Focus Interview丨Who Touched My "Personal Information"
If you have just bought something on a shopping platform, and after a few days you receive a call, the other party says that there is a quality problem with the item you bought, and compensation should be paid to you. Will you be suspicious?
But he accurately said what your surname was, what was your name, what you bought, and how much you spent on it. Do you believe it?
Many people have received such calls, including me.
Some people really believe it and are hooked by scammers.
And the reason why they believe it is not that they are not vigilant, but that the scammers have mastered their detailed personal information, which is really confusing.
So how can the personal information consumed on the shopping platform get into the hands of fraudsters?
Beginning in the second half of last year, a new type of fraud that pretended to be the customer service of a shopping platform has caused many consumers to be deceived.
Both Ms. Zhang and Mr. Liu purchased goods on a well-known shopping platform, and not long after receiving the goods, they received a call from the after-sales customer service of the shopping platform who claimed to be the shopping platform.
In the beginning, both of them were skeptical.
The victim, Mr. Liu, said: "The first time I called to tell me my last name, and I knew what I bought, and when I told my order and my price accurately, it made me think it belonged to the platform, or else Maybe I know so much information about me."
The victim, Ms. Zhang, said: "He gave me my name, phone number, home address and order number in great detail. I told him when I placed the order, so I would believe him. If it weren't for their platform, what about other people? Can you know my information."
How can you not know what product you bought, what is the order number, and how much money you bought if you are not a customer service?
So I quickly believed the other party.
The other party, on the grounds that the industry and commerce department found out that a certain component of the purchased goods was out of standard and the quality was substandard, took the initiative to propose that the shopping platform would give double compensation.
Ms. Zhang said: "During the period, I hung up the phone and called the platform, but it never got through. I didn’t get through after 3 calls. I was always busy, and there were more than 50 people waiting. I didn’t get in touch. I went to the customer service of the shopping platform, and the criminals called me again."
Therefore, according to the request of the other party, I added a QQ number, filled in personal information and bank card number on the designated webpage, and entered the verification code according to the request of the other party.
When all the operations were completed, the money on the bank cards of the two was all transferred by the fraudsters.
There are many more similar victims.
This shopping platform company is not alone in the problem, and the leakage of personal information does not only occur on the shopping platform.
In December last year, the Beijing Third Intermediate People's Court notified the trial of criminal cases involving citizens' personal information.
Companies such as hotels, courier companies, and food delivery platforms have become the hardest hit areas for personal information leakage, and their numbers have exploded.
Among them, the express logistics link has gathered a large amount of personal information of citizens, which is regarded by criminal gangs as the fat meat for obtaining fraud clues.
So, how is the personal information of citizens leaked out in the logistics link?
Not long ago, the Public Security Bureau of Yongnian District, Handan, Hebei, cracked a case of illegal theft of personal information.
Yang Xinpeng, an instructor of the Anti-fraud Center of the Public Security Bureau of Yongnian District, Handan City, Hebei, said: “At that time, the courier company had its own risk control system. The account was registered in a different place in Henan, and more than 8,000 pieces of information were inquired, and several job numbers in other counties were also inquired in different places."
The courier is responsible for the courier business in his own area. Why does his job number log in to the system in a different place?
The police quickly found the courier.
Yang Xinpeng said: “The employee said that two young people came to his store and said that he wanted to rent his job number. Check the delivery process for Taobao to buy these things. They rented them and gave him 500 yuan a day.”
Who is renting the job number of the courier?
What did you do after renting?
By squatting on guard, the police found the person with the rented account. After questioning, they were also intermediaries, and the rented account was used by someone else.
Yang Xinpeng said: "According to their confession, someone asked him to rent the work number of the express company, and then for them to inquire and steal the company's internal customer information. After the customer information was stolen, the information was exchanged for money and sold to overseas fraud organizations."
At this time, the facts of the case are very clear. This is a case of illegally stealing citizens' personal information for telecommunications fraud.
After extensive investigations and investigations, the police arrested the suspect Lu.
Lu, who has no proper job and is only 20 years old, how can he get in touch with overseas fraud gangs?
How did you steal citizen information?
Lu said that his previous home was from Fujian, and he didn't know his real name, only the name on QQ. He found the post on Baidu Post Bar for receiving materials and courier information, and then added as a friend.
Lu has worked as a courier for two months and knows how to query personal information in the express company system. Now that he has such a sales channel, Lu has mobilized several young people who are also doing nothing to check orders or track mail dynamics. In the name, at a high rent of 500 yuan a day, five courier company employees’ login accounts were rented to steal citizens’ personal information from the courier company’s systems.
