Out-Law News 2 min. read

People give away their identity for theatre tickets


Ninety-two percent of London pedestrians were willing to divulge all the personal information needed to steal their identities just for the chance to win theatre tickets, according to a survey carried out for Infosecurity Europe.

Presenting a survey on theatre-going habits, researchers told pedestrians that if they took part in the survey they would be entered into a draw for theatre ticket vouchers worth £20. To put the public at ease, they were asked seemingly innocent questions about their attitudes to going to the theatre, which were interspersed with questions to find out the details needed to steal their identities, such as date of birth and mother's maiden name.

The survey of 200 people on High Streets across London was carried out as a "wake up call" to highlight how easy it is for fraudsters to use social engineering to carry out identity theft. The intention is to raise awareness of the need to be very careful about the information people give to complete strangers, either face-to-face, by post or on-line, as it could easily be used to open a bank account or even steal their identity.

The first question researchers asked was, "What is your name?", which seems reasonable enough if someone is potentially going to send you some vouchers. All respondents gave their names. They were then asked a series of questions about their views on the theatre in London.

People were then asked if they knew how actors came up with their stage name. They were then told it was a combination of a pet's name and their mother's maiden name and were asked what they thought their stage name would be. Ninety-four percent (94%) of respondents gave their mother's maiden name and pet's name.

To obtain the address and post code, researchers asked for their address details in order to post them the vouchers if they won. Ninety-eight percent gave their address and post code.

To find out the name of their first school the question was asked, "Did you get involved in acting in plays at school?" and then "What was the name of your first school?". Ninety-six percent (96%) gave the name of their first school.

This answer, along with mother's maiden name, are key pieces of identity information used by banks.

In order to find out date of birth, researchers said that in order to prove they had carried out the survey they needed their date of birth. Ninety-two percent gave their date of birth and 92% also gave their home phone number in case there was a problem delivering the vouchers.

At the end of a three minute survey, the researchers were armed with sufficient information to open bank accounts, credit cards, or even to start stealing their victim's identity.

The researchers did not give any verification of their identity; their only tool was a clipboard and the offer of the chance to win a voucher for theatre tickets.

Claire Sellick, Event Director for Infosecurity Europe, who took part in the research said: "This survey showed how easy it is to steal a person's identity and breach a company's security – security is only as good as the awareness of the people it protects."

Detective Inspector Chris Simpson, Head of Scotland Yard's Computer Crime Unit, said: "The results of the survey are disturbing to say the least, however they do highlight the need to raise public awareness of identity theft, what it actually means, how it can happen and the potential consequences."

He continued: "Preventing the theft of your own identity is relatively simple, but it relies on the individual taking steps to protect themselves i.e. restricting the people to whom you reveal sensitive personal data (whether in the physical or virtual context); shredding or destroying personal correspondence before disposing of it and never sharing passwords to access computer systems."

All the information collected by the researchers was destroyed by the organisers of Infosecurity Europe. Three winners were selected at random and sent theatre ticket vouchers.

Detective Inspector Chris Simpson is speaking in a keynote session on, 'Law Enforcement - Cybercrime and International Co-Operation, Prevention, Detection and Punishment,' at Infosecurity Europe 2005, Olympia, London, 26th-28th April.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.