ID theft is a serious crime. By stealing your identity, someone can access your bank account, apply for credit cards or loans in your name, change a home address, get a driver’s licence, and even set up a business. And thieves strike all the time.
The Australian Department of Home Affairs says that each year around 5% of Australians (1.3 million people) experience financial losses because of ID theft. Every 20 seconds an Australian is a victim of identity crime. And 21.5% of us have been a victim at some time in their lives.
If you add online credit card fraud, love rat and other scams the losses skyrocket. ABS say that figure is over 8.5% of Aussies and over 30% of these had two or more incidents.
Val Quinn, Channel 7 Sunrise Gadget Guy warns ID Theft is happening right now.
It is up to you to be proactive and protect yourself from ID theft.
In too many cases all you need to establish an online
identity is given name, middle name, family name and date of birth. Some ask
for a copy of a birth certificate, drivers’ licence, passport or some other
form of proof – a utility bill, bank statement, Mobile phone account, Medicare
Most government services use the Document Verification Service (DVS) but few private organisations do. In short, it is very easy to establish an online persona.
#1 Don’t overshare on social media – especially not FakeBook
Have you ever thought about how much extra information you
hand over online? For example, by default, public Facebook profiles reveal your
full name, birth date, and where you work, so scammers can find out all that
information with the click of a button. The best way to skirt scammers is not
to let them in!
Or when shopping online why do they ask so many damned
questions? For online forms, only fill out the required fields, usually marked
with an asterisk (*) and it is quite permissible to lie about everything except
the details needed to make a delivery.
And beware of so called FakeBook quizzes (any quiz) as they
can harvest data to fill in gaps in your dark web profile.
Think about what you put online and what consequences it may
have today or in ten years’ time. Get into the mantra – It’s my data, don’t overshare.
Switch all your profiles to private and delete unnecessary details.
Only accept friend requests from people you know and trust.
Top tip: #DeleteFaceBook
#2 Lock your real-world physical mailbox at the front gate!
This type of theft is still common today. A paper bank statement, phone or utility bill is almost all it takes to help get the 100 points of ID to set up an account or change an existing one. Cybercriminals often hire people to trawl the suburbs looking for mailbox gems.
Install a lock on your mailbox and check your mail regularly. If your mailbox is a little less secure have your packages delivered to a P.O. Box or your office.
But it is more than just you mail box. In a recent survey
18% of people said that a primary type of ID was stolen during a home break in.
Cybercriminals pay big bucks for original documents.
Top tip: Going on holiday? Call the post office to put your
mail on hold. And change bills from snail mail to email.
#3 Monitor your credit and finances
With cash almost a thing of the past most simply flash the
card. Make sure that at least weekly you look at your financial bank statements
online and quickly query any that you don’t remember. If you are quick the bank
usually refunds you for credit card or online scams.
But how do you know you are not already a victim of identity
theft? Identity theft can go undetected for months (usual) or even years (if
you are a sucker).
Identity theft may be to get a loan – and the cybercriminal simply
does not make repayment. Often it takes a few months for debt collectors to
knock at your door.
ID Theft may be used to get a pension or the dole or a Drivers Licence.
A good place to start is to obtain a copy of your credit report. You can get a free copy from from the major credit bureaus in Australia: Equifax, illion, Tasmanian Collection Service (Tasmanians ony) and Experian. All will produce a similar report, so you only need to use one! And you should check annually if you are worried.
This report tracks your financial accounts and loans, so
you’ll be able to spot any suspicious activity. ASIC has a good fact sheet here.
Top tip: If you’d rather leave it to the experts, you can
enrol in a credit monitoring service for a fee from the above providers.
#4 Install security software
Cyberthieves often use malware, spyware or keyloggers to
scan and collect sensitive information from your computer. Sometimes, these
applications are so sophisticated that they go undetected, so it’s really
important to protect your tech with security software.
There are lots of good anti-virus/malware products that can asset
in reducing identity theft. The include Norton, McAfee, Trend Micro, Kaspersky,
Stop skimping by using free antivirus – it may cover part of the threat but definitely not all. You need layered protection on Windows, Android, and even macOS and iOS.
Top tip: Don’t skip software updates!
#5 Come up with complex passwords
Passwords are the weakest link. Using the same generical password across multiple accounts is like giving the cybercriminal a master key! Better still implement multi-factor authentication where a code is sent to your smartphone before you can access an online account.
