It’s a question many will ask themselves, whether it’s in the wake of a scam attempt or amid preemptive action to reduce the risk of falling victim to a scam. The question is important too, as fraudsters knowing personal information about the person they’re targeting can make their deviance seem genuine.
He explained the internet is one way to gain access to information, but he thought his grandma may have filled out a questionnaire – potentially up to 20 or 30 years ago.
“There are these legacy data lists which get shared around and it’s the non-compliant companies that eventually get hold of these lists,” he said.
Mr Shakeshaft added: “Eventually, scammers get their hands on it, and that’s usually the reason for people receiving a load of cold calls.”
However, there is another way in which fraudsters could end up getting their hands on innocent people’s data.
“The dark web is the dark side of the internet where all the hackers and their illegal activity happens,” he said.
“It’s such a big issue that my team created what’s called a data breach checker, for free, available to everyone, because it is such a big issue.
“But essentially you put your email address into this tool, you press search, and it looks it up against known data breaches that are available for sale to hackers on the dark web.”
When data breaches happen, records can be leaked onto the dark web – including phone numbers, accounts and passwords, Mr Shakeshaft explained.
“When that happens, clearly your data is spilled out to all these hackers, and then it’s not just about the telephone calls you receive.
“You’ve also got a threat of those hackers accessing your accounts, buying your password or bank details on the dark web and then trying to access your accounts through the mining of personal information, or commit fraud on your account.”
Should a person find out they have been affected by a data breach, Mr Shakeshaft said there are three “core” steps which should be taken.
“If your data is out there and it’s potentially in the hands of a hacker, you should change your password – all your passwords on all your accounts – and potentially use a password manager,” he began.
This is a tool which enables a person can randomise and encrypt all of their passwords.
“The other thing is daily data breach checks,” Mr Shakeshaft added.
Finally, the third step is to use two-factor authentication.
“The reason for doing that is your password can be leaked anywhere worldwide.
“Anywhere in the world, a hacker could get hold of it.
“But what two-factor authentication does is it matches your password with something that you have physically on you,” he explained, adding that this could be a telephone or a card reader.
“It means that the hacker would have to be sitting next to you to get access to both of those two.”