Identity theft is a major problem. It occurs when criminals collect enough of your personal information to convince people that they are you. What sort of information is stolen? Think of the documents you need to prove your identity to open a bank account, driver’s licence, passport, Medicare card. the information contained in/on these can be used to impersonate you and open accounts. But it also depends on the criminal’s goal, they might not need so much information to impersonate you for say, a work related hack, maybe just your name and position, your manager’s name and your department.
I’ve put together a victim’s guide to help you prepare and respond to identity theft.
Victim’s Guide
Government agencies recommend that you visit www.idcare.org they have a useful tool kit to diagnose and find help for identity theft here: www.idcare.org/appsandtools/cyber-first-aid-kit#home/. In this guide we’ll look at:
- What criminals want
- Signs your identity has been stolen.
- A response plan when you realise
- A defence plan
What criminals want
- Name – found on social media or letter in your letterbox.
- Date of birth – do you share your birthday on social media?
- Driver’s licence number – has mail gone missing or have you lost your wallet?
- Address – if your attacker has a physical connection they can just follow you. Have you posted a party invite on social media?
- Place of birth – have you mentioned this on social media or has a stranger steered a conversation in this direction?
- Medicare card details – has mail gone missing or have you lost your wallet?
- Passport information – have you been burgled?
Now think about information that a criminal could use to access your existing accounts
- Mother’s maiden name – do you display family connections on social media?
- Credit card details – beware of phishing attacks or scam calls
- Tax file number – beware of phishing attacks or scam calls
- Personal Identification Number (PIN) – beware of phishing attacks or scam calls
- Online account username and login details – beware of phishing attacks or scam calls
Signs your identity has been stolen
There are many signs that you identity has been stolen, this list from cyber.gov.au is a list of signs be be aware of:
- Your bank statements show purchases or withdrawals you have not made.
- You stop receiving mail you may be expecting (e.g. electricity bills) or receive no mail.
- You receive bills or receipts for things you haven’t purchased or statements for loans or credit cards you haven’t applied for.
- A government agency may inform you that you are receiving a government benefit that you never applied for.
- You have been refused credit because of a poor credit history due to debts you have not incurred.
- You may be contacted by debt collectors.
Response Plan
The first thing to do when you suspect or discover that you have been the victim of identity theft is to act immediately. IDCare recommends the following when you discover that you have become the victim of identity theft.
- Contact IDCARE to assess your risks and build a tailored response plan, they can be contacted here: https://www.idcare.org/contact-us
- Update and run anti-virus software on all Internet-enabled devices.
- Reset all passwords and PINs – see Password Management to learn about creating and managing passwords
- Review where you keep your personal information on your devices, such as emails and hard drive and remove unnecessary items.
- Review your existing accounts. Look for unauthorised transactions, changes to settings (for example email forwarding rules), and, if possible, the times and locations your account has been accessed.
- Check your credit report to see if someone is accessing credit in your name.
- Contact your financial institution and let them know what has happened and ask how they can assist.
Defence Plan
In the modern world, it’s easy to think that identity theft is just an online problem, but remember it can happen offline as well, even a hybrid attack using online and offline sources. IDCare suggests plans for online and offline protection against identity theft.
| Online | Offline |
| DO NOT open suspicious texts or emails – delete them.Never share anything personal to anyone you don’t know or trust.Create and use strong passwords – see Password Management to learn about creating and managing passwordsSecure your networks and devices with antivirus software and a good firewall.Don’t share personal information from the ‘what criminals want’ list online, including on social media.Be cautious about ANY requests for your personal information over the internet, phone or in person. | Secure your personal documents at home and when travelling. Put a lock on your mailbox and destroy any documents containing personal information which are no longer required. See Unshredding a document for tips on this.Be cautious about requests for your personal information over the phone and in person.Order a free copy of your credit report from a credit reporting agency annually.Regularly check your bank and superannuation statements.Be curious about where your information goes that is collected by organisations – you have a right to know why they are collecting it, how they will secure it, for how long they will keep it, whether they will share it. |
Resources
https://www.cyber.gov.au/acsc/view-all-content/threats/identity-theft
https://www.idcare.org/appsandtools/cyber-first-aid-kit#home/
https://www.oaic.gov.au/privacy/data-breaches/identity-fraud/
https://www.afp.gov.au/what-we-do/crime-types/fraud/identity-crime