Ever wondered how much information someone you weren’t friends with online could quick unearth about you?
In less than two hours, security experts uncovered enough about me to launch cyber attacks against my family and I - and you are probably equally vulnerable.
Countless sources warned us during this week’s investigation into cyber crime by the Johnston Press investigations unit that failing to take simple steps to protect our data left us vulnerable to identity theft and cybercrime.
To test the theory, I offered myself as a guinea pig to highlight common mistakes.
And in double-quick time, a team from cyber security consultants Cyber 123 and FSecure were well on their way to stealing my identity.
“We are pretty confident we could have scammed you or one of your family members,” said Cyber 123 boss Nigel Morgan, whose colleagues had sifted an astonishing amount of my personal data in their lunch breaks.
Step one was for the team to build up a detailed social profile of me.
Using publicly-available information, they easily built up enough for a compelling episode of This is Your Life.
Barring a beyond-the-grave message from my late hamster, it felt like I’d spent an hour with Mystic Meg.
For a start, they knew my age, address, mobile and work telephone number and email address, a detailed work and education history, my living arrangements and more.
As a journalist, some of the information was easily gleaned from sources like LinkedIn and Twitter - but other details were less obviously sourced.
One tweet about a relative, it transpired, opened up a chasm of hacking opportunity, leading to information about my nephew, pregnant partner and her family. One chink led to potentially catastrophic conclusions.
And while my Facebook profile may have been fairly secure, the lax privacy settings of other family members left us exposed.
Combined with other directory sources like 192, the team had a dearth of data.
Even I did not know when my partner’s mother and stepfather moved in together - but my would-be scammers did!
I was in no doubt speculative cyber attacks were possible.
Although the swift social sifting might not have accessed my bank details, for example, the team were clear unscrupulous individuals could have dug further and it might only have been a matter of time.
I was left scrabbling to do all I could to protect myself in future.
A family summit was called and I will always be looking over my shoulder.
Wiping your digital record entirely is impossible.
If you are a businessman for example, Companies House provides the perfect start.
Nigel showed me two scam letters from the Office for National Statistics and HSBC he received in recent weeks. He believes Companies House was the scammers’ hunting ground.
Other personal details will always be available via the electoral roll or directory sites like 192.
Education and awareness of scams is, Nigel argues, the key to protecting yourself, almost expecting you will one day become a target.
He said: “You need to be aware and challenge everything that comes in.
“You need to be a pessimist. For example, if you get a bank letter, go to its website and check if the contact details are correct, and then ask them if they sent the letter.”
If your social media settings are not set at the highest level, your family’s and friends’ may not be.
This could open up avenues for scammers. Spreading the word is a great start to minimising the risk.
HOW TO AVOID BEING HACKED
n Social media – Don’t fill in the personal details, like age, email address and phone numbers, sites like Facebook want you to unless you have to.
Mr Morgan recalled a customer who was hacked ultimately because he said he was financial director at a named company.
Hackers accessed his account by guessing his email and password, using information gleaned from his social profiles;
n Social privacy – check your Facebook pages and posts have the highest privacy settings. They are initially open by default. Facebook help sections have handy tips;
n Email - Use a variety of email accounts for different things. If you have linked an email address to social media, do not use this address for things like online banking;
n Passwords - Consider password vault software like LastPass to keep your passwords secure.
Never let your web browser “remember” your passwords. Search for password strength calculators like howsecureismypassword.net to assess the integrity of your passwords.
Never put your password in them, use a similar one to test;
n Be alert – Question everything. If you receive a bank letter asking you to call them, verify the number through the bank’s official website.