Published Nov 17, 2022 by Xiph
Your data is not safe anywhere ─ that’s the lesson from the spate of cyber breaches impacting Australia’s biggest companies like Optus, Medibank, Australian Clinical Labs, and EnergyAustralia (so far).
Collectively, millions of customers and their personal data have been compromised, meaning millions of people are now at risk of identity theft and fraud. Even customers whose data and personal information haven’t been impacted and those who aren’t even customers of these companies are at risk of identity fraud.
It’s official: Australia lacks adequate cyber security
The cyber security disasters that have plagued Optus, Medibank, and other big corporations have shown just how ill-prepared companies ─ big and small ─ are to prevent hacking and intrusion into their data systems. The government has even gone as far as to label Australia’s cyber defences as ‘inadequate’. In fact, Australia ranks just 38th on the National Cyber Security Index (NCSI) lagging behind countries with lower GDPs like Malaysia and Bangladesh. The NCSI is a global index that measures the preparedness of countries to prevent cyber threats and manage cyber incidents.
Read more: Healthcare under attack: How to protect medical data from breach
Who’s at risk of identity theft?
Everyone is at risk of identity theft. In fact, a survey by the Australian Institute of Criminology (AIC) found that one in four Australians have been a victim of identity crime at some point in their lives. This is because most data is stored digitally (i.e. credit card numbers, personal information, etc.) which means there’s always a risk of breach or cyber attack. Data breaches can happen to any company at any time, and small businesses are particularly vulnerable.
What is identity theft?
Identity theft (also known as identity fraud) occurs when someone other than yourself uses your personal identifying information without your permission, to commit fraud or other crimes. Common identity fraud examples include someone using another individual’s identity to open a bank account, get a credit card, apply for a passport or conduct illegal activity. If you think you have provided your account details, passport, tax file number, licence, Medicare or other personal identification details to a scammer, contact your bank, financial institution, or other relevant agencies immediately.
How to respond to a data breach notification
If you’ve been notified of a data breach incident involving your information by an organisation or agency, it’s important to quickly minimise any financial impact or other damages. Here are some steps to take:
- Contact your bank to freeze your bank accounts ─ you may also need to cancel any credit or debit cards linked to your accounts.
- Change your online banking account passwords (this also includes micro-investing apps, your cryptocurrency trading account, your superannuation app, etc.).
- Set up transaction alerts on all your credit and debit cards to prevent unauthorised transactions.
- If any identity documents like passports, driver’s licences, or Medicare cards are compromised, you may need to contact relevant agencies for replacement.
- Change your email and social media account passwords.
- Check your phone and internet records/transactions.
- Take advantage of free services like IDCARE to reduce harm from identity theft.
It’s worth noting that all private and public companies with a turnover of over $3 million must report any cyber breach to the Office of the Australian Information Commissioner (OAIC) and notify customers and stakeholders of the said breach in a reasonable time.
5 types of identity theft
There are many types of fraud and many online and email scams out there. The most common types of identity theft include:
- Financial identity theft: This is the most common form of identity theft — when someone uses your personal information for financial gain. This may include accessing your bank accounts, taking credit cards or personal loans under your name, or buying financial products in your name.
- Tax identity theft: This involves stealing your personal information, including your tax file number, to file a tax return in your name.
- Medical identity theft: This occurs when a fraudster uses your personal or health insurance information to receive health care, buy prescription drugs, or make fraudulent billing/insurance claims in your name.
- Criminal identity theft: This is when someone identifies themselves as you and provides your personal information to law enforcements during an arrest, to avoid fines, or to evade any criminal charges. You generally won’t become aware of criminal identity theft until consequences arise, such as getting a Notice to Appear (or NTA) for an unpaid speeding fine.
- Synthetic identity theft: This involves fraudsters using a combination of fake and real information to create identities. For example, ID thieves may use a real Medicare number with a name that’s not associated with that number. Children and deceased people can be especially vulnerable since their details aren’t actively used.
How to check if someone is using your identity
It’s hard to know for sure whether someone is using identity, but there are warning signs to look for if you suspect you may be a victim of identity theft. Here are the most common ones:
- Unusual bills or charges you don't recognise appear on your bank accounts.
- Receiving unexpected loan application denials, especially if you have a strong credit history.
- Notice that more than one tax return has been filed in your name.
- Receiving bills, invoices or receipts addressed to you for goods or services you didn’t purchase.
- A sudden increase in suspicious phone calls, texts or messages on social media.
- Suspicious requests to update your online information.
- Receiving emails or texts asking you to ‘validate’ or ‘confirm’ your personal details by clicking on a link or opening an attachment.
- Strange emails appearing in your inbox.
- Unusual activity on your social media accounts
How to prevent or minimise identity theft
Here are some ways you can better protect yourself against identity theft:
Never open suspicious texts or emails: Delete any emails or texts that ask you click, call, or open an attachment immediately. Cyber criminals often use this tactic for phishing.
Never send sensitive information via email: Not all emails have end-to-end encryption which means your data could be displayed in plaintext and accessible to hackers. Do not share your personal information, credit card details, or copies of personal documents via email.
Use a virtual private network (VPN): You can use a VPN to establish a protected network connection when browsing the internet. A VPN re-routes your internet traffic through a private tunnel with end-to-end encryption and masks your real IP address. This prevents hackers from tracking your internet activity.
Read more: What’s a VPN & how does it work?
Choose unique passwords for all your accounts: Using unique passwords and updating them regularly makes it more difficult for scammers to access your personal information. Be sure not to use the same password for all accounts. If a scammer already knows the login information for one of your accounts, they will likely test it on other accounts.
Regularly check your bills and bank statements: Comb over your transaction and bank card statements at least monthly to check for suspicious withdrawals or charges. It’s also important to review bills and invoices sent to you before paying to ensure it’s a legitimate one.
Avoid accessing sensitive information on public Wi-Fi: If you must use public Wi-Fi, avoid sharing and accessing sensitive or personally identifiable information (PII). Steer clear from logging into your banking apps, social media accounts, or any website or accounts that hold your personal or banking information. Do not make online purchases, pay bills or transfer money when connected to an open wireless network.
Read more: Public Wi-Fi security tips + how to stay safe
Never authorise remote access to your computer: Never give a stranger remote access to your computer, even if they claim to be from a reputable organisation or business. Remote access scams usually involve scammers contacting people over the phone to get access to their computers and to steal their money.
Don’t share personal information on social media: That’s because scammers can use your personal information and pictures to create a fake identity/profile to scam others, or to target you with a scam. Never share your address, phone number, birth date or other personal information online. This also helps protect you from stalking and harassment.
A final word
Identity theft continues to be one of the most common crimes in Australia which is why it’s important to be extra vigilant with your personal information and be prepared to act if it falls into the wrong hands. For more information, contact us via email: enquiries@xiphcyber.com.
Posted in: Security