Identity theft is an ever-present threat within Australia and globally, as shown by the recent data hacks of large companies such as Optus and Medibank. The truth is that you can never be 100% sure that you will avoid it but there are a number of steps you can take to minimise the chances of hackers and unscrupulous entities from stealing your identity. Keep in mind that as the identity theft techiques of criminals evolve and become more sophisticated, you will need to upgrade your security measures accordingly.
What is identity theft?
According to the Office of the Australian Information Commissioner (OAIC), identity fraud “involves someone using another individual’s personal information without consent, often to obtain a benefit”. In other words – a third party obtains or ‘steals’ sensitive personal data without permission, usually to secure an ill-gotten financial gain. In the past, an identity theft definition may have involved the forging of paper documents, however, that practice has been overtaken by online identity theft conducted by hackers or digital con artists.
‘Personal information’ encompasses a broad cross-section of data that identifies a particular individual. This may include details such as an individual’s:
- Date of birth
- Credit information
- Employee information
- Internet service details
- Customer ID numbers
What is the difference between identity theft and fraud? Well, identity theft is a type of fraudulent behaviour, just not the only one. Fraud can be considered the umbrella term. There are other types of fraudulent activity that can be taken, such as a business defrauding investors, that do not involve identity theft.
How does identity theft occur?
The most common means by which criminals steal your identity are ‘phishing’ and ‘smishing’.
Phishing entails criminals pretending to be an institution that someone is a client of, such as a bank, sending you a fraudulent text message, email or other notification requesting that you click on a link or reply with details. They may falsely be claiming that action needs to be taken, or permission is required on your account. Some phishing attempts can be quite sophisticated, using company branding and layout to convince targets of their legitimacy.
Smishing involves a false notification, often over text message, for items such as an undelivered parcel or package that you did not request. In some examples, the sender may appear to be a reputable business that may have had its delivery details mixed up, however, if you did not make any initial order it is advised that you do not reply.
How common is identity theft in Australia?
According to data provided by the Australian Bureau of Statistics (ABS), approximately 0.8% of Australians aged 15 and over experienced an incidence of identity theft in 2020-21. This is a modest rise from the previously reported figure of 0.7% in 2015-16 – indicating a steady presence of identity theft throughout the decade.
It should be noted, however, that the total instances of personal fraud increased from 8.5% to 11% between the same reporting periods. The importance of securing personal information has steadily increased over time to combat a growing threat of not only identity theft but also card fraud and sophisticated scams.
What are the most common types of identity theft?
- Financial identity theft – Your customer identification number, Tax File Number (TFN), account number, superannuation fund details, and other sensitive information may be used to access your financial accounts or apply for debt in your name. For example, you may be impersonated to secure a loan or obtain goods on credit.
- Synthetic identity theft – Your stolen information may be combined with fabricated information to create a new, non-existent individual who may be able to apply for financial products or government services. For example, your driver’s licence number may be used in coordination with a fake name and address to apply for a bank loan or credit card, which can be difficult to track.
- Unemployment identity theft – The stolen information may be used to apply for government unemployment benefits that you did not intend to apply for. For example, the thief may apply to Centrelink for unemployment support in your name, directed to their own account.
- Medical identity theft – Details, such as your Medicare number and private health insurance information, may be used to claim benefits that you did not intend to claim or conduct procedures under your policy. For example, your medical identity may be used to fraudulently apply for elective medical procedures, such as cosmetic dental work.
What are the warning signs of identity theft to look out for?
If you observe any of the following, it is recommended that you contact authorities immediately:
- Bills delivered to you for items that you did not purchase.
- Account statements that you do not recognise.
- Credit card or bank statement line items for products that you do not remember buying.
- Collections notifications for debts that you did not apply for.
- Withdrawals made from your bank account without knowledge or permission.
- Failure in the delivery of regular bills to your home or email.
- The filing of more than one tax return under your Tax File Number.
- Negative credit file information from actions you did not take.
What are the steps to deal with identity theft in Australia?
Step 1: Report it to the police. Refer identity theft in Australia to your local police as soon as possible, ideally ensuring that you obtain a police report or reference number to potentially be used as evidence in the future.
Step 2: Contact the issuer of the stolen information. Be sure to report the fraud to whoever issued you the information in the first place. For example, if your bank account information was stolen, contact your bank to notify them.
