Why I refuse to email my passport

, by

Illustration of passport being approved

I recently had an offer accepted on my first home. What an amazing feeling.

But that amazing feeling was soon robbed by stress once I began the process of confirming the sale with the estate agent, getting a mortgage and instructing a solicitor. A joyful occasion very quickly turns into a huge headache.

Finding affordable businesses that you want to work with and will do a good job is one thing. But then comes the frustration of paperwork. And much to my dismay, almost every business I interacted with asked me to email my passport, driving licence, proof of address and other sensitive information.

Email is the low hanging fruit for cyber criminals

I'm fortunate enough to work for a company that has security at the heart of everything it does, so I'm all too aware of the dangers of sending documents over email. Unfortunately, thanks to the pandemic, many businesses pivoted to using email as their primary means of transferring information. We have likely never had more financial and identity information sitting in email inboxes. A harrowing thought for us but a perfect opportunity for cyber criminals.

4500 small-medium businesses are successfully hacked in the UK every single day*

And 91% of cyber attacks in 2020 started with an email.*

Emails are stored in clear text, making them easily readable by third parties and most email service providers do not provide end-to-end encryption. This is a recipe for disaster.

And then there's passwords. In 2020, The National Cyber Security Centre revealed that 23.2 million breached accounts were using 123456 as their password.

When a business is blindly asking me to email my passport, it doesn't give me much faith that they would use a strong password to protect their email account.

Does this business care about my data?

When I was asked to email my passport, my first thought was that they simply did not care about my data. They wanted my money but would do nothing to protect me from identity or financial theft.

Of course many businesses and the people that work for them are simply unaware of the risks. But it's time for that to change.

What can we do?

I believe consumers have a role to play in changing the way businesses operate. It's important we demand more from those we give our money to. We deserve to have our data protected and we should vote with our pounds.

There's no shortage of estate agents, solicitors and brokers and the pandemic has made it even easier to find an organisation that will take care of your data. Geography is no longer a barrier.

In my case, I refused to work with these businesses and told them the reason why. And I of course let them know that there's a great alternative they could be using that will keep my data as safe as possible.

*Hiscox/cyberlive

**Barracuda spear phishing report 2020