Beware of Online Cheats Trying to Get Private Information from You, Warn Beersheba Researchers

Users of email, WhatsApp and social media have in recent years been bombarded with requests to provide their bank details, identity card or social security card numbers and addresses. Almost all these requests come from would-be thieves. Beware!

According to researchers at Ben-Gurion University (BGU) of the Negev in Beersheba, online users are more likely to reveal private information based on how website forms are structured to elicit data. The unusual study titled “Online Disclosure Depends on How You Ask for Information” was presented last week at the 41st International Conference on Information Systems (ICIS 2020), held virtually this year. 

Photo of Prof. Lior Fink Photo Credit: Dani Machlis/BGU

The BGU researchers’ findings have significant implications for user privacy and online data capture. “The objective was to demonstrate that we are able to cause smartphone and PC users of online services to disclose more information by measuring the likelihood that they sign-up for a service simply by manipulating the way information items (name, address, email) were presented,” said Prof. Lior Fink, head of the BGU Behavioral Information Technologies (BIT) Lab and a member of the department of industrial management and engineering. 

The researchers showed that by using digital “foot-in-the-door” techniques, such as requesting personal information from less important to more private (ascending privacy-intrusion order), websites can successfully entice users to reveal more of their private information. Similarly, by placing each request on consecutive, separate webpages, users are more likely to reveal more private data. Websites can further manipulate their users by spreading out information requests over the course of several pages, rather than consolidating all requests on one page. 

The researchers collaborated with Rewire, a Tel Aviv neobank (a virtual or online bank) providing international money transfer services. They examined the activities of 2,504 users who were asked to provide their country, full name, phone number and email address as part of the sign-up process. “We found that both manipulations independently increased the likelihood of sign-up and conversion,” Fink said. “The ascending privacy intrusion manipulation increased sign-up by 35% and the multiple-page manipulation increased sign-up by 55%.” 

“The general public and regulators should be made aware of these vulnerabilities since it is so easy to capture more private information, despite their privacy concerns,” concluded lead researcher and BGU student Naama Ilany-Tzur. “At the same time, this research has important marketing implications as legitimate companies and marketers are always seeking to maximize the amount of data they can capture on individuals and the optimal way to achieve this.” 

Israel in the News