It all started back in April when I received an email from TalkTalk confirming my TalkSafe registration. This was swiftly followed up by a password setup email which contained a link to set up a new password for my account, a simple link to click and add a new password. I then received an email detailed when an engineer would arrive at my house to install my new broadband package. No specific details were contained in the emails, but the name (Shaun Robert McGill) was and all I needed to do to access the account was log in with my email address and use the change password function.
The problem was that I had not registered for a broadband package. This individual has quoted my email address and everything was just sent to it. Where is the checking here?
I called TalkTalk and the first comment was surprising- “Don’t worry, just ignore the emails.” I continued to complain and explained that they had given me access to this person’s details with no checking whatsoever. Yes, they may have quoted that email address, but why is no check email sent in the first place to validate that it is the correct one?
Eventually after multiple calls, someone took me vaguely seriously and the emails stopped, but I received no feedback at all and I was largely dismissed throughout the process.
Last week I received an email from very.co.uk detailing my new Very account. The first email offered the account number and credit limit. This was immediately followed by a credit agreement email including the name and address. Next came an email for the first order (an iPad Pro to be delivered to Lanarkshire despite the fact that the credit agreement showed a home address in Tyne & Wear). And then another email for a gaming headset to be sent to Lanarkshire again.
I could easily log in to the account if I wanted to and change the password and so called Very to explain that this was the wrong email address. To be fair, after being passed around a bit the person I spoke to was excellent. He immediately closed the account, removed my email address, but I still had to ask if the date of birth given was mine (I only offered the year) to ensure someone was not trying to be me.
He was apologetic and very helpful, but couldn’t answer why all of this information is sent out with no checking that the email address is correct, and therein lies the problem. An email address is everything and nothing when you think about it. It offers no certainty of someone’s identity, but it can be used to send a huge amount of private information to, or at least act as a portal to that information.
I don’t know why this person is using my email address, but it doesn’t appear to be legit even if my identity is not being compromised (different address, middle name and date of birth). The main worry is that the companies take the email address as correct and then just throw all of this private information at a completely different person.