More caution when entering emails is needed to fight fraud

Signing up to a new online service or creating an email account is straight forward part of modern life, but specialists now say that this innocuous activity could leave us woefully vulnerable to would-be online fraudsters.

 Speaking on the BBC news website, tapping in our credentials could amount to “handing over the keys” to our digital lives, says the University of Surrey’s professor Alan Woodward.

Making an apparently innocent mistake such as entering an incorrect email address enabled investigators at the BBC to view information relating to a third party’s credit report. Private details held on credit scoring website, ClearScore, were viewed by “someone of the same name.”

In the test case, an individual appeared to register with the credit firm, but submitted an incorrect email address, which is also used as the account holder’s username. An email was subsequently delivered to the owner of the mistaken address of the same name. That individual was then able to alter the password, change account access credentials and access a vast number of personal details.

Historical internet information, previous residential addresses, birth dates and credit data were among the pieces of information that could be obtained without the proper authorisation.

Details such as these that are grist to the fraudster’s cyber-mill. A criminal party would be able to use the data to apply for loans and other financial services under the name of the unknowing victim.

After having the situation flagged up, a spokesperson to ClearScore said:

“When something like this happens, ClearScore makes the worst-case assumption that it is fraud and locks everything down.”

The site sends reminders at the point at which new accounts are created to alert users to the importance of entering login information correctly, while further details are in evidence on ClearScore to give guidance on staying safe online.

Speaking to the BBC, professor Woodward underlined the importance of users choosing safe and more complex passwords when it comes to signing up to services on the internet. It is also important that individuals regularly review and change their log-in credentials to mitigate against the chance of fraudulent activity taking place.

Ultimately, extra care should be taken when submitting email addresses on service log-in pages because “an email address is the key to your digital life.”

In this capacity, professor Woodward recommended that users should pay attention to underscores and dots which can easily be mistyped if codes are being entered in a rush.

Two-factor authentication – such as a code to a mobile phone – offers a far more secure gateway for applicants, while the requirement for applicants to enter their email addresses twice also contributes to more scrupulous procedure. Moves are underway among institutions in the financial industry to develop new ways of verifying a customer’s identity.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.