Cybercriminals use simple trick to obtain personal data

People reveal more personal information when you ask them the same questions a second time – according to new research from the University of East Anglia.

personal data disclose

A new study reveals how simple repetition can make people over-disclose, and potentially put themselves at risk of identity theft and cybercrime.

The research team say that understanding why people disclose personal data could help inform measures to address the problem.

People over-disclose personal data

From subscribing to online newspapers to completing customer surveys, our personal data is being mined continuously; the world’s most valuable resource is no longer oil, but data.

But for consumers who provide their personal data, doing so comes with potential costs and security risks.

“We’re constantly being asked to give up our personal details, whether it’s being asked to subscribe to a newspaper, turn off an adblocker, or complete customer surveys. You may have received an email asking for a small increase in your monthly charity donation, or if you log in to social media, it may ask you for a little more profile data like adding your school or workplace. This can lead to minor inconveniences such as junk emails or more disruptive potential consequences such as identity theft, said lead researcher Dr Piers Fleming, from UEA’s School of Psychology.

“We wanted to know more about why people share large amounts of personal information, particularly over social networks, without protecting that information from unintended recipients. Advertisers, marketers and social media gurus believe that repeated requests will lead to increased compliance. So we wanted to find out how these repeated requests change our behaviour, and whether they can lead us to do things, like sharing personal information, that we otherwise would not do,” added Dr Fleming.

The price of privacy

The research team asked 27 study participants for a range of personal information online including their height, weight and phone number as well as their opinions on topics including immigration, abortion, and politics.

The participants then ordered the questions from least to most intrusive and were asked how much of their personal information they would ‘sell’ to be made available on a purpose-built website for two weeks.

They then asked them again how much information they would sell – to appear for a further two weeks – for a chance of even more money.

In a second larger online study, 132 participants were asked how much information they would sell at two time points, as well as a range of personality questions.

The foot-in-the-door effect

Dr Fleming said: “Our first study showed that asking for real personal data led to increased information disclosure when asked again. Our second study replicated this effect and found no change in people’s associated concerns about their privacy – people change their behaviour but not their view. This demonstrates that simple repetition can make people over-disclose, compared to their existing, and unchanged concern.

“This pattern of asking for increasing amounts of user information over time mimics a classic compliance technique known as the ‘foot-in-the-door’ effect. This is a compliance tactic that aims at getting a person to agree to a large request by having them agree to a modest request first. It is commonplace in consumer behaviour and charitable giving. This study is important because, if we better understand why people share personal data, we can encourage greater sharing when it is mutually beneficial but protect against over-sharing when it might lead to harm,” concluded Dr Fleming.

The research team suggest ways for businesses and consumers to encourage an acceptable level of disclosure to match personal beliefs for mutual benefit.

“For example, we suggest practical measures, such as forewarning people to protect their privacy across repeated requests should be effective at reducing this effect,” added Dr Fleming.

Share this