Experian Research: Behaviour and Attitudes Towards Protecting Personal Data Online

New research* today from Experian Consumer Services, the new name for Experian Interactive reveals that:

  • 70% of consumers don’t know how to protect their personal data online
  • 69% were concerned about identity theft and online crime
  • 18-24s were least likely to understand the importance of protecting online personal data.

The research sought to investigate peoples’ behaviour and attitudes towards protecting personal data online. The findings also highlight:-

  • 80% of customers are likely to be more loyal to companies that demonstrate they proactively protect customer data
  • Just under a third (30%) felt they had a good understanding of how to protect personal data online.

Peter Turner, managing director of Experian Interactive, UK&I said:

“The research showed there is a great opportunity for those companies that are transparent and are able to demonstrate to consumers how they proactively protect their data. 8 out of 10 customers were more likely to be loyal to a company that did this.

For smaller companies and those without the brand reputation of large retailers or other transaction-based sites, being able to clearly demonstrate the measures in place to protect customers from data theft may mean the difference between securing a sale over a competitor.

Throughout the research interviews it was clear there were considerable variations in both the levels of confidence people had when online and knowledge of how to protect their data online.”

Peter Turner concluded,
“The most effective way of improving levels of confidence will be greater transparency and organisations reassuring the public that they take good care of personal data entrusted to them.”

*Carried out by ICM research in May 2012

1 Comment

I’ve got a new credit or debit card – now what?

Staying ahead of fraudsters and protecting your identity is tricky at the best of times, but certain events in our lives can make it easier for criminals. One of the most common of these is getting a new credit or debit card.

There are many dangers with a new card starting from receiving through the post to trying to remember new pin numbers so we have put together a list of top tips to keep you safe with a new card:

1. If possible pick up your card at your bank or building society; your post can be intercepted
2. Cut up your old card as soon as you get your new one – make sure you split up the numbers on the front and the three digit code on the back
3. We would recommend choosing a completely random PIN, one that is not a numeric sequence, or a sequence on the keypad. We would strongly advise that the PIN does not relate to your date of birth, or link to any other information held in your wallet. It is also strongly recommended not to use the same PINs and passcodes for different cards and devices.
4. If there is a delay in receiving your new card or the envelope looks like it may have been tampered with, we recommend keeping an eye on your accounts and report any transactions you do not recognise immediately to your bank.
5. Register the new card on your DataPatrol account

Here at Garlik we can help, so let us know if you believe you have fallen victim to a scam or if you have any questions or queries – get in touch at support@garlik.com

Stay Safe & Stay Aware

Leave a comment

Watch out for “Reverse Smudge Engineering”!

This issue was brought to the attention of Tim Bray, an Android evangelist, who realised that ‘Greasy finger traces can potentially reveal the pattern used to unlock Android devices’, chances are you might have noticed the same thing if you use a similar method to unlock your phone.

The majority of Androids unlocking systems use a swipe pattern across three-by-three dots. However, after a couple of peanuts, or a few crisps, the pattern could be clearly visible on your device, giving scammers the chance to figure out the pattern from marks left on the screen.

Our Advice
Google conclude that the PIN unlocking system is safer. We would recommend checking the security settings on your Android, as some allow you to amend the way you unlock your phone.

If you cannot amend the unlocking method, we would advise being aware of the issue & wipe the screen regularly!

Stay Safe & Stay Aware

1 Comment

The Potential Pain of Pathetic PINs & Passcodes

A 2011 study by Apple iOS developer Daniel Amitay showed that 15% of all passcodes used to access iPhones are one of the following:

1234 0000 2580 1111 5555 5683 0852 2222 1212 1998

This is increasingly concerning as a more recent study by cryptographers at Cambridge University show that this is a similar case with people’s bank PINs.

The study suggests one in 20 people use a simple numeric pattern such as 4545 whilst one in 10 use a pattern on the entry keypad. “Unfortunately 23% percent of users chose a PIN representing a date, and nearly a third of these used their own birthday.”

99% of customers report that their birth date is listed somewhere in their wallet so if their wallet becomes lost or stolen, the attacker will have around a 9% chance of successfully guessing the users PIN.

The problem is then compounded if you use the same PINs and passcodes across devices and banking cards; losing both your phone and wallet will then potentially mean that not only are your cards compromised but your phone also, together with your contacts, personal notes and logins to all of the online services you access from a smartphone.

Our Advice

Most of the top passcodes follow typical formulas, such as four identical digits, moving in a line up/down the pad, repetition. 5683 is the passcode with the least obvious pattern, but it turns out that it is the number representation of LOVE (5683), once again mimicking a very common internet password: “iloveyou.”