Lu Mou packaged and sold the stolen citizen information to his online, and then directly sold it to overseas fraud gangs. For this online, the police are still investigating and pursuing this online.
However, in this case alone, the few idle young people headed by Lu were not computer hackers or masters. How could they easily steal personal information in the express company's system?
Professor Jing Jiwu of the University of Chinese Academy of Sciences said: “In general, information leakage is related to the system, technical means, rules and employee education for the unit and platform to manage personal information. Many large amounts of information are leaked from managers, employees, or information systems. from."
The detection of Lu's case should sound a wake-up call for some express companies.
The first is the education and supervision of internal employees.
Some couriers are tempted by the extra income of 500 yuan a day and easily give their login accounts to strangers.
As a courier, he should be responsible and manage the community information for sending the courier by himself. However, in this case, an ordinary courier’s system login account can inquire about the citizen’s information from all over the country with a little trick. Courier information.
Jing Jiwu said: "Judging by relevant laws, for example, it is stipulated that the information collected cannot be too much, and only necessary information can be collected. According to the principle of minimum information, the information that can be accessed as a courier should be limited and cannot be given to him. Huge power to access everyone’s information is the responsibility of the platform, and some information should be hidden when necessary, all of which are XXXX, or phone numbers are hidden."
Zhang Jinjin from the Anti-fraud Center of the Public Security Bureau of Handan City, Hebei Province, said: “Take public security as an example. One is to open account permissions through digital certificates, etc., and regularly check back-end login logs to ensure that data is not leaked or suspected of leaks. Even if there is abnormal behavior afterwards, it can be investigated immediately."
For enterprises, in addition to the strict management of system data that stores massive amounts of personal information, the entity documents other than data should also be guarded against hidden dangers of information leakage.
In Yongnian District of Handan City, the reporter found a garbage recycling station, where there are discarded outer packing boxes of express mail everywhere.
The labels of many courier companies are clearly printed with the recipient's name, address, and telephone number, without any protective measures.
It means that in the background of the express company's system, these personal information are not protected.
Citizens’ personal information includes not only static information such as name, ID number, mobile phone number, and address, but also many dynamic information such as credit investigation, location, whereabouts, accommodation, housing property rights, and so on.
More and more personal information is used by more and more units and enterprises. If there is a lack of technical and management systems and measures, it may cause irreparable losses to citizens due to information leakage.
Mr. Liu and Ms. Zhang were deceived by telecommunications fraud gangs in January and February of this year, but the same case had appeared as early as October last year, and people were constantly being deceived.
To master and use citizens' personal information, it is necessary to assume corresponding responsibilities for the protection of personal information.
Not long ago, the Legal Work Committee of the National People's Congress issued the "Personal Information Protection Law (Draft)", which greatly increased the cost of illegal personal information.
Enterprises that violate the law can be fined less than 50 million yuan or less than 5% of the previous year’s turnover, and can be ordered to suspend related businesses, suspend business for rectification, revoke related business licenses or business licenses, and impose penalties on directly responsible persons A fine of 100,000 yuan up to 1 million yuan.
On the other hand, each of us should also raise awareness of the protection of our personal information.
Yang Qingshe, deputy director of the Public Security Bureau of Yongnian District, Handan City, Hebei, said: “Try not to disclose your information, such as ID cards and phone numbers, to strangers. When you receive goods from the express company, you must include your name, mobile phone number, and home address. , After tearing off the QR code and barcode, throw away the outer packaging. Do not disclose it at will, causing unnecessary trouble to yourself."
To some extent, personal information can also be said to be one's own intangible assets.
In the garbage collection station, we just look through it, and we can see a large number of personal information labels on the outer packaging of the express. Few people will destroy these labels.
Some people say that in the era of big data, we just use privacy for convenience, but this is not the original intention of technological development, nor is it a phenomenon we want to see, and the problems that arise cannot completely let technology back the door.
When we hand over information to businesses, the default prerequisite is that our information can be protected, and it should be protected.
When innovations in technology and services make our lives more and more convenient, it is equally important to ensure the safe boundaries of such innovations and applications through preventive systems.
At present, the country is stepping up to formulate the "Data Security Law" and "Personal Information Protection Law" to provide legal protection for data security and personal privacy protection at the legal level.
And we ourselves must pay enough attention to this.
Producer丨Liu Xuesong and Li Zuoshi
Editor丨Wang Jianfeng
Video丨Sun Limin
Editor in charge丨Wenna Chen Zhongyuan
Editing丨Miao Jialiang