Cyber hackers are trading the details of tens of thousands of Wigan residents on the Dark Web in a bid to extort them for cash and goods.
Shock research by the Johnston Press Investigations Unit and London data firm C6, show personal data of a staggering 54,327 borough people are for sale on the underground marketplace.
You need to be aware and challenge everything that comes in. You need to be a pessimistNigel Morgan
The illicit data - from email addresses and pictures to credit card details and passport numbers - are up for grabs on encrypted areas of the internet hidden from ordinary search engines.
The data firm employed expert staff to track the number of identities being sold on the Dark Web, with people’s email addresses and names traded through encrypted chat rooms.
The postcode area with by far the biggest number of IDs up for sale - 13,642 - is WN8 which covers the west of the borough including Up Holland, Parbold and Newburgh. The next highest, with 8,436, is WN2 which includes Hindley, Ince, Aspull and Platt Bridge.
The remainder are WN1 (2,774); WN3 (4,934); WN4 (4,326); WN5 (6,817); WN6 (5,663); and WN7 (7,735).
Johnston Press Investigations Team reporter Oli Poole discovered just how straightforward it can be for hackers to steal someone’s identity...
In less than two hours, experts uncovered enough information to potentially defraud both me and my family – and you are probably equally vulnerable.
In double-quick time, a team from Cyber 123 and FSecure were well on their way to stealing my identity.
“We are pretty confident we could have scammed you or one of your family members,” said Cyber director Nigel Morgan, whose colleagues had sifted an astonishing amount of my personal data in their lunch break.
Building a social profile using publicly-available information online was the first step. What they found was easily enough for a compelling episode of This is Your Life. Barring a beyond-the-grave message from my late hamster, it felt like I’d spent an hour with Mystic Meg. They knew my age, address, mobile and work telephone number and email address, a detailed work and education history, my living arrangements and much more.
As a journalist, some of the information was easily gleaned from sources like LinkedIn and Twitter – but other details were less obviously sourced.
One tweet, it transpired, opened up a chasm of opportunity, leading to discovery of details about my nephew, pregnant partner and her family. One chink led to potentially catastrophic conclusions.
And while my Facebook profile may have been fairly secure, the lax privacy settings of other family members left us exposed.
Combined with other directory sources like 192, the team had a dearth of data. Even I did not know when my partner’s mother and stepfather moved in together. My would-be scammers did.
The consequences could have be catastrophic.
I was in no doubt speculative cyber attacks were possible. Although the swift social sifting might not have accessed my bank details, for example, the team were clear unscrupulous individuals could have dug further and it might only have been a matter of time.
I was left scrabbling to do all I could to protect myself in future. A family summit was called and I will always be looking over my shoulder.
Wiping your digital record entirely is impossible. If you are a businessman for example, Companies House provides the perfect start. Nigel showed me two scam letters from the Office for National Statistics and HSBC he received in recent weeks. He believes Companies House was the scammers’ hunting ground.
Other personal details will always be available via the electoral roll or directory sites like 192.
Education and awareness of scams is, Nigel argues, the key to protecting yourself, almost expecting you will one day become a target.
He said: “You need to be aware and challenge everything that comes in. You need to be a pessimist. For example, if you get a bank letter go to its website and check if the contact details are correct and then ask them if they sent the letter.”
If your social media settings are not set at the highest level, your family and friends may not be. This could open up avenues for scammers. Spreading the word is a great start to minimising the risk.