We would recommend choosing a completely random PIN, one that is not a numeric sequence, or a sequence on the keypad. We would strongly advise that the PIN does not relate to your date of birth, or link to any other information held in your wallet. It is also strongly recommended not to use the same PINs and passcodes for different cards and devices.

Stay Safe & Stay Aware

Leave a comment

The “Tech Support” phone scams that just won’t go away

You have probably all heard of these scams or even been targeted yourselves, the premise is simple; a fraudster cold-calls you to inform you that you have “errors” on your computer, which may have caused your system to “slow-down”. Computers always “slow-down”, it’s just a fact of life!

Anyway, if you are tricked, the fraudster can direct you to dangerous sites that will prompt you to enter personal details and often payment details for a “protection package” to which you do not subscribe and that you do not need.

Recently though that scam has matured; fraudsters are beginning to direct their victims to websites such as ammyy.com, showmypc.com and logmein.com, all of which are legitimate services allow remote access between PCs. However if you are tricked into installing this by the rogue caller then you will be enabling them to view, download and basically do what they want with your computer and information!

The scammer will go on to show you what appear to be error messages and will offer to fix your computer “for free”, but of course they are not and, they will not.

What can you do if you’ve been caught out?

You should report similar scams to Action Fraud who provide a central point of contact for information about fraud.

We would also recommend that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

Here at Garlik we can help, so let us know if you believe you have fallen victim to this type of scam, get in touch at support@garlik.com

Stay safe & stay aware


Criminals flog Facebook & Twitter passwords

Reported by Dan Hyde – Click to see original report

“Online gangsters have started flogging Facebook and Twitter passwords to other criminals for as little as £20 on ‘factory outlets’ hubs.

Gangs using viruses to invade bank customer’s PCs and steal their log-in details are also scooping up social media passwords and email addresses.

With data piling up, the hackers have launched ‘factory outlets’ to profit from their surplus bounty.

Millions of sensitive personal details are being auctioned off in bulk to other cyber-criminals, Internet security firm Trusteer says.

Buyers are being charged $30 dollars for initial access to the factory outlet, and can then get a one-off instalment of all the data from a certain country, such as the U.S., UK and Germany.

The danger – apart from the obvious ability to wreak havoc – is that scammers can surreptitiously use Facebook and Twitter to trick their victims into downloading powerful viruses, then use to access online banking pages by stealth.”

How we can help

DataPatrol acts as your personal guard-dog online. It is always vigilant, continuously monitoring the web, social networks, public databases and the “dark web” on your behalf – to immediately detect the theft, loss or disclosure of your vital personal and financial information.

We recommend our customers enter their twitter ID and Facebook logins into their DataPatrol account so we can constantly monitor the data and notify you if your details are detected.

Our Advice

We recommend that you never click on suspicious links from emails or social networks. You should always confirm via another form of communication that the user is who you think they are.

We also suggest that to do not give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

If you believe you may have fallen victim to this or a similar scam and please feel free to get in touch at support@garlik.com for further advice

Stay Safe & Stay Aware.

Leave a comment

TicketWeb email marketing system hacked.

On the 11th February 2012, TicketWeb UK’s direct email marketing system was exposed to unauthorised access.

Users of TicketWeb may have received up to four emails with the subject “Action Required: Update Your PDF Application”. The email contained two links to update your “Adobe Acrobat PDF application” but you guessed it, this links to a phishing site that tempts users to enter personal information and credit or debit details..

This is the fake website created by the fraudsters, using Adobe’s trademarked logos and styles heavily. This links to some PDF related software, nothing to do with Adobe itself.

It wasn’t until the next day that TicketWeb sent an Urgent Alert email to their customers who had been affected but unfortunately, this may have been too late.

Our Advice

TicketWeb advise not to click this link & to delete the email, they also state that ‘no credit card information was vulnerable during this attack’. If, however you did fall victim to this scam and clicked the link to enter further information then you would have been prompted to enter your name and email address on the first page, choose a product version on the second page and finally enter payment information on the third page.

We have checked the scam link through ‘Virus Total’ and it does not appear that it contains any malware, so we believe that this was purely a phishing attack designed to trick customers in to sharing personal and financial information.

If you believe you have fallen victim to this scam and have shared any payment information then you should contact your bank immediately to cancel your debit or credit card.

Please feel free to get in touch at support@garlik.com for further advice and to discuss what extra information you think you might have accidentally shared, we can help!

Stay safe & stay aware

Leave a comment

Former hacker gives online safety advice

A computer hacker from Whitehaven has been describing how he hacked into email accounts using the information publicly visible on people’s Facebook accounts.

After looking through his victims Facebook page, Chris Hardy, who recently pleaded guilty to fraud by false representation, managed to acquire enough information to figure out the answers to the victims’ security questions on their email accounts. He was then able to reset the victims’ Facebook passwords and access their Facebook accounts.

