Data leak simulator: Here's what a scammer can do with your info

Oh no! A trusted institution has suffered a data breach and you've been affected. Take our quiz to find out how bad things are going to get for you.

Did you hear the news? A trusted institution has just announced that it suffered a data breach and I’m afraid to tell you your details were included. What a shame!

I am your assigned scammer and I am looking forward to using the personal information to enrich and amuse myself at your expense.

It doesn’t matter whether I was personally responsible for the hack or if I’m just opportunistically using information exposed by someone else, I plan to make the most of it.

So, tell me what data you had leaked and I’ll share how I will ruin your life.

Choose your own data breach

First of all, did I get your name?

Yes

OK, it’s a start. I can begin to use that to find your Facebook, Instagram, LinkedIn, and any news articles or public records that mention you.

All of these will help me scam you or pretend to be you later on.

OK, no worries. I’m sure I can reverse engineer that from some of your other details.

Was your date of birth leaked?

Yes

Date of birth won’t get me much by itself but it’s commonly used by companies like banks and telecommunication companies as part of the verification process — so useful for me to know.

Plus, now I can figure out your star sign.

That makes my life a little harder. Date of birth won’t get me much by itself but it’s commonly used by companies like banks and telecommunication companies as part of the verification process.

Was your address included?

Yes

Geez, that’s a shame (for you). Addresses are another piece of information that’s commonly used to verify someone’s identity.

But perhaps more importantly, knowing your address presents a physical risk. I can now send you mail or intercept it. I could even turn up at your house or direct others to do so.

And while it’s possible to move to change your address, it’s a real pain.

Lucky! Addresses are another piece of information commonly used to verify someone’s identity.

But perhaps more importantly, knowing your address presents a physical risk. If I had it, I could send you mail or intercept it. I could even turn up at your house or direct others to do so.

And while it’s possible to move to change your address, it’s a real pain.

What about your email address?

Yes

It’s pretty common to give out your email so this isn’t a huge threat by itself.

I can send some spam or scam attempts your way, but most email providers are pretty good at picking these up. Still, maybe I can use the address to phish my way into more of your information.

Your email is also your username for a lot of websites. Usually, I can put your email in to know whether you use a service. But the really important stuff is inside your email, which brings me to…

It’s pretty common to give out your email so I could probably figure this out another way if I wanted to.

Once I’ve got your email I can send some spam or scam attempts your way, although most email providers are pretty good at picking these up. Still, maybe I can use the address to phish my way into more of your information.

Your email is also your username for a lot of websites. Usually, I can put your email in to know whether you use a service. But the really important stuff is inside your email, which brings me to…

Do I have your email password?

Yes

Well now I can do a lot of things.

First, I’ve got access to your private information (private conversations, business secrets, nudes) that I could use to extort you. Did you ever email a password for another service or other personally identifying information (like a picture of your passport) to yourself? I’ll find it.

Then I can use your email to access other accounts by resetting their passwords — like a shopping spree paid for by you!

That’s good because if I had your email password, I could do a lot of things.

First, I would have access to your private information (private conversations, business secrets, nudes) that I could use to extort you. Did you ever email a password for another service or other personally identifying information (like a picture of your passport) to yourself? I’ll find it.

Then I could use your email to access other accounts by resetting their passwords — like a shopping spree paid for by you!

Wait, I should have checked before – do you have two-factor authentication (2FA) on your email account?

Yes

Nicely done! 2FA is usually standard now, and will stop all but the most dedicated bad actors.

That’s a bit of an own goal. 2FA is usually standard now, and will stop all but the most dedicated bad actors. If you don’t have it turned on, you should do it pronto.

Speaking of 2FA, did your phone number get leaked?

Yes

Obviously, I can use it to contact you directly. I can harass you, spam and scam you via call or text.

Additionally, phone numbers have emerged as an important method of identity verification through 2FA. If I can figure out a way to take control of that phone number — a practice known as ‘simjacking’ or ‘sim swapping’ — I can pretty much take over your life. Many of the organisations and platforms that control important and valuable information (banks, myGov) rely on being able to use your phone number to verify your identity. Thankfully, recent changes have made this much harder but it all starts with your phone number.

Phew! If I had access, I could use it to contact you directly. I could harass you, spam and scam you via call or text.

Did I get your credit card details?

Yes

It’s a no brainer. I’m going to spend your cold, hard cash. Despite being immediately impactful and often expensive, having your card details leaked is actually one of the easiest problems to fix by simply cancelling it.

Bummer. I was looking forward to spending your cold, hard cash. That said, despite being immediately impactful and often expensive, having your card details leaked is actually one of the easiest problems to fix by simply cancelling it.

Were your Medicare card details included in the breach?

Yes

Yikes. Beyond being 25 points of identification, I’ve been told that a Medicare card (along with some other basic personal information that I’ve also pilfered) will grant me access to your MyHealthRecord and can even help deanonymise your medical data that’s in a public dataset.

In short, I could get my mitts on a lot of your highly sensitive health information.

You dodged a bullet. Beyond being 25 points of identification, I’ve been told that a Medicare card (along with some other basic personal information that I’ve also pilfered) will grant me access to your MyHealthRecord and can even help deanonymise your medical data that’s in a public dataset.

In short, I could get my mitts on a lot of your highly sensitive health information.

And finally, the big kahuna: have your drivers licence or passport details been exposed?

Yes

These are the ones that can really hurt. Depending on whether I get the numbers, expiration dates, or even a photo of these, it is extremely easy for me to commit large amounts of identity fraud with somewhere between 40-70 points of identification.

I can apply for credit cards, take out loans or join buy-now-pay-later services on your behalf. I can use government services. And If I’m feeling particularly frisky, I can create replica copies of your passport or driver’s licence to commit crimes or maybe even cross borders.

It’s usually possible to get these cancelled and replaced, but it’s not cheap. So best to take care with these crucial documents.

That’s for the best because these are the ones that can really hurt.

Depending on whether I get the numbers, expiration dates, or even a photo of these, it is extremely easy for me to commit large amounts of identity fraud with somewhere between 40-70 points of identification.

It’s usually possible to get these cancelled and replaced, but it’s not cheap. So best to take care with these crucial documents.