The advent of individuals being scammed or their identity data being stolen seems to be increasing exponentially.
Being a cyber security professional, I get asked for advice by friends and family often. Given how prevalent this issue seems to be becoming, I thought it best to note some advice and share it broadly.
Let’s start by looking at the two key threats:
- Scams and unsolicited calls, emails and text messages – scammers call individuals pretending to be either from a prominent organisation trying to help them, or trying other tactics to entice individuals to perform actions that could provide scammers access to their bank account details, credit card information, etc.
- Identity theft – stealing identity data from hardcopy records or breaching organisations that have your identity data. With stolen identity data, a perpetrator can perform multiple types of fraudulent actions such as opening up new financial accounts (debit accounts, credit cards, personal loans) in the affected individual’s name, gain access to your MyGov, ATO and other general accounts, establish new utility accounts and apply for rental properties, etc.
In order to avoid falling victim to the threats above, the following measures are recommended:
Scams and Unsolicited Calls, Emails and Text Messages
- If an email, phone call or text message is asking for personal or financial data, or asking to click on links, be vigilant and do not follow their instructions. Disconnect and make your own enquires with the purported company first.
- If you don’t expect an email, ignore it. Don’t click on a link in an email. Clicking a link in a fraudulent email can take you to a phishing site that will look so real, it will fool you into entering your login information. Type in the URL (website address) instead.
- Do not provide anyone access to your devices. Ensure all personal devices have anti-malware, personal firewall / security software installed and updated.
- Enable multi-factor authentication (MFA), where possible, for bank accounts, mobile device accounts (Apple ID, etc.) and other important accounts. It is preferable that wherever you can set up MFA, that you use an App on your device such as Google Authenticator, or Microsoft Authenticator, rather than an SMS as SMSs can be intercepted via SIM swaps (an intruder porting your mobile number to themselves using stolen identity data to intercept the MFA token). Where MFA is not possible, use strong and unique passwords / passphrases for all your accounts.
- Keep an eye out for any suspicious activity across your online, financial, superannuation, ATO, etc. accounts and report anything out of the ordinary immediately to your provider.
Identity Theft Leading to Financial Losses
- Obtain a credit report regularly (3 monthly in most cases) from all three credit agencies (Equifax, illion and Experian). This will allow you to determine whether someone has attempted to obtain credit in your name.
- In the worst case scenario, apply for a Credit Ban with Equifax, illion and Experian (Australia). This will prevent someone from obtaining credit in your name fraudulently.
- Replace stolen ID documents as soon as possible to prevent unauthorised use of your IDs.
The risk of scams and identity fraud is ever-present and increasing. With vigilance and applications of the measures noted above, one can protect themselves from falling victim to these threats.
Further information and assistance can be obtained from the IDCARE website on all of the points above.