Going a step further, Hardy also used the Facebook Chat application to convince one of his victim’s friends to hand over their credit card details.

Keep personal details private on Facebook

Hardy states; “There is an option to hide your address and that will stop people knowing your email address and hacking into your Facebook account.”

You can do so by clicking in the “Info” section of your Facebook page and selecting Edit next to the “Contact Information” section. There will be a drop down list next to your email address that will allow you to change the privacy settings to as who can view your email address. You should consider doing the same for postal address and phone number.

Take care sharing financial details online (full stop)

Hardy himself pleads for users to be more careful about who they communicate with online. We recommend that you never give bank details out over the Internet, whether it is by online chat, instant messenger or email. This includes emailing your account number and sort code to a friend, always remember that email is not completely secure, so try and split them up. As an example you could send the account number by Skype and the sort code by email.

Stay Safe & Stay Aware.

Leave a comment

Acquisition of Garlik Limited

23 December 2011 – Experian, the global information services company, announces that it has acquired Garlik Limited, a provider of web monitoring services based in the United Kingdom.

Founded in 2005, Garlik helps consumers to protect themselves from the risks of identity theft and financial fraud. Through its main product, DataPatrol, Garlik captures and monitors information from a variety of sources across the wider web and social networking sites using its proprietary web-crawler technology. DataPatrol generates alerts when an online loss, disclosure or theft of consumer data is detected, and suggests next steps on how to respond to incidents before an individual becomes a victim of financial crime or identity fraud. Garlik provides services in the UK, US, Germany and Italy.

The acquisition of Garlik extends Experian’s presence in identity protection, consistent with Experian’s strategic goal to become the most trusted consumer brand for credit monitoring and identity protection services. It enables Experian to offer a more comprehensive identity protection product to its customers and clients, while accelerating plans to expand consumer protection services into new geographies. The acquisition will form part of Experian’s Interactive business.

At 31 December 2010 Garlik had gross assets of US$1m. Garlik was acquired from venture capital investors DFJ Esprit and Doughty Hanson, and the founding shareholders. The acquisition has been funded from Experian’s existing cash resources.


Nadia Ridout-Jamieson, Director of Investor Relations; +44 (0)20 3042 4215
James Russell, Communications Director, UK&I and EMEA

Rollo Head; +44 (0)20 7251 3801
Don Hunter

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US$4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Leave a comment

Stay Safe at Christmas

For the majority, Christmas is a time for giving, but many scammers increase their efforts around the Christmas period and see it as a chance to get hold of our hard earned cash.

We have picked out a variety of famous Christmas scams to give you guys a better chance of avoiding these nasty tricks.

Fake charity appeals
If you get an email asking for donations, apparently from a recognised charity, proceed with caution. Reputable charities never ask for money via email, so any website you are directed to will probably be designed to collect your personal and banking details. There are plenty of worthy causes to support this time of year, so make sure donations are going to the right ones. Whether giving online or through text messaging, thoroughly review the charity, look at the organization’s privacy policy and verify if it has appropriate security measures in place to protect transactions. To review charity evaluations, visit www.bbb.org/charity.

Wi-Fi Scams
Sitting in a coffee shop surfing the Internet is not always as handy as it might seem. Make sure the wireless network is password protected, or someone might just be using specialist software to gain access to your passwords and personal details. If you are logging in to email or online banking from an unsecured, public network, you are asking for trouble.

Themed attachments and ‘spam’
Unsolicited email should always be treated with suspicion, more so in over the Christmas season. Any email from a sender you do not know, and which asks you to visit a website or open an attachment is probably not the festive fun it claims to be:

    • Ensure you have a spam filtering service active on your email account and if you do receive any spam mail, do not open any attachments or click on any links.
    • Notify your contacts that your account is sending out spam messages and for them not to open any short, non-titled or unusually titled emails from you and to ensure that any spam emails they receive are marked as spam and then deleted.
    • Ensure your anti-virus and spyware software is up to date and run a scan to check for any issues

Laptop theft
If you are going away for Christmas, lock away your laptop. If it is stolen, the chances are the thief will find a way to access your passwords and personal details, then have a merry old time spending your money.

You’ve heard of phishing? “Smishing” is when a phishing SMS, or text messages, gets sent to your phone. “These texts appear to come from your bank or an online retailer saying that there is something wrong with an account and you have to call a number to verify your account information. In reality, these efforts are merely a ruse to extract valuable personal information from the targets,” McAfee says.

You should be extra vigilant over the Christmas period. If something looks to go to be true, it probably is. So make sure you carry out research before providing anyone with your personal or payment details.
Stay Safe & Stay Aware

1 Comment