Saturday 28 July 2007

Door-to-Door Personal Information Gathering

It's just after lunch time on a sunny Saturday afternoon, it's great to finally have some sunshine for once, it's been a very rainy summer in the UK. Anyway about 5 minutes ago my door bell rang and I was greeted by a smartly dressed young man, who handed me a leaflet, advertising a carpet cleaning or something like that and a free prize draw for a car. According to the leaflet is was by a company called "Total Homecare (lancs)". It's what happened next that really bothered me...


young man>we're new the area I'm just handing out leaflets, we do carpet cleaning, and we having a free prize draw for a new car (car was a cheap Nissan Micra)
me>ok, but most of my house has wooden floors and I already have a car, so I'm not really interested
young man>ok, let me just take your name...
me>hang on minute, I'm not the sort of guy that hands out personal details to people I don't know.
young man>Oh don't worry about that it's all covered by the Data Protection Act
me>oh really, just how is it covered by the DPA?
young man>eerrh, ermm, you know, we'll look after your details
me>Ok, can you please explain how you do that? You understand what the DPA is, right? Perhaps I should explain where I'm coming from, I'm a bit of Information Security Expert...
young man>erm, listen it doesn't matter I don't need to take your details, I'll just leave the leaflet, good bye

I'm not saying this company isn't legit, but they really should be careful how they go about gathering personal details and training their staff, especially about the Data Protection Act, which clearly wasn't understood. I guess a lot of people would have accepted the standard response of "it's all covered by the data protection act". Personally I don't like organisation or strangers that knocks on my front door. So he sure picked the wrong door bell to ring on this occasion.

8 comments:

Anonymous said...

Well, it's way more interesting what can be done if such smalltalks are started on purpose. I'm referring to social engineering here, a field I'm coming from.

You expressed that pretty good in this sentence: I guess a lot of people would have accepted the standard response of "it's all covered by the data protection act"

Even trained people are likely to be tricked by a well versed social engineer.

Nothing new, just my 2 cents on your story.

Rob said...

"Bit of an Information Security Expert"? Don't be so modest Dave! You should have invited him in and tested him...

When I was at Bath University we had Jehovah's Witnesses come around to our house:

"Are you worried about the proliferation of nuclear power in the world?"

"Not really, I'm a nuclear physicist", I replied wearily (I was studying gamma radiation decays at the time), "nuclear power is much safer and cleaner than fossil fuels. I'm exposed to it everyday."

They declined my invitation into the house. Beat them at their own game! :)

Anonymous said...

I'm a Jehovah

Forget the DPA

Jesus loves you and will protect you always


John

SecurityExpert said...

that may be John, but Jesus isn't going to protect your personal data and your PC from the bad guys on the internet...

Anonymous said...

Dave

Remember

You will find no bigger fire wall than in hell!

God is Omniscient so has the capacity to know everything infinitely, or at least everything that can be known about a character including thoughts, feelings, life and the universe, etc. Those internet bad guys better watch out.

Perhaps we should meet to dicuss this more. In the meantime you can go to www.watchtower.org

Your Friend

John

SecurityExpert said...

Sorry, I just don't do religion...although "God Proof Security" could make an excellent title for my next security awareness campaign.

Anonymous said...

This is the Kirby Vaccuum cleaner scam. There's no car and when you "win" the free carpet shampoo prize they try to flog you a vaccuum clean for 2.5k, very hard sell and extremely intimidating. Went along with it for 3 and a half hours to keep the away from vulnerable neighbours, never intended buying the equipment, had the salesman going by telling him all about bacteria and that I had OCD, he thought he was on a winner, have reported them to trading standards.

london office cleaners said...

Wow very interesting post. Door-to-door. I will visit your site more often.