Knowledge Base
Community

New statement potentially ripe for spamming

Started by: ads
On: 04/02/2011 | 18:20
Replies: 28
Reply

by: shutterbug
on: 04/02/2011 | 20:50
Yes I fully agree, this sort of info shouldn't really be sent in an open email.

When I read the update yesterday from clairekav telling us about the new statement, I suggested then that perhaps the statement could be in the form of another tab in My giffgaff. That way you'd need to log in to view it.

Click Here to request a die-cut giffgaff NANO-SIM with £5 credit for your iPhone 5!
---------------------------------------------------------------------------------------------------------------
To request a precut iPhone 4 microSIM with £5 bonus credit fill out this order form
For a standard SIM with £5 bonus credit please click the banner below.
---------------------------------------------------------------------------------------------------------------
Get a free Giffgaff Sim
Message 11 of 29
by: shutterbug
on: 04/02/2011 | 21:03
I've searched for yesterday's post announcing the new report email. You might want to post your concerns there:

http://community.giffgaff.com/t5/Welcome-and-News/Your-new-personalised-usage-best-plan-savings-and-...

Click Here to request a die-cut giffgaff NANO-SIM with £5 credit for your iPhone 5!
---------------------------------------------------------------------------------------------------------------
To request a precut iPhone 4 microSIM with £5 bonus credit fill out this order form
For a standard SIM with £5 bonus credit please click the banner below.
---------------------------------------------------------------------------------------------------------------
Get a free Giffgaff Sim
Message 12 of 29
by: wcssj
on: 04/02/2011 | 21:05

I agree with ads and tpellison.

 

If someone were to post this sort of information in the forum then a giffgaff agent would edit it out pretty quickly, but yet they will email it far and wide without a a care in the world! The more I think about it the more shocking it feels.

 

I was pleased when the first version of the statement had a garbled phone number; in a thread that discussed the problem I said:

"I don''t want my phone number being emailed around, so the more garbled the better - long may it continue! If they fix it then they should star-out some of the digits like they do for a credit card number."

 

I suspect that not many others will think or care about this risk, and views like these will be drowned out by the comments praising the new format of email.  I'll be opting out of notifications to avoid this in future (assuming they fix the current problems with the opt-out / opt-in database updates). It's a pity that the opt-out is a blanket opt-out and means that I will lose out on all other notifications.

 

 

 

 

Message 13 of 29
by: xmob
on: 04/02/2011 | 21:41

I'm reading this thread and shaking my head in disbelief.

 

If you're concerned that s[c|p]ammers have access to the contents of your statement emails you have more to worry about than somebody cold calling you.

 

Are you not concerned about bad guys reading your email in order to gain access to things like PayPal accounts?

 

It's right to be concerned about data privacy, but I think this is just taking things to extremes.  Did you know that when you send a letter that it passes through the hands of all sorts of people?  Maybe you should stop using snail mail.

 

For the record, I don't just work in IT.  I am an IT Security Consultant.

Message 14 of 29
by: ads
on: 04/02/2011 | 21:45 edited: 04/02/2011 | 21:48

Being an IT security consultant I also assume you know not to mail your paypal details and password around. We are all aware that many details are sent around in the clear - but paypal don't email my personal or other peoples personal details out.

Also, sending snail mail that contains the odd personal detail isn't the same as sending an open postcard listing personal details, which is what this is more or less the equivalent of. 
I'd hate to work in the company that consults you. They might just end up mailing personal details around.

 

Sorry, I'll edit this now, as I don't know you so that last comment isn't quite fair.  But I do believe there is more to this than you are making out.

Message 15 of 29
by: donnie
on: 04/02/2011 | 21:54

I opted out as soon as I saw the new statements. Like someone said previously it is a shame I will have to miss out on other updates etc

Welcome to giffgaff
Message 16 of 29
by: gawright
on: 04/02/2011 | 21:56
I'm not hugely concerned about the security of the email, but I do know that giffgaff have until recently been sending statements not only to the account holder but also to their 'recruits'. That is, people I've given SIMs to have received my statement with my payback total etc. Have they also been sent the new statement which contains more details including my number and numbers I call? Not a big problem for me, but might be for some.

Get a free Giffgaff Sim
Message 17 of 29
by: tpellison
on: 04/02/2011 | 21:59

The Information Commissioner says [1] that a telephone number, especially when combined with an e-mail address etc constitutes 'personal information' as it can be used to uniquely identify an individual.

 

That said, I buy a bunch of stuff on-line and get sales invoices by e-mail with my name and address in plain text, so ... <shrug/>

 

[1] http://bit.ly/e9FIRK

Message 18 of 29
Highlighted
by: xmob
on: 04/02/2011 | 22:03

 


@ads wrote:

Being an IT security consultant I also assume you know not to mail your paypal details and password around. We are all aware that many details are sent around in the clear - but paypal don't email my personal or other peoples personal details out.


 

Okay, I gave an extreme example.  However, there are many things in emails that are of more use to nefarious people than your mobile number.

 

 


@ads wrote:

Also, sending snail mail that contains the odd personal detail isn't the same as sending an open postcard listing personal details, which is what this is more or less the equivalent of. 


 

Opening an letter containing the PIN number for a credit card (e.g.) is akin to reading an email while it traverses an SMTP server.

 

 


ads wrote: 

I'd hate to work in the company that consults you. They might just end up mailing personal details around.


Sorry, I'm not going to bite.

 

Message 19 of 29
by: ads
on: 04/02/2011 | 22:03
Yeah, I think a lot of mails and companies are probably a tad iffy with personal details.
They even go on to say how personal details can be classed as anything that gets out and can cause trouble for the person. I think phone numbers are quite big on that list.
The odd thing here is that they aren't just mailing our own numbers out, but the people we have contacted.

I probably am blowing it out of proportion, but I definitely believe it is worth Giffgaff thinking about.

Though it is too late as I've already had a statement, I'll now change my preferences so I don't receive it - even though I'd love to see these statements - just behind a log in page like every other site I belong to that has such data.
Message 20 of 29