Spelling It Out For Them: Personal security tips from a discarded letter

A few days ago I went to see The Bourne Legacy with my brother, which I enjoyed very much. On the bus coming back from the cinema I just happened to see a letter on the floor, and thus chanced upon a great opportunity to open discussion on the very real dangers of leaving documents that contain personal information around. Of course the best thing to do with this information is to destroy them if we don’t need it, however this person had either never been told this or had failed to uphold his vigilance this time. Luckily for him, it was me who picked it up instead of an identity defrauder! Originally I was going to merely take it and burn it to protect his identity, however I noticed just how much personal information was on there when I was about to, and so I took the opportunity to make this post. Of course, I have removed all of the information itself from these images to protect his identity and have destroyed the original document.

Letter Part 1 Letter Part 2

So let’s take a closer look. After all, you might think a simple letter (or printed email in this case, strictly speaking) probably wouldn’t have too much information on and so wouldn’t be overly important – what’s the worst that could happen, right? I’ve gone through and labelled the relevant sections A-S (including repetitions). Let’s have a quick run through and look at them. One aspect of the psychological side of self-protection which is extremely useful and powerful is to cultivate the ability, through research and the ensuing logical thought processes, to see things from a criminal perspective. The classic example is to look at a crowd and identify victims from various criminal perspectives. Here we will be using this technique to identify how these various pieces of information could potentially be seen from a criminal perspective.

imageA – Name and address: Here not only do we have his gender and full name, but his full address with a postcode below. This alone is not good to throw around. Simple as it is, you should remember that this simple information tells a criminal a lot about you. More than merely where you live, we need to see this in more depth. With this information, the criminal can find a spot to watch you from and easily build up a profile of your habits – the times you leave for work, the times you get back, the arrival and departure times for other regular activities (gym, regular social meetups, etc) and the routes you take whether driving or on foot. The postcode makes it quick and easy to search for your address, and even with the simple usage of Google Earth’s Street View they can see what your house looks like, identify weaknesses, hiding places, escape routes, etc from the comfort of their own homes. With this an attack or stalking can be planned with ease.

imageB – National Insurance number: The top one of the blurred pieces here is simply his National Insurance number. This of course is just another piece of information that a criminal could potentially use when building up their profile of personal details with which to make changes to your accounts or it could be a security question they could be asked when attempting to get into an account, or when requesting information, etc.

imageC – Date: This may seem unimportant, but often when making banking inquiries you are asked for details of the specific message/s that you have pertaining to whatever you’re discussing. One of these is often simply the date of the correspondence, which in this case is helpfully left here.

imageD – Name: The mention of such a repetition here may seem irrelevant, but it is not. In a physical hard copy of a document such as this, it is essential from a criminal’s point of view. If the document is damaged, even mildly, obscuring any information then having it repeated is essential to verify or fill in missing bits that could be smudged, burnt, partially shredded, torn or simply worn off. In either hard (physical) or soft (electronic) documents, repetition is also important as it serves as a quick and easy verification: if an unusual name is there, it may well have been mis-typed, particularly if it seems an unusual spelling of a common name. In this case, a repetition of the name can offer some verification as to whether it was a typo or just an unusual name. This is of course important as the criminal wants to minimise the risk of making any mistakes and thus minimise the risk of sounding the alarm and getting caught out.

imageE – List of the documents attached to the email: This in itself of course is not personal information, however it would help someone making enquiries using this person’s identity sound more believable, for example making an enquiry about losing their ‘Give Me Some Money Please Pack’ (fictional and not on the actual list). In addition, they can give further ideas of the document’s context and the nature of the situation in general.

imageF – Sender’s name and position: Again, while this isn’t personal information to the recipient of this message it is useful for a criminal. When making an enquiry, it sounds much more believable to be able to casually say ‘I’ve just got a question about something in an email I had from Mrs Whatsherface, your Customer Relations Manager’ as opposed to something less specific.

imageG – URL: If an email has been printed by hitting File –> Print from an Internet browser, by default it’ll have the URL of the file you’re printing in the footer. URLs can include a lot of personal information, which varies between different websites. One example is what I have noticed with my university’s in-browser email access system: the URL for my inbox has my full university email address in it, which is simply my university username followed by ‘@student.staffs.ac.uk’. This is assumedly true of all Microsoft Office Outlook Web Access setups by default, but regardless the important thing to remember here is that URLs can hold a lot of information. Even if it looks like a random bunch of letters and numbers to you, to someone who knows what they’re looking for there could be useful clues hidden away in there.

imageH – Date: Again, this is another repetition of information which can be useful for verification.

imageI – Name: You get the idea.

imageJ – National Insurance number: Once again, another repetition here of a key piece of information.

imageK – Date: Yet again, you get the idea by now.

imageL – Name: I know. I’ve mentioned this before.

image

M – Date of interview: This is crucial information. With this, a criminally-minded attacker could have known what his or her target would be doing on a particular day. A few ideas to take away from this: beforehand the recipient of this message is likely to be in a rush and they won’t be at home for a while on the day in question. Perfect. That’s bad enough, but let’s look further…

N – Time of interview: Now not only does the criminal have the date but the exact time that their target will be away from home, so they could use this as a time to attack them while they’re likely to be distracted and in a rush or they could simply take advantage of knowing that their house would be unoccupied at the time in question (or at least that this person specifically wouldn’t be at home – with their previous stalking opportunities they could have ascertained whether they live alone which adds other elements to this information’s usefulness). With the added knowledge of the duration of the interview, and that the target has to see someone else beforehand, they can work out a considerable window of opportunity.