Step 3: Contact your other financial institutions. Even if the fraud does not directly involve your bank or trusted financial service provider, they may be able to assist in securing your data and providing additional advice for actions to take. They may additionally allow for additional security for your account if they are aware you are at risk. Similarly, it may be worth contacting utility providers such as Telstra.
Step 4: If it is an instance of cybercrime, report identity theft cases securely to the Australian Cyber Security Centre at ReportCyber.
Step 5: Change your passwords. If your data has already been used fraudulently once, then you may remain at risk for further instances. Changing your passwords for login to all essential devices and services can assist in securing your information and mitigating future fraud.
Step 6: Seek expert advice and counselling. For instances of cybercrime, it is recommended by the OAIC that you “contact IDCARE, Australia’s national identity and cyber support service, to get expert advice from a specialist identity and cyber security counsellor.” You may also have your own support network of professional financial advisors and mental health counsellors that could assist you in dealing with these difficult events.
Step 7: Obtain a copy of your credit report. Every Australian is entitled to a free copy of their credit file with each bureau every three months, which can act as a free identity theft check of sorts. If you believe that you are a victim of identity theft, it is recommended that you obtain your credit report with all three to determine if your credit score has been affected and to inform the reporting body of the fraud. Bureaus may be able to put a freeze on your credit report so no new credit accounts can be open.
Step 8: Consider applying for a victim’s certificate from the Commonwealth. There may be lasting consequences from the fraud on your future dealings and actions. To help support your claim and provide some assurance to future parties you are seeking credit with, it may be in your interest to apply for a victim’s certificate.
How to reduce your exposure to identity theft
As the techniques used to commit fraud and identity theft are always evolving, it is important that the strategy and tools you use to protect your information do as well. Scam artists are becoming increasingly sophisticated with the strategies they employ. Knowing how to avoid identity theft requires constant vigilance.
There is no comprehensive solution to protect yourself indefinitely from identity theft, as fraudulent entities will always be seeking new ways to breach security measures. However, there are some recommended tips to consider to reduce your exposure to identity theft:
- Physically secure your documents and information. Do not carry sensitive documents and items such as passports, credit cards, and tax file number details around with you regularly. This includes saving personal information on your phone. Put applicable items into a safe or secure location and ensure that they are only removed when you absolutely need to use them.
- Use additional online security measures such as 2-Factor Authentication (2FA). Some online service providers will allow you to implement additional layers of security to prevent impersonation. 2FA ensures that you may need to provide an SMS code as well as traditional login details to access your account. Top identity theft companies, such as Veda, are also providing verification products that may assist in protecting your data. Additionally, obscuring your IP details with a Virtual Private Network (VPN) may be recommended in some instances.
- Review your financial documents regularly. You need to review bank statements, tax return details and other critical financial documents regularly to quickly identify suspicious information or unexplained actions.
- Do not reply or provide details to unknown senders. Be sure to check the actual email address or number sending you certain notifications, and whether they match with official correspondence you have received in the past. Even a logo should not be enough to convince you that they are legitimate, as scammers will regularly use branding to falsely impersonate a company. Be aware of any unknown parties reaching out over social media platforms as well, including Facebook.
Avoid fraudulent trading partners with CreditorWatch
For Australian business owners, it is critical that you have measures in place to avoid scammers, fraud artists and those with negative payment tendencies. CreditorWatch’s sophisticated credit reporting platform allows you to observe details of adverse ASIC (Australian Securities and Investments Commission) notices, defaults, cross-directorships, and court notices for any company.
Our SmartID digital identity verification tool incorporates biometric checks to help you confirm that your customers are exactly who they say they are. Book a free demo here.
CreditorWatch’s Know-Your-Customer (KYC) and Ultimate Beneficial Owner (UBO) reports help you meeting AUSTRAC reporting obligations and identify any risks of doing business with a particular customer.
Furthermore, our machine-learning technology analyses which trading partners are likely to encounter default or administration moving into the future, allowing you to avoid risky entities and bad debt. Should any critical information change, you can rest assured knowing that you’ll be immediately alerted over email via our 24/7 Monitoring and Alerts. The sooner you know, the sooner you can take action to protect your cash flow.
Get in touch!
For more information on setting up monitoring and alerts, speak to our expert team today.
Get started with CreditorWatch today
Take your credit management to the next level with a 14-day free trial.