10 tips to protect yourself from ID theft

Dark Web user data

ID theft is a serious crime. By stealing your identity, someone can access your bank account, apply for credit cards or loans in your name, change a home address, get a driver’s licence, and even set up a business. And thieves strike all the time.

The Australian Department of Home Affairs says that each year around 5% of Australians (1.3 million people) experience financial losses because of ID theft. Every 20 seconds an Australian is a victim of identity crime. And 21.5% of us have been a victim at some time in their lives.  

If you add online credit card fraud, love rat and other scams the losses skyrocket. ABS say that figure is over 8.5% of Aussies and over 30% of these had two or more incidents.

Val Quinn, Channel 7 Sunrise Gadget Guy warns ID Theft is happening right now.

Val Quinn wanrs on ID thef

It is up to you to be proactive and protect yourself from ID theft.

In too many cases all you need to establish an online identity is given name, middle name, family name and date of birth. Some ask for a copy of a birth certificate, drivers’ licence, passport or some other form of proof – a utility bill, bank statement, Mobile phone account, Medicare number etc.

Most government services use the Document Verification Service (DVS) but few private organisations do. In short, it is very easy to establish an online persona.

#1 Don’t overshare on social media – especially not FakeBook

Have you ever thought about how much extra information you hand over online? For example, by default, public Facebook profiles reveal your full name, birth date, and where you work, so scammers can find out all that information with the click of a button. The best way to skirt scammers is not to let them in!

Or when shopping online why do they ask so many damned questions? For online forms, only fill out the required fields, usually marked with an asterisk (*) and it is quite permissible to lie about everything except the details needed to make a delivery.

And beware of so called FakeBook quizzes (any quiz) as they can harvest data to fill in gaps in your dark web profile.

ID theft

ACTION:

Think about what you put online and what consequences it may have today or in ten years’ time. Get into the mantra – It’s my data, don’t overshare.

Switch all your profiles to private and delete unnecessary details. Only accept friend requests from people you know and trust.

Top tip: #DeleteFaceBook

#2 Lock your real-world physical mailbox at the front gate!

This type of theft is still common today. A paper bank statement, phone or utility bill is almost all it takes to help get the 100 points of ID to set up an account or change an existing one. Cybercriminals often hire people to trawl the suburbs looking for mailbox gems.

ID Theft starts at the letterbox

ACTION:

Install a lock on your mailbox and check your mail regularly. If your mailbox is a little less secure have your packages delivered to a P.O. Box or your office.

ID theft

But it is more than just you mail box. In a recent survey 18% of people said that a primary type of ID was stolen during a home break in. Cybercriminals pay big bucks for original documents.

Top tip: Going on holiday? Call the post office to put your mail on hold. And change bills from snail mail to email.

#3 Monitor your credit and finances

With cash almost a thing of the past most simply flash the card. Make sure that at least weekly you look at your financial bank statements online and quickly query any that you don’t remember. If you are quick the bank usually refunds you for credit card or online scams.

But how do you know you are not already a victim of identity theft? Identity theft can go undetected for months (usual) or even years (if you are a sucker).

Identity theft may be to get a loan – and the cybercriminal simply does not make repayment. Often it takes a few months for debt collectors to knock at your door.

ID Theft may be used to get a pension or the dole or a Drivers Licence.

ACTION:

A good place to start is to obtain a copy of your credit report. You can get a free copy from from the major credit bureaus in Australia: Equifax, illion, Tasmanian Collection Service (Tasmanians ony) and Experian. All will produce a similar report, so you only need to use one! And you should check annually if you are worried.

Credit score

This report tracks your financial accounts and loans, so you’ll be able to spot any suspicious activity. ASIC has a good fact sheet here.

Top tip: If you’d rather leave it to the experts, you can enrol in a credit monitoring service for a fee from the above providers.

#4 Install security software

Cyberthieves often use malware, spyware or keyloggers to scan and collect sensitive information from your computer. Sometimes, these applications are so sophisticated that they go undetected, so it’s really important to protect your tech with security software.

There are lots of good anti-virus/malware products that can asset in reducing identity theft. The include Norton, McAfee, Trend Micro, Kaspersky, and more.

AV
Does not matter if it is Norton, McAfee, Kaspersky or others – just don’t t use a free one

ACTION:

Stop skimping by using free antivirus – it may cover part of the threat but definitely not all. You need layered protection on Windows, Android, and even macOS and iOS.

Top tip: Don’t skip software updates!

#5 Come up with complex passwords

Passwords are the weakest link. Using the same generical password across multiple accounts is like giving the cybercriminal a master key! Better still implement multi-factor authentication where a code is sent to your smartphone before you can access an online account.

ID theft strong password

And cybercriminals now use AI and machine learning to try variants of the same password – and are having a huge success rate.

