A recent experiment by life assistance company CPP reveals many people are leaving personal details on their mobile phone or SIM card, leaving them more vulnerable to identity fraud when they sell them on.
CPP experiment looks at ID fraud risk associated with selling second hand mobiles
®Do you store personal dataon your mobile phone?If you do then you could be putting yourself at risk of identity fraud, especiallyif you sell or dispose of your mobile phone without completely wiping personaldata. In our live experiment we examined 35 second hand mobile phonesand 50 SIM cards purchased on eBay as well as used electronics shops, to seewhat personal information was available on the handsets and whether itconstituted a threat to their former owners’ identities. Key ﬁndings Key ﬁndings 54% of second hand mobile phones contained personal data including credit/debit card numbers, PIN numbers and passwords 54% ® The experiment revealed 247 pieces of personal information despite the vast majority of people (81%) claiming to have wiped their mobile or SIM card before selling them 81% Half of second hand mobile phone owners admitted they have found personal 50% information from a previous owner 58 per cent have sold or given away an old mobile phone or SIM card with the 58% average resale price of £47 Manually wiping the data was the most common method to delete information - a process that security experts acknowledge leaves the data intact and retrievable
®On the mobile phones and SIM cards we reviewed wefound the following data: Passwords Contacts Usernames Credit Cards Numbers SMS Bank Details Video Photos Email Address Notes Company Information CPP’s top tips on wiping your mobile phone of personal information: Restore all factory settings – this is the ﬁrst step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data Remove your SIM card and destroy it Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password If you are selling on your phone ensure you ask for it to be wiped to be on the safe side Don’t store vast amounts of personal information on your mobile phone / SIM Make sure you check your bank statements regularly to monitor for suspicious transactions Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details If you want more information on how to protect yourself or see how these experiments worked, please visit CPP’s blog http://blog.cpp.co.uk/ICM interviewed a random sample of 2011 adults aged 18+ online between 16 – 18 February 2011. Surveys were conducted across the country and the results have beenweighted to the proﬁle of all adults. ICM is a member of the British Polling Council and abides by its rules. Further formation at www.icmresearch.co.uk. A live experimentwas also carried out in February 2011. Ethical hacker Jason Hart was commissioned by CPP to conduct a number of reviews relating to the data contents of re-sold mobiledevices used and SIM cards within the United Kingdom. 35 second hand mobile phones and 50 SIM cards were analysed during the live experiment. All data found onmobile phones was deleted - either manually or by using the forensic software to remove and destroy the information. The SIM cards were destoyed.