Data/Cyber/Cloud Security, Privacy, Website Security, Data Encryption, Malware/Viruses, Open Source Intelligence, Cyber Defence, Data Breaches
This article is from mid-2017 and I just decided to publish it today after re-investigting the topic in June this year, and still finding poor results.

I was happily working at home today (mid 2017) on the phone and the post came. Two envelopes; 1. A congratulations on your new home card since last week I bought a place or really the bank did. 2. A more interesting envelope from a well-known online retailer saying I owe them £1300 and I have missed the payment deadline. Three A4 sheets and one was titled “Notice of Default Sums under the Consumer Credit Act 1974. Erh I was thinking since I have not used that online store in years.

The name rang a bell and I will admit I was wrong here. Not that long ago came a letter from the same online retailer saying your credit statement is zero and your limit is x. I simply read the letter, shredded it and ignored it. Why? Because I have bought from them before and had letters before. Straight on to the phone and they transferred me to their fraud team. They said you have been a victim of identity theft, alarm bells going off and all brain focus has transferred to this phone call.

They said on the phone we will log a case, investigate, update you and notify some identity theft agency called CIFAS. My thoughts were all over the place and I was thinking how this can happen to me, a super paranoid person as you can probably guess with measures such as:

  • Cards never let out of my sight and always in an anti-RFID wallet
  • All documents, even with just a name on shredded
  • Documents and IDs locked away
  • Data shredded
  • All devices encrypted and some files are too
  • No free email accounts
  • Zero knowledge online storage if at all
  • No storage of card data on paper or on my PC
  • Weekly review of bank statements, PayPal and card statements
  • And a lot more
While on the phone I asked how do you get a credit account, they replied you simply request one online. An hour passed and I registered on Experian for £14.99 a month and checked all my finances – everything is fine apart from minus eight points on my credit file and one dodgy entry which is the same company as in the letter. Another hour passed and I called them back and asked what details you need to get a credit account. Just name, address, income, employment status, date of birth etc.

Turning into Mr. Investigator, I went onto their website and signed up with just:
  • Title
  • First name
  • Last name
  • Date of birth
  • Mobile phone number
  • Email address
  • Set password
  • House name / number
  • Postcode
  • Have you lived here for less than 3 years?
  • Residential status
  • Employment status
  • Annual income
  • Total household income
  • Number of dependants
I finished the process in minutes and once logged in it showed me the balance of around £1300 and what Mr., Mrs., or Miss Criminal had been buying. Slim & straight fit jeans, T-shirts, baseball caps and sports shoes in different sizes. We don’t need to be a police detective to work out he or she is not buying it for personal use but to resell. Ordered were placed and collected on two dates last month, delivered via Collect+ to petrol stations on the same road in West London.

You can see what he/she has been buying, track the delivery, see the pickup location and collection times. 15.10, 21.20 and 21.17. Based on this he/she is probably using the same petrol stations on the same road each time in different orders. CCTV anyone?/!

Is the retailer having a laugh or maybe all are? With just a name, address, date of birth you can frame someone for £1500 without needing ID, proof of address or payment details.

Thus it seems someone barely stole my identity but simply figured out what my date of birth is, which is not hard since there are online open databases to find this. Have you ever tried calling up HMRC and others? The verification questions is what is your name, address and date of birth. Panic seems to be over and I will monitor the alerts in Experian for a few months.

It can happen to anyone it seems! Just scrutinise letters more than I did!!