CPP experiment looks at ID fraud risk associated with selling second hand mobiles

A recent experiment by life assistance company CPP reveals many people are leaving personal details on their mobile phone or SIM card, leaving them more vulnerable to identity fraud when they sell them on.

Online PR News – 23-March-2011 – – Life assistance company CPP purchased second hand mobile phones and SIM cards through Ebay and used electronic shops. The experiment examined what personal data was available on the mobile handsets purchased and whether this information could be used to commit identity fraud.

Alarmingly the experiment revealed 247 pieces of personal data were left on a range of mobile phones and SIM cards, leaving previous owners open to the risk of identity theft. Information found included:
• Credit and debit card PIN numbers
• Bank account details
• Passwords
• Phone numbers
• Company information
• Log in details to social networking sites, such as Facebook and LinkedIn.

The experiment also revealed 81% of those questioned claim to have wiped their mobile phone before selling on and that six out of ten people were confident that all their personal details have been removed. However 54% of mobiles and SIM cards were found to contain sensitive information, unknowingly putting people at risk of identity theft.

The life assistance company’s findings were supported by data that found 50% of second hand mobile phone owners said they had found personal data when they had purchased second hand mobile phones or SIM cards.

Most people claim to have wiped their mobile handsets manually, which security experts acknowledge leaves information intact and retrievable and therefore at risk of id fraud.

Mobile data expert from CPP, Danny Harrison said: “This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data and put them as risk of identity fraud.

“With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data.”

Danny continues, “If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so, such as being a victim of id theft.”

Jason Hart, Senior Vice President of CRYPTOCard who was commissioned by CPP to carry out the experiment said, “The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications.”

CPP’s top tips on wiping your mobile phone of personal information to prevent identity theft:

1. Restore all factory settings – this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 – 4 to protect your data
2. Remove your SIM card and destroy it
3. Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else
4. Log out and delete– make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection
5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password
6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side
7. Don’t store vast amounts of personal information on your mobile phone / SIM
8. Make sure you check your bank statements regularly to monitor for suspicious transactions
9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
10. If you want more information on how to protect yourself from id fraud or see how these experiments worked, please visit CPP’s blog

--- ENDS ---

About CPP

CPPGroup plc are a global Life Assistance company who provide products and services designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.

CPP’s online product portfolio includes:
• Identity fraud Protection
• Mobile Insurance
• Card Protection
• Your Law legal services.

Established in 1980, CPP has 11 million customers and more than 200 business partners across Europe, North America and Asia and employs 2,300 employees who handle millions of sales and service conversations each year.

Media contacts

For more information or to arrange a time for interview with CPP’s mobile expert, Danny Harrison, please call Band & Brown Communications:

• Sarah Davidson –0203 451 9405/ 07731 462451
• Bryony Partridge – 0203 451 9406 / 07846 004 416

Contact details:

Nick Jones
Head of Public Relations
CPPGroup Plc
Holgate Park
YO26 4GA
United Kingdom
Tel: +44 (0)1904 544 387
Fax: +44 (0) 1904 544 750
Mob: +44 (0) 7739 169 780


Notes to editor

* 247 pieces of data were left on 19 of the 35 mobiles phones and 27 of the 50 SIM cards

Research Methodology

ICM interviewed a random sample of 2011 adults aged 18+ online between 16 – 18 February 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk

A live experiment was also carried out in February 2011. Ethical hacker Jason Hart was commissioned by CPP to conduct a number of reviews relating to the data contents of re-sold mobile devices used and SIM cards within the United Kingdom with the objective of the review being:

- Understand if sensitive information has been left on resold mobile devices
- Understand what type of information is stored
- To see if information can be recovered from resold mobile devices even if the mobile device has been deleted by using software freely available on the internet
- Understand what information can be found on used SIM cards
- To see if it would be possible to use any information found to on a mobile device and or SIM to conduct any form of identity theft against the original owner of the device and or SIM.

35 second hand mobile phones and 50 SIM cards were analysed using the following techniques:

- A mobile phone SIM Reader (a standard SIM reader that can be purchased from most electric stores)
- SIM recovery software
- Forensic examination software - mobile forensic software that analysis mobile phones, smartphones and PDAs for data.