I did something rather strange last week - I stole identities from strangers.
And you know what? It was easy.
It was National Identity Fraud Prevention Week in the UK, which aimed to raise awareness among the public of the danger of sharing their personal information carelessly.
Much of the emphasis was on the importance of shredding identifiable information before throwing it in the bin, and protecting your computer with up-to-date antivirus software, but I was interested in seeing how careless people could be face-to-face.
So I took my video camera onto the streets of Bristol and stopped people in the street to see if they would help me with a "video project" I was working on.
None of them asked my name, or who I was working for, but nearly all of them were only too happy to tell me their full name, email address and date of birth - information that would have been useful if I was an identity thief.
Only one person refused to give us any personal information at all. I reckon that if I had engineered our questions and spent more time with each "victim" I could have probably also gained their postal addresses, and the names of their bank and utility providers.
The odd thing is that I actually believe having the video camera helped me steal information. I think that members of the public were more prepared to stop and talk to me ("thank goodness you're not a market researcher!") because I had a camera and microphone with me.
Has the world's desire for "15 seconds of TV fame" in this multimedia world made us all sloppy with our personal security?
What was good was that most people seemed to have at least heard of the phrase "identity theft", although most clearly weren't being at all sensible about who they shared their private details with.
It seems to me that National Identity Fraud Prevention Week has probably failed in its attempt to raise awareness of the problem - there's much more work that needs to be done before the public learns to be more careful with the personal data they share, both online and in real life.
-------------------------------------------------------------------------------------------------------
Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his blog on the Sophos website you can find him on Twitter at @gcluley.