And cybercriminals now use AI and machine learning to try variants of the same password – and are having a huge success rate.
Avoid using your name, birthdate, or ‘dictionary
words,’ such as “turtle.” Turn it into a phrase instead: “turtleistired”
Use a mix of uppercase and lowercase letters,
numbers and symbols
Consider mixing in words from different
Enable two-factor authentication.
#6 Shred bills and bank statements – everything
The same people that check mail boxes will check rubbish bins
too. They are looking for bank statements, utility bills, old loyalty or government
cards (Medicare), envelopes, packages and letters with your name and address on
them, signatures, credit card slips etc. They are also looking for airline
boarding passes, upmarket brand packages, delivery dockets etc.
After checking bills credit reports, tax returns, receipts and more shred them.
Top tips: Go to Officeworks and buy a shredder. Now a word of advice from someone with 40-years ownership experience. Unless you have very few pieces of paper to shred monthly no strip shredder under $100 will last more than a couple of years and they are not secure.
You are looking for a cross or micro cut (into little pieces to P5 level security) with a reasonable sheet capacity (6+ A4 80gsm sheets at a time), bin capacity (15l at least), forward and reverse buttons, credit card slot, and run time of at least 10-minutes (rest time can be up to 45 minutes before you can shred again).
#7 Be careful with links in email or SMS
Cybercriminals use spear phishing. These emails or SMS that look like they come from your friends or colleagues. How do they know who your friends are and what your interests are? These are AI and machine learning driven using data from your social media, dumpster diving and more.
These emails may suggest you click on a link to see a funny
<insert cat, dog, animal> or purport to be from the Australian Tax
Office, Australia Post or local businesses.
In the past they were riddled with spelling errors and ‘chinglish’
but today they are damned authentic using a majority of a legitimate email with
a poisoned link.
If you get an email look at the sender’s email address –
although these can be spoofed or sent from a hijacked email account.
Don’t click on any links. Instead, hover your mouse over the
link to see a destination URL. Be aware of overly long URLS that may look right
but are not, e.g. www.telstra.billing.accounts.com/ is not Telstra but
On Android of iPhone or Android device, long tap to see the
destination URL. This simple step can help you to avoid walking right into
malware, viruses or phishing scams.
Top tip: If it’s a fake email, let the business or person know so
they can warn others.
Also send a copy to Scamwatch so they know what is going on.
#8 Only shop on trusted websites
A fake website can be set up in seconds offering incredible deals. Often the site is simply scraped from the legitimate web site and only the online form is changed. In Australia Scamwatch has seen sites with .com.au and even Australian ABN numbers – it is all fake.
Signs to look for
A well-known product is advertised at an unbelievably low price or advertised to have amazing benefits or features that sound too good to be true.
It offers even big discounts for payment by electronic funds transfer or a wire service.
It may insist that you use gift cards (iTunes etc) or buy vouchers before you can access a cheap deal or a giveaway.
You came to site via a social media recommendation instead of a Google search or from the legitimate supplier’s site
Be very wary of Black Friday deals – cybercriminals piggyback onto the click frenzy.
Be wary of any site that does not have HTTPS at the beginning of a URL address
All they want is your delivery address, email address,
mobile phone number and credit card details.
Be very wary of shopping online unless you can
verify it is a legitimate store
Use a secure payment service like PayPal so as
not to reveal your credit card details.
At worst use a credit card with a low spending
Top tip: Check out as a guest and don’t store your credit card details. This will reduce your risk of ID theft should the site suffer a data breach.
#9 Double-check online promotions
Retailers regularly run sales, and cyberthieves use tactics
to trick and hook consumers. If you spot a promo offer on an email or banner ad
that seems too good to be true, go straight to the source.
ACTION: Scan the legitimate store’s site, social media
feeds, or catalogue, or contact the customer service team to ask if the offer
Top tip: Scammers are known to post fake job ads, too, so
check to see if the job is posted on the company’s website or LinkedIn.
#10 Steer clear of public Wi-Fi
Hackers can steal your data and install malware onto your
device. Stick to safe Wi-Fi connections and personal hotspots. If you need to
use a public computer, log out of every account and clear the browser history
before you leave.
Get a paid VPN on all your devices and use it whenever you are on public Wi-Fi or making financial transactions.
Top tip: Do not use a free VPN – Read GadgetGuy’s wild, wild west article here and about the best paid ones here.