The survey by Infosecurity Europe was carried out to raise awareness of the dangers of giving personal information to strangers who could then commit identity theft. The researchers presented the survey as research into the significance of Easter, telling commuters that if they took part in the survey they would be entered into a drawing for an Easter egg bonanza worth £60 ($110).
To put the public at ease, 300 people were asked questions about their knowledge of Easter and Easter egg consumption. Seemingly innocent questions were inserted into the conversation to find out the details needed to steal their identities, such as date of birth and mother's maiden name.
The first question researchers asked was, "What is your name?" Everyone surveyed gave their names. They were then asked a series of questions about Easter and the tradition of giving Easter eggs. They were also asked if they gave any of their Easter eggs to their pets (89 percent said they had) and when asked what their pets name was 86 percent of respondents then went on to give their pet's name. When asked if there was a tradition of giving Easter eggs in their family, 76 percent said there was and when asked for the names of their mothers and fathers families, 80 percent revealed their mothers maiden name.
All of the commuters gave their address and post code so that the Easter egg feast could be sent to them if they won. Mother's maiden name and first school are key pieces of identity information used by banks and utility companies in their identity-checking procedures.
Finding out respondents' dates of birth was also fairly easy with 82 percent giving this information, as the researchers pointed out it was needed to establish their age group for survey demographics and to prove they had participated in the survey. Some 90 percent gave their home phone number in case there was a problem delivering the chocolate.
"Individuals should never give more information about their biographical or attributed identity than they have to as this information can be extremely damaging if it is misused or falls into the wrong hands, and they should never give the information to someone that they do not know they can trust," said Lord Erroll, who is giving the opening keynote address on identity at Infosecurity Europe.
"If someone calls you to offer you a mobile phone you should not give them your bank details until you have verified who they are by phoning the company's main switchboard and never send cash to salespeople offering you investments that sound too good to be true, even if it is a delicious Easter Egg!"