ACTION:

Reduce ID Theft by using strong, unique passwords for each online account. There are a few tricks to creating strong passwords:

Top Tips:

  • Avoid using your name, birthdate, or ‘dictionary words,’ such as “turtle.” Turn it into a phrase instead: “turtleistired”
  • Use a mix of uppercase and lowercase letters, numbers and symbols
  • Consider mixing in words from different languages.
  • Enable two-factor authentication.

#6 Shred bills and bank statements – everything

The same people that check mail boxes will check rubbish bins too. They are looking for bank statements, utility bills, old loyalty or government cards (Medicare), envelopes, packages and letters with your name and address on them, signatures, credit card slips etc. They are also looking for airline boarding passes, upmarket brand packages, delivery dockets etc.

If you are an ID Theft target (and higher net worth individuals are) don’t throw anything in the bin that could be linked to your growing dark web profile.

Identity theft for high net worth

ACTION:

After checking bills credit reports, tax returns, receipts and more shred them.

Top tips: Go to Officeworks and buy a shredder. Now a word of advice from someone with 40-years ownership experience. Unless you have very few pieces of paper to shred monthly no strip shredder under $100 will last more than a couple of years and they are not secure.

You are looking for a cross or micro cut (into little pieces to P5 level security) with a reasonable sheet capacity (6+ A4 80gsm sheets at a time), bin capacity (15l at least), forward and reverse buttons, credit card slot, and run time of at least 10-minutes (rest time can be up to 45 minutes before you can shred again).

identity theft
This type of shredder does not provide security

#7 Be careful with links in email or SMS

Cybercriminals use spear phishing. These emails or SMS that look like they come from your friends or colleagues. How do they know who your friends are and what your interests are? These are AI and machine learning driven using data from your social media, dumpster diving and more.

ID theft phishing

These emails may suggest you click on a link to see a funny <insert cat, dog, animal> or purport to be from the Australian Tax Office, Australia Post or local businesses.

In the past they were riddled with spelling errors and ‘chinglish’ but today they are damned authentic using a majority of a legitimate email with a poisoned link.

ACTION:

If you get an email look at the sender’s email address – although these can be spoofed or sent from a hijacked email account.

Don’t click on any links. Instead, hover your mouse over the link to see a destination URL. Be aware of overly long URLS that may look right but are not, e.g. www.telstra.billing.accounts.com/ is not Telstra but Accounts.com!

On Android of iPhone or Android device, long tap to see the destination URL. This simple step can help you to avoid walking right into malware, viruses or phishing scams.

Top tip: If it’s a fake email, let the business or person know so they can warn others.

Also send a copy to Scamwatch so they know what is going on.

#8 Only shop on trusted websites

A fake website can be set up in seconds offering incredible deals. Often the site is simply scraped from the legitimate web site and only the online form is changed. In Australia Scamwatch has seen sites with .com.au and even Australian ABN numbers – it is all fake.

Fake Websites
This is fake – only the shopping cart has been altered

Signs to look for

  • A well-known product is advertised at an unbelievably low price or advertised to have amazing benefits or features that sound too good to be true.
  • It offers even big discounts for payment by electronic funds transfer or a wire service.
  • It may insist that you use gift cards (iTunes etc) or buy vouchers before you can access a cheap deal or a giveaway.
  • You came to site via a social media recommendation instead of a Google search or from the legitimate supplier’s site
  • Be very wary of Black Friday deals – cybercriminals piggyback onto the click frenzy.
  • Be wary of any site that does not have HTTPS at the beginning of a URL address

All they want is your delivery address, email address, mobile phone number and credit card details.

ACTION:

  • Be very wary of shopping online unless you can verify it is a legitimate store
  • Use a secure payment service like PayPal so as not to reveal your credit card details.
  • At worst use a credit card with a low spending limit.

Top tip: Check out as a guest and don’t store your credit card details. This will reduce your risk of ID theft should the site suffer a data breach.

#9 Double-check online promotions

Retailers regularly run sales, and cyberthieves use tactics to trick and hook consumers. If you spot a promo offer on an email or banner ad that seems too good to be true, go straight to the source.

Fake promos

ACTION: Scan the legitimate store’s site, social media feeds, or catalogue, or contact the customer service team to ask if the offer is legit.

Top tip: Scammers are known to post fake job ads, too, so check to see if the job is posted on the company’s website or LinkedIn.   

#10 Steer clear of public Wi-Fi

Hackers can steal your data and install malware onto your device. Stick to safe Wi-Fi connections and personal hotspots. If you need to use a public computer, log out of every account and clear the browser history before you leave.

MTM

ACTION:

Get a paid VPN on all your devices and use it whenever you are on public Wi-Fi or making financial transactions.

Top tip: Do not use a free VPN – Read GadgetGuy’s wild, wild west article here and about the best paid ones here.