With autumn nudging temperatures lower tonight, there's a chance you'll be sleeping snug under that new duvet you bought online from John Lewis. Before that, you might watch a DVD rented from movietrak or read a chapter or two from the Amazon bestseller you got last week. This bout of retail therapy, with reputable suppliers approved by Verisign and others, will be conducted with a clear and guilt-free conscience because you checked the balance of your Smile account earlier, over an SSL connection, and found a reassuring onscreen balance. In fact, the extra overtime you've been doing this month means that you could treat yourself to a nice Sunday lunch in a smart restaurant on your Visa card, knowing you can easily cover the cost when you get the statement next month. Whilst you're sleeping later, I'll be hard at work processing your financial data. The only problem is that I don't work for you bank, a retailer or clearing house.
In this hi tech world, there are plenty clever enough to steal data from your online transactions but that's a little too advanced for me. You see, I'm the waiter from the restaurant, who you'll be tipping so generously after finishing your roast beef and Yorkshire pudding. Although I'll be grateful for the tip you're going to give me, it is peanuts compared to the money I'll be getting from a bloke in my local pub in return for your credit card details. I'll start by using a portable magstripe reader hidden in my apron pocket to copy the data from your Visa card's magnetic strip whilst on my way to the till to make up your bill. An easy £25 for two second's work. However, I'm learning my new trade fast and have invested a few of my 'extracurricular' earnings in a decent PC - you see, I've moved from credit card theft into ID theft. So, instead of selling your information, maybe I'll download it to my PC and, using some cheap software, I'll start to exploit it. First, I'll confirm that the name, address and telephone details I got from the restaurant's reservations book match the one from your card's magnetic strip. Armed with these, I'll pop over to your place sometime in the small hours of the night, to have a look around and find your wheelie bin. From it, I'll quietly remove black bags containing the last few days rubbish. From these, in the seclusion of my garage and away from suspicious eyes, I'll pull three soggy but readable documents - a bank statement, your gas bill and your electricity bill. The first will give me your bank account details as well as reconfirming your name and address. The second two will come in very handy as they are among the most widely accepted proofs of ID. With the information gathered so far and a few little white lies, I'll be able to acquire yet another two 'cornerstone' proofs of ID - a replacement birth certificate and driver's licence - porably via a pefectly legitimate service like this. From the former, I'll get your mother's maiden name, which will come in handy when your online bank ask me for it later. Having said that, they could ask me for the name of your first school instead but I'll get that in 30 seconds flat from a name search at Friends Reunited. Within an hour or so of raiding your bin, and to cover my tracks for long enough to abuse your account, I'll be calling your online bank's 24 hour helpline, posing as you of course, to change the billing address. This way, you won't be getting any statements or other mail to raise the alarm. As soon as they're awake, I'll be visiting the nearest Royal Mail sorting office to have all your mail redirected. In the space of a few hours, I'll have enough information regarding your identity to ruin you financially and leave you credit blacklisted for years to come. Or maybe someone has beaten me to it? You might want to check, just to make sure.
Sleep tight and mind the bugs don't bite.
Inspired by Rachel Shabi's Weekend Guardian piece: Hijacked your bank balance, your identity, your life.
Posted by bignoseduglyguy at October 26, 2003 01:59 PM | TrackBack