Key Points
- Methods to steal data include phishing, skimming, social engineering, hacking, and dumpster diving.
- Identity theft can occur online or offline, or a combination of both.
- If you believe you’re a victim of identity fraud contact relevant organisations immediately.
Identity crime is a growing concern in Australia. It causes considerable financial losses to the Australian Government, private industry, and individuals.
According to , a website run by the Australian Competition and Consumer Commission (ACCC) to educate the public on recognising, avoiding and reporting scams, Australians reported $568 million in losses to scams in 2022.
That figure represents almost an 80% increase from the losses reported the previous year, which were just over $320 million. Given scam victims don't often report losses to authorities, experts believe these statistics may be significantly underestimated.
Criminals could access and drain your own bank account of the funds, or open new bank accounts in your name and take out loans or lines of credit. Credit: John Lamb/Getty Images
He says identity theft is when an individual’s personal information is stolen and used for fraudulent purposes and financial gain.
"This usually involves examples like a scammer or an attacker taking a credit card on behalf of someone else, or in some cases, like taking a tax return, social benefits, or even a loan, by exploiting or by using personal information of someone else", Dr Seneviratne explains.
What type of information do cybercriminals steal?
A cybercriminal may look to steal a range of personal information including:
- Name.
- Date of birth.
- Driver’s licence number.
- Address.
- Mother’s maiden name.
- Place of birth.
- Credit card details.
- Tax file number.
- Medicare card details.
- Passport information.
- Personal Identification Number (PIN).
- Online account username and login details.
The ACCC Deputy Chair Catriona Lowe says even the less valuable pieces of information can become useful to scammers once aggregated.
“Things like your name, your address, your phone number on their own probably can't do a lot, but potentially when combined with other pieces of information, they become more powerful”, said Dr Lowe.
Dr Lowe warns scammers may be able to find out more about you from public sources, including social media accounts which may feature photos and information about you and your family.
Scammers might utilise photographs from a social media feed or other details that can be used to pad out the fake picture that the scammers are creating.Catriona Lowe, Deputy Chair, ACCC
"So again, the message really is, be very careful about sharing personal information," Dr Lowe adds
Authorities warn to be cautious about posting personal information on social media platforms. Source: AP / Eraldo Peres/AP
- Phishing: This is when an attacker sends an email or message that appears to be from a legitimate source, such as a bank or government agency, asking for personal information. Once the attacker has this information, they can use it for fraudulent purposes.
- Skimming: This involves stealing credit or debit card information by using a device to capture the card’s magnetic strip. Skimmers can be placed on ATMs, gas pumps, or other card readers.
- Social engineering: This involves tricking people into giving away their personal information through techniques such as pretexting, baiting, or quid pro quo.
- Hacking: This involves breaking into computer systems to steal personal information or install malware that can capture sensitive information.
- Dumpster diving: This involves rummaging through someone’s garbage to find personal information such as bank statements or credit card receipts.
What can criminals do with personal information?
The most common forms of identity theft in Australia are financial identity theft, Medicare fraud, Superannuation fraud, tax fraud and child identity theft.
Exactly what the scammers are able to do will very much depend on the quality of that personal information that they've been able to compile.Catriona Lowe, Deputy Chair, ACCC
Once a criminal has the information, they could:
- apply for a credit card in your name
- open a bank or building society account in your name
- apply for other financial services in your name
- run up debts (for example, use your credit/debit card details to make purchase) or obtain a loan in your name
- apply for any benefits in your name (for example, housing benefit, new tax credits, income support, job seeker's allowance, child benefit)
- apply for a driving licence in your name
- register a vehicle in your name
- apply for a job/employment in your name
- apply for a passport in your name
- apply for a mobile phone contract in your name.
Sarah Cavanagh is the Manager of Community Outreach at IDCARE, Australia’s and New Zealand's national identity and cyber support service.
“Also, if your mobile phone suddenly switches to SOS mode, it's an indication of SIM swapping, where someone goes and impersonates you to a telecommunications provider and opens a new mobile number and transfers your account to that number,” Ms Cavanagh explains.
Turn on two-factor authentication on your banking, email, and social media accounts. Source: Moment RF / Oscar Wong/Getty Images
So how can you protect yourself?
Dr Lowe recommends thinking twice before entering your personal details into an unfamiliar website, including online stores.
Don't open suspicious texts or emails and don't click on links in those emails. Delete the emails or the text.Catriona Lowe, Deputy Chair, ACCC
“If you have received a contact from an organisation, if you are wondering if it's legitimate, don't use the details in the text or in the message. Independently verify the contact details of the organisation”, Dr Lowe suggests.
Ms Cavanagh recommends being careful of phone calls asking for your personal information.
"Be very wary of callers or emails requesting that you provide remote access to your computer or mobile device, and also request to download apps or programs on your computer in order to provide them access," she says.
Ms Cavanagh adds, "you want to be absolutely certain that you verified that the person is who they say they are."
Additionally, make sure you have strong, unique passwords for each online account, and never use the same password twice.
It is also important to physically secure personal documents at home and especially when travelling. Lock your mailbox and destroy documents with your personal information you no longer need.
Cybercriminals crack weak passwords – there are even software that guesses billions of passwords per second. Credit: Peter Dazeley/Getty Images
What to do if you think your identity has been stolen?
Most identity theft victims are unaware of how they were compromised.
Ms Cavanagh says it is important to remain vigilant and look out for signs of your identity being misused.
She also recommends contacting IDCARE if you suspect your identity has been stolen. An advisor will give you a step-by-step guide on what to do.
It is also important to contact relevant organisations immediately, and check your online account details, Ms Cavanagh explains.
You want to go in and reset all your passwords and pins across your accounts and turn on multi-factor authentication where you can. And then check for any changes in contact details linked to those accounts.Sarah Cavanagh, Manager of Community Outreach, IDCARE
How to apply for a credit ban?
If you believe you’re a victim of identity fraud you can lodge a request to credit reporting companies to place a ban on your consumer credit report.
Andrew Grant, a senior lecturer in the Discipline of Finance at Sydney University, says credit bans prevent credit providers from checking or accessing your credit report.
A low credit score can hurt your ability to take out a loan, secure a good interest rate, or increase a credit card spending limit. Source: AP / John Raoux/AP
Applying for a credit ban is simple and involves filling out an online application with the three credit reporting bodies in Australia.
"Each of the major credit bureaus in Australia will have information about you. If you want to apply for a credit ban to stop or anybody being able to obtain your credit report, you need to apply separately to each bureau," Dr Grant says.
The lists the steps to apply for an initial 21-day credit ban and explains how to extend it to 12 months or remove it if necessary.
Ms Cavanagh advises checking your credit report at least once a year to help you catch any unauthorised activity.
“Stop. Think. Protect.”
Identity theft can happen to anyone even if they have taken many precautions.
Dr Lowe says, scammers are becoming increasingly sophisticated. Thus, people need remember three key words; stop, think, and protect.
"Stop — don't provide those personal details or computer access. Think — 'do I really know who is on the other side of this transaction?' And, protect — if you are concerned that you might have been a victim of a scam, contact IDCARE and your bank and report the matter to Scamwatch," Dr Lowe explains.
Further resources
- To report a scam complete the or report it via the website.
- Contact if concerned about identity theft, on 1800 595 160 (Aus) or 0800 121 068 (NZ).
- Information about new methods of identity crime and emerging scams can be found at .