Vulnerability AssessmentBy Simon Lincoln | 24 Jun 2022
Although your house may be secure, your rubbish and recycling bins are always exposed and within the public domain, usually left out on the street for everyone to access. During my police career, I remember investigating a case where someone had a substantial amount of money stolen from her bank accounts. During the investigation, some of her credit card receipts, which she threw in her bin in London, were linked to an overseas address.
We regularly conduct Open-source-intelligence (OSINT) vulnerability assessments (VR) on and for clients, with the aim to find out how much information is in the public domain that could potentially be used against them by criminals. This process includes basic online searches, 192 checks, company house checks, dark web investigations and social media research. Results can vary depending on a number of factors including whether the individual makes a conscious effort to stay low profile and protects his/her privacy. Key initial information we (or criminals) look for is addresses, vehicle details, extended family details, dates of birth, financial information, images etc.
This week one of our analysts conducted a VR on an individual starting only with his name - the analyst very quickly identified the client’s main home address, wife’s details, home phone number, recent images of the family and that he was worth in excess of £50 million. Based on these findings we started to collate the information into a vulnerability assessment report (VAR) and conducted a reconnaissance tasking at the identified address to assess security/vulnerabilities at the property and look for additional information etc. We checked the rubbish bins which were at the front of the house and without a need to dig too deep we found packaging confirming names and address plus a discarded parking ticket that provided the client’s vehicle details.
Based on all the information uncovered it was pretty clear the client was a high-net-worth-individual (HNWI) and due to this could be a prime target for criminals. This could include exploitation, blackmail, identity theft or house robbery. Having said that, you do not need to have such a wealth or be high profile to be a victim of identity theft, theft or exploitation.
We have posted previously on subjects such as property protection/security and identity theft and will post further on online vulnerabilities and how to limit and reduce your vulnerability online. But the key lesson for this post is – do not Put Your Identity in the Bin! We’re constantly told to be careful about what data we share online, so we might password protect everything, and have our privacy settings on social media as tight as possible. So why then, are many people happy to throw a bank statement in the bin? Personal info like bank statements can be used by criminals to steal someone’s identity and apply for credit cards and other things in their name. But it’s not just bank statements, utility bills are proof of address. Discarded birthday cards might give away a date of birth etc. Worryingly, millions of people throw away documents containing their credit card or debit card numbers. If a criminal gets their hands on that, plus the card’s expiry date and your signature, they can make a purchase in your name. Anything with sensitive information should be shredded before it’s put in the bin. You can buy a crosscut shredder for as little as £20 – this will prevent these sort of crimes. Always be vigilant, always think about what you are putting in your bins and always shred everything with your and your family’s details.
If you need any advice on this or any services we provide, please email us at firstname.lastname@example.org or telephone 02074 999 323.