O – Place of interview: This is even worse than the other information – now the criminal knows exactly where and when their target will be, so setting up any number of situations is rendered easy for them. What makes this worse, however, is the addition of the next piece of information:

image

P – Documents: Here the criminal reading this message finds out what his or her target will have on him when he attends the interview – more personal information. The claim form mentioned will undoubtedly have a wealth of personal information in it, and the other information will almost invariably include a form of photographic ID such as a driver’s licence or passport. Through mugging or subtler methods of theft, these documents could potentially be taken and copied. It may sound far-fetched, but it is far from impossible.

imageQ – Sender: Again, the name and position of the sender here. More verification.

imageR – URL: See above (G).

imageS – Date: Once more, just a repetition useful for verification. This is the date the document was printed of course, not necessarily the date it was sent or received.

Some Important Things to Remember:

Let’s keep this simple:

    • Documents contain information, and sometimes this can be useful to people who don’t hold your best interests at heart.
    • This information can be used to stalk you and build up a profile of your habits. This is useful for a criminal who wants to attack you, attack someone you live with, steal from/damage your property or use your identity for other reasons. That’s not an exhaustive list by any means – just a few ideas.

What we need to remember here is that simply put the information in these kinds of documents, or indeed potentially any other, can be used for criminal activities against you. I’m by no means an expert on this – I haven’t got a degree in criminology and I’ve had no experience of dealing with identity fraud – however I do know what to look for in terms of security holes and how criminals could exploit them.

The simple solution to this is to do everything you can to not leave any holes for them to exploit – this concept extends to all aspects of your life but let’s keep to the example of documents and information for now. When you don’t need these documents any more, burn or shred them. Better yet, shred and burn them! It’s not impossible for shredded paper to be put together by a committed individual, especially if you only shred one document at once. Shred documents along with random pages from an old magazine, or off-prints of unimportant things from when the printer last played up – anything to throw confusion into the heap. If you burn your sensitive information, make sure it’s fully burnt before you throw away the ashes! We’ve seen here from even a fairly cursory glance at the information in this letter how much can be gained from even an address.

The simple rule: if you wouldn’t shout it from your roof, tell it to a random person in the street or post it online publicly, then it’s sensitive information. Don’t leave it for the wrong people to find.

You can find more information on fraud and how to protect yourself and others against it at http://www.direct.gov.uk/en/CrimeJusticeAndTheLaw/Typesofcrime/DG_181626.

Stay safe!

Josh Nixon, ESP

Security Warning from Staffs Police

image

Staffordshire Police have issued a warning today to remember your home security, in light of ‘several recent burglaries across the south of the county’.

Of course, this advice applies all the time, not just in higher-risk times!

Is your home safe?

Properties in the Rugeley, Stafford, Cannock and Uttoxeter areas were targeted by offenders.

The majority of these properties were left insecure and small items including wallets, mobiles and handbags were stolen.

Residents are urged to look at their property through the eyes of a burglar and make adjustments if there are weak security spots.

This is really good advice when considering your home security. It is also a good idea to apply this to your personal security – look at yourself through the eyes of a mugger, ‘monkey-dance’ thug, rapist or sadistic violence opportunist. You’ll learn a lot about yourself and your personal security.

The warning urges people to lock their doors and shut windows when they go upstairs or into the garden. I always say to people (because it’s true) that you should consider an unlocked door an open door, as it very nearly is. The barrier it presents to a committed criminal is negligible at best.

To keep burglars at bay:
  • secure passageways and side entrances, make sure sheds and garages are fitted with proper security locks, and put away tools so they can’t be used to break in to your home
  • if you have to leave ladders outside, make sure they’re on their side and securely fixed to a wall or permanent fixture
  • keep wheelie bins secure and away from your property to stop thieves using them to get through first floor windows, or setting fire to them
  • mark items with your postcode and house number using an ‘invisible’ pen available from DIY stores. This makes stolen property easier to identify
  • ensure valuable items are not left in plain view and keep them away from windows and doors
  • fit mortise locks to all front and back doors and locks to windows that are in easy reach
  • keep house and car keys safe and away from doors, windows and letterboxes
  • keep garages and sheds secure
  • fit low cost security lighting as a deterrent.

All good advice – it should be common sense and second nature though! If you’ve got any doubts, questions, worries, etc about this kind of thing then there’s further information on www.staffordshire.police.uk or you can call their non emergency number on 0300 123 4455.

Alternately, join the discussions already taking place on our forum – it’s completely free, and the users are all friendly and respectful. Find us at http://cspsonline.proboards.com, or use the button at the top of this page.

There’s a discussion started on whether you’re prepared or not here – what do you do to keep your home safe from invasion? http://cspsonline.proboards.com/index.cgi?board=general&action=display&thread=26

There’s a discussion here about the (fairly) recent clarification of UK home defence law as well, with useful links to further information: http://cspsonline.proboards.com/index.cgi?board=general&action=display&thread=27

The original police article can be read here: http://www.staffordshire.police.uk/news/news_releases/110926_21_security_warning/?view=Standard

Image courtesy of Guardian.co.uk (http://static.guim.co.uk/sys-images/Money/Pix/pictures/2007/09/26/Burglar276.jpg)

Follow

Get every new post delivered to your Inbox.

Join 2,077 other followers

%d bloggers like this: