Identity theft

The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.

The below is based primarily on the advice of the Australian Federal Police.

What is identity theft?

Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits. Even if you think cybercriminals have only a small amount of information, it can still be enough to find more about you, including photos or information about your family. This can be used to create fake identity documents in your name or apply for real identity documents in your name, but with another person’s photograph.

You could be at risk of identity theft if:

  • You have lost or had stolen important documents such as your passport or driver licence.

  • Mail expected from your bank has not arrived or you are receiving no mail at all.

Signs that you might have had your identity stolen include:

  • Items have appeared on your bank or credit card statements that you don’t recognise.

  • You applied for a government benefit but are told that you are already claiming.

  • You receive bills, invoices or receipts addressed to you for goods or services you haven’t asked for.

  • You have been refused a financial service, such as a credit card or a loan, despite having a good credit history.

  • A mobile phone contract has been set up in your name without your knowledge.

  • You have received letters from solicitors or debt collectors for debts that aren’t yours.

Identity crime is estimated to cost Australia in excess of $1.6 billion each year, with the majority (around $900m) lost by individuals through credit card fraud, identity theft and scams.

More alarmingly, identity crime continues to be a key enabler of serious and organised crime, which in turn costs Australia around $15 billion annually.

How can I recover from identity theft?

If you have lost your identity documents or had them stolen:

  1. Contact the government or private sector agency which issued the identity document.

  2. Contact your bank or financial institution immediately and cancel all cards and accounts that may have been breached.

If you think you’ve been the victim of identity theft, act quickly. For advice, contact Australia and New Zealand’s national identity and cyber support service, IDcare, on 1300 432 273 or use their free Cyber First Aid Kit to help you work out what to do.

Report cybercrimes to the Australian Cybercrime Online Reporting Network (ACORN).

You can also:

  1. Get a copy of your credit report, by contacting a credit reporting agency, to check for unauthorised transactions. Make sure you can verify all ‘inquiries’ made into your credit history. Contact all companies and organisations that have made inquiries under your name that you did not authorise. Inform the credit reporting agencies that you are a victim of identity theft.

  2. Contact the credit providers and businesses with which any unauthorised accounts have been opened in your name. This may include phone and utility providers, department stores and financial institutions. Inform them you have been a victim of identity theft and ask them to close the fraudulent accounts.

  3. Close any fraudulent or breached online accounts. Most websites, including social networking sites and online trading sites, have a help section that contains specific advice about what to do if your account has been hacked or a fake account has been set up.

Certificates for victims of Commonwealth identity crime

If you are a victim of an identity crime and the theft is causing you problems in your business or personal affairs, you might be able to get a Commonwealth victims’ certificate. The certificate will help support your claim that you have been a victim of Commonwealth identity crime and will allow you to seek assistance in rectifying problems you have suffered as a consequence of the crime. The certificate doesn’t, however, bind an organisation to take action.

How can I prevent identity theft?

IDCare provides a range of resources about identity theft through its Learning Centre.

You can take some simple steps to reduce the risks of having your personal information stolen or misused:

  • Secure your mail box with a lock and make sure mail is cleared regularly.

  • Shred or destroy your personal and financial papers before you throw them away, or keep them in a secure place if you wish to retain them.

  • Always cover the keypad at ATMs or on EFTPOS terminals when entering your PIN, and be aware of your surroundings—is anyone trying to observe or watch you, are there any strange or loose fixtures attached to the machine or terminal?

  • Ensure that the anti-virus and security software on your computers and mobile devices is up to date and current.

  • Don’t use public computers (for instance, at an internet café), or unsecured wireless ‘hotspots’, to do your internet banking or payments.

  • Be cautious of who you provide your personal and financial information to—ensure that there is a legitimate reason to supply your details. Don’t be reluctant to ask who will have access to your information and which third parties it may be supplied or sold to. Ask to see a copy of the Privacy Policy of the business before you supply your details.

  • Only use trusted online payment websites for items won at online auctions or purchased online. Never make payments outside of trusted systems—particularly for goods which you have not yet received.

  • Regularly review your bank statements and obtain a copy of your credit history report. Report any unauthorised transactions or entries ASAP.

  • Ask your bank or financial institution for a credit or debit card with an embedded ‘micro-chip’—they are more secure than cards with only magnetic stripes.

  • Don’t respond to scam emails or letters promising huge rewards if bank account details are supplied, or in return for the payment of ‘release fees’ or ‘legal fees’.

  • If responding to an online employment or rental advertisement, be wary of transmitting personal information and copies of documents via email or electronically. If asked to attend an interview, do some prior research to confirm the legitimacy of the company or employment agency.

  • Always use the most secure settings on social media sites. Take extreme care if placing personal details such as date of birth, address, phone contacts or educational details on your profile, and don’t accept unsolicited ‘friend’ requests.

  • Avoid reusing passwords between online services. This makes sure that, if one account is compromised, it doesn’t compromise your other services.

Stay ahead of the latest cyber threats. Sign up for Stay Smart Online alerts, a free alert to inform you of the latest cyber threats and how to manage them.