again, or get in touch with the recipient to check their details.
Of course, if the name is wrong and the details are unmatchable, the sender will be informed and advised to get in contact with whomever they are trying to pay so they can amend the details.
It is at this point that the account holder could determine that they have been given the wrong information and, therefore, they might have sent the money to the wrong account if the payment had not been intercepted.
Mr Horlock stated: “Confirmation of Payee will let you check you have the correct name for the person or business you’re paying, giving better protection against certain types of fraud, and helping to stop accidental mistakes too.”
The decision whether the payment details match will be carried out by the intended recipient’s bank. However, it will be up to the sender whether they want to carry on with the transaction, knowing the full information about the potential risks in doing so.
- Continue to protect data
It is thought the ‘Confirmation of Payee’ service will be rolled old by banks and building societies during 2019. This means Brits are still at risk of sending money to the wrong account holder throughout the rest of 2018, and until their financial services provider has introduced the system into their online payment process.
Therefore, people need to continue to protect their data, whether on their online bank accounts, their emails, or in hard copy, as much as possible.
As Cyber Aware has reminded the public, it is essential to improve online security through hard-to-crack passwords and being careful when using public Wi-Fi. However, more needs to be mentioned about fraudsters accessing data through paper trails and business documents as well, with these providing a huge source of valuable information when placed in the wrong hands.
Confidential data destruction is one of the best ways of cracking down on identity fraud, as it physically destroys the information so fraudsters cannot get hold of it.
Businesses find this service particularly useful, as they deal with a huge amount of paper, media and clothing that carry valuable details of their clients, customers and employees, and they often struggle to get rid of these adequately and at a fast enough rate.
For more information about data destruction, get in touch with us today.