Today's reality is we have the entire world in the palm of our hand and…
Identity theft is not a joke
In the past, personal information could only be compromised if you lost your wallet or had your mail stolen. While offering us undeniable convenience and connection, our increased digital dependence has created the new personal challenge of protecting ourselves from identity crime — identity theft or identity fraud.
Understanding what identity theft is
Every site and platform we use requires us to enter and store personal details such as name, address, driver’s license, passport, date of birth, bank account, and credit card details. These details are vital assets for committing identity fraud: the use of someone else’s personal information for impersonation or extortion for financial gain, to use in:
- Creating new financial, utility, crypto wallet or phone accounts
- Taking control of accounts and threats to return your access or release private information in exchange for ransom
- Obtaining money from investment or superannuation accounts
- Apply for government benefits, jobs and rental properties
- Providing police with false information, e.g. to deflect criminal activity or unlawful immigration status
Identity fraud signs to look out for:
- Unfamiliar transactions on your accounts
- Receiving unfamiliar bills, receipts and invoices
- Being denied a loan despite previously having a good credit score
- Current mobile phone or other utility service lost because it has been transferred to a new, unknown device or location
While this may have some of you recalling The Office US sitcom reference created for laughs, millions worldwide know the reality of identity theft is far from funny.
How does identity theft happen?
While we can take measures to minimise our susceptibility, the information that other companies store is at risk. Weak passwords and security procedures, insider sales of company information, unintended exposure (human error), and hacking are ways our information ends up on the dark web.
Identity theft most commonly happens through company data breaches, where hackers access customer information through hacking, malware, or even human error. The exposed data—names, passwords, and credit card numbers—is sold on the dark web, where criminals use it to commit identity theft or fraud.
What is the dark web? A simple explainer is here.
Phishing scams are one of the most common data theft tactics. Phishing emails are deceptive messages that mimic legitimate companies, fooling people into revealing personal information or clicking malicious software (malware) links, which install on devices to data or track online activity.
Who is most targeted by identity crime?
Identity crime can happen to anyone, regardless of age, income, social status, or location.
The most susceptible?
- Seniors who are less familiar with online security practices
- People and organisations who are complacent with data security
- People who share a lot —or aren’t cautious about the personal information they share — on social media.
If they already have someone’s personal information, details gleaned from social media help cyber thieves impersonate successfully or are used to build trust and manipulate people, like a message from an old friend, colleague, or family member luring someone into sharing personal information or clicking a malicious link.
Posts reveal birthdays, hometowns, pet names, favourite places, and even your mother’s maiden name – all classic account verification security questions, along with financial and family situation details, upcoming trips or groups you’re part of.
The consequences of identity theft are financially and emotionally devastating. Recovering debts and clearing your name and credit score are often lengthy, frustrating, stressful, and emotionally draining experiences.
In 2023, 2.1% of Australians (434,300) experienced online impersonation (ABS, 2024).
How to avoid identity theft
- Don’t click links or open attachments from unknown senders, especially those asking for personal information verification or claim urgent action is required
- As mentioned, be cautious with social media sharing, even if your accounts are private
- Use a password manager to create unique, complex passwords and change them regularly. Here are 8 of the best password managers
- Use Two-Factor Authentication (2-FA), a security measure that requires confirmation, usually through an authentication app, a text code, a fingerprint, or a face after you’ve entered your password. If you’re not sure, check out 2-FA For Beginners
- Install a reputable antivirus and consider a VPN (Virtual Private Network) to encrypt your online activity, especially on public Wi-Fi
- Install the Sapher browser extension for broader protection. It proactively identifies and alerts you to threats like fraudulent links and sites
Bringing identity thieves to justice
While authorities take identity crime seriously, prosecution can be complex. Analysing digital evidence across various devices and platforms takes significant time and resources. When identity theft crosses state, national, and international borders, there are jurisdictional issues over who has the legal authority to prosecute.
Find out more about how we’re emboldening everyday people to actively defend their online lives and simplifying the world of cybersecurity for everyone.