Big questions_ identity theft

Identity theft in Australia: how real is the threat?

Identity theft. Phishing email. Credit card fraud. All phrases that circle around anyone who does almost anything online. But how likely is it that a scammer will steal your identity? How do criminals try to get the information they need to defraud you? And what can we do to try and prevent identity theft in Australia happening?

We spoke to Dr Tanveer Zia, an adjunct professor in computing at Charles Sturt University. He’s an expert in cyber security and gave us the lowdown on how criminals try and steal your identity.

What are scammers trying to get?

As more and more of our activity – financial, professional and personal – takes place online, the internet is increasingly where scammers target their efforts. But, as Dr Zia pointed out, not all identity theft in Australia occurs online.

“Generally, scammers are using identity theft in Australia for financial gain. If they are looking to sell your identity, they are looking to get two pieces of information: driver’s licence number or passport number and birth date. If they are looking to make financial transactions in your name, they just need your name, credit card number, expiry date and CCV number.

“In terms of how likely it is that you will be the victim of a scammer, well, it’s pretty likely! Australian Federal Police cybercrime research indicate that scammers are stealing an average of $1.6 billion a year from Australians, with the majority (around $900 million) being online credit card fraud, identity theft and scams.

 “However, not all identity theft is online. The more unsophisticated method is simply stealing mail from a mailbox. Most of us don’t lock our mailbox, and even if we do, scammers have ways of extracting personal mail (such as using glued paper to ‘fish’ for letters in post boxes). This is more likely the case for older people. They tend to use the postal service more, even for things like making credit card payments.”

How do scammers ‘phish’ for digital information?

While somewhat more sophisticated, the approach to identity theft, as Dr Zia explained, is not overly complicated.

“Online, phishing emails are a major source of fraudulent activity. This is particularly the case when people are at home. Home systems rarely have the same levels of security protection as business computer networks. More phishing emails get through to home email inboxes. If an email looks like it’s from a reliable source and you click on links, you can get an infection or you are prompted to enter your banking details. And the scammers are getting more and more sophisticated, able to dupe people with authentic-looking email requests.

“Elderly are probably more at risk (often with phone calls where they give over remote access to a computer and a scammer can just look at their cookies and browsing history to get the information they are looking for). However, a lot of people aged 25 to 40, who are considered digital natives, fall prey to these phishing scams as well.

 “Financial fraud is often lower-level criminals. But actual identity theft tends to be conducted by larger, organised criminal groups. They won’t use someone’s details straightaway to make purchases. They will harvest lots of people’s details and then sell them on in bulk (typically on the dark web). Alternatively, they will try and source other pieces of information about an individual, so that they can do things like applying for passports or driver’s licence in someone else’s name. Scammers can use these fraudulent documents for more severe crimes such as human trafficking or child kidnapping.”

How can we protect ourselves against identity theft?

Identity theft are becoming increasingly common – with things like algorithms able to automate phishing attacks. However, we can all take some simple steps to try and prevent falling victim to one. Dr Zia highlighted some key strategies.

“The best way for people to keep themselves as safe as possible is not opening any email that looks unusual. Always check the URL of a link that you are being asked to click on. Confirm that it is the URL of the organisation it purports to be from.

“Also, enable multi-factor identification, such as an SMS, in addition to a PIN number on a card or an email account. Create difficult passwords and change them regularly. For instance, if you lose your phone, some scammers can use infrared technology to see which keys are pressed most often. That makes it easier to determine passwords.

“Further, avoid using public computers or networks for financial transactions. On open wi-fi networks in places like hotels, airports and train stations, hackers can monitor the network traffic, especially if the network has weak encryption.

How to get the skills to protect yourself from identity theft

“We are essentially in a knowledge ‘arms race’ between scammers and those trying to prevent them. So we need people with understanding of the threats and the ability to innovate solutions to combat them. So at Charles Sturt University, not only do we conduct cybercrime research, we also regularly review our courses so we include the latest knowledge and skills. At the moment, there is a lot of focus on penetration testing and ethical hacking. So software and hardware designers, and network managers, can try and prevent attacks before they even get to individuals.”

Do you want to fight the scammers?

If you want to work at the cutting edge of cyber security, our dedicated postgraduate degree – the Master of Cyber Security – will give you the very latest knowledge and skills to fight the scammers. Or perhaps you’d like to design the very latest software to protect people online. Then you could take an information technology course, at undergraduate or postgraduate level.

Contact us so we can help you work out the best option for your career goals.