When unsolicited email begins flooding your inbox, or when vendors send SMS messages offering random goods and services, most people probably get quite annoyed. However, too often people willingly give away their consent to use their personal data to participate in various loyalty programs, sales, or lotteries without thinking about how this data would be managed.
© Shutterstock

Personal data can be used for more than just ads

According to Tomas Stamulis, the Manager of the Informational security group at ATEA, data given away to a lottery – even a seemingly innocent one – can be used not only for marketing but also for criminal activity.

“By revealing our data, we risk that it can be used for a wide variety of purposes. Data can be illegally sold to various client databases or used for direct marketing purposes. However, cybercriminals can also pretend to offer you a chance to win a prize that in fact does not exist – this way, they can trick you to give away your data, which can then be exploited for criminal activity,” explains T. Stamulis.

Every situation that requires revealing data should be critically assessed

The informational security expert advises to always pay attention for what purposes, with whom, and what kind of data you are about share.

“You should consider if and what kind of data are safe to share in every individual situation. When you disclose your phone number or email, you risk being subjected to heavy advertisement or social engineering; if you reveal your address, you might get robbed. Revealing certain types of data might not be risky but giving away too much might result in complete identity theft. If this happens, criminal may get access to all your social media and internet accounts,” warns T. Stamulis.

How to recognize fraud hiding behind lotteries?

Most internet users have seen many fraudulent letters about winnings in lotteries or invitations to participate in various sweepstakes. Often, cybercriminals even imitate legitimate lotteries run by established organizations – thus, people are easily tricked into believing the published information and trust criminals not only with their data but also with their money.

Fraud related to the “Green card” (the permit to live and work in the US) lottery is especially common. Cybercriminals can imitate the official website of the lottery, the emails sent to those who win the permit. Fraudsters usually ask for a fee to complete the “Green card” application, promise an increased chance of winning the permit, send letters congratulating the participants on “winning” the lottery and asking to send money to pay for a visa.

Such offers should be viewed with suspicion. The official lottery is accessed at dvlottery.state.gov and its winners are determined completely randomly, so it is impossible to influence the outcome in any way. Further, the organizers of the lottery never ask for any payments until after the selection, while the winners are asked to come to the US embassy or a consulate.

There are also instances when users are informed (via email, text, or other means) about winning certain prizes and then are asked to “pay tax” or “cover the delivery expenses.” Falling for this trap and paying for these “fees” gives away all bank and personal data to the cybercriminal behind the invitation. One must also not trust giveaways or extreme sales, where goods and services are offered at no cost or for an unrealistically cheap price (i.e., plane tickets for 1 EUR). Paying for such also result in losing access to your data or bank account.

New changes in data protection grant the “right to be forgotten”

What can be done if, after you voluntarily or unknowingly give away your personal data to various companies or organizations, you can no longer stop the incoming flow of information they send?

This spring, in Lithuania as well as across the European Union, the new General Data Protection Regulation (GDPR) went into effect, which sets out stricter rules for personal data management.

The new regulation mandates the companies that use and manage data to clearly indicate for what purposes they would use the data, who has access to the data, for how long the data will be stored and managed, as well as other information. Further, the GDPR grants the right for individuals to withdraw their consent to give away their data at any point and establishes the right to demand that the data already given away would be deleted – the “right to be forgotten.”

Having failed to clarify and agree upon issues of concern with an organization that uses your personal data for direct marketing purposes, you may always contact the State data protection organization, which can help defend your rights.

Ex presidential candidate Juozaitis becomes party leader

Former presidential candidate philosopher Arvydas Juozaitis was on Saturday elected chairman of the...

Proposal to make Jan 13 public holiday registered

Two lawmakers from the opposition conservative Homeland Union – Lithuanian Christian Democrats...

Telemedicine services to be launched next year

Lithuania plans to launch telemedicine services for district and regional hospitals as of next year.

From transgender person to Karbauskis' son: 2020 military list (1)

Five players of Lithuania's two top basketball teams, two members of the national football team, a...

Lithuania's population grows for 1st time in 28 years

Lithuania's population has grown for the first time in 28 years due to migration trends, the...