scorecard
  1. Home
  2. tech
  3. A major security flaw has led to me getting mistakenly emailed tons of other people's private information and social security numbers

A major security flaw has led to me getting mistakenly emailed tons of other people's private information and social security numbers

Ryan Gorman   

A major security flaw has led to me getting mistakenly emailed tons of other people's private information and social security numbers
Tech3 min read

A major flaw that could potentially be exposed by identity thieves has gone largely unnoticed.

My email address is similar enough to many others that I constantly receive travel itineraries, the occasional mortgage agreement and other documents containing Social Security numbers, addresses and other sensitive information.

In one instance, an accountant sent me his client's tax return. I'm probably not the only person that has happened to, according to one expert who spoke to Business Insider.

"To set up an email address … is certainly a plausible act to garner personal information," Robert Siciliano, CEO of IDTheftSecurity.com, told me. "It's entirely possible that there are (hundreds or thousands of) thieves out there thinking that way."

This is a problem.

Many, including myself, have email addresses that use some form of their names. This has led to me reaching out to people more times than I can possibly count to let them know I erroneously received their information. I have also notified senders they reached the wrong person. Most were grateful, a few were furious. These emails have, of course, been deleted.

"It is always advisable to use email addresses that are not your name for any interaction other than professional communications," Rob Douglas, who runs identitytheft.info, told Business Insider.

But what if I hadn't? What if I took the information and sold it or used it to gain access to credit cards, take out loans or pilfer bank accounts?

"There are certainly identity thieves who have done that," said Siciliano. "It could certainly pay your bills and then some."

The practice is referred to as typosquatting, where hackers and identity thieves sit on common misspellings of websites of possibly common email addresses in an attempt to illegally obtain people's sensitive information.

Many people have accounts with a major bank or card issuer. They also have similar names or email addresses to mine. This has led to me receiving these messages and documents clearly meant for other people, often containing all or part of a stranger's social security number.

Eighty percent of the top 25 banks and 96% of top credit card issuers provide account access using your Social Security number to verify identity, according to Javelin Research.

Social security numbers can be found on everything from loan and credit card applications to medical forms and lease agreements. I have received all of those things in my email, many meant for others.

The number's prominence on most forms and the ease with which malicious actors can obtain them has led at least one identity theft expert to wonder aloud if the social security numbers should be discontinued.

Making matters worse, a 2009 Carnegie Mellon study cited by ABC News that revealed hackers could figure out the first five digits of a person's social security number nearly 80 percent of the time by using a simple algorithm.

How many forms and receipts have you received that show only the last four digits of your social security number?

I currently have a travel itinerary for another Ryan Gorman sitting in my mailbox, his third since the beginning of the year. The other Ryan Gorman must wonder where all his flight and hotel confirmations are going.

I'm wondering if he enjoyed his trip to Phoenix.

NOW WATCH: How To Get People To Reply To Your Emails

READ MORE ARTICLES ON


Advertisement

Advertisement