12 Oct 2016
George’s stomach clenched. What were these ‘security reasons’? Once contacted his bank put him straight onto Holly in the Identity Fraud team. It didn’t sound good.
"While fraudulent identities are often used to steal money, they can also be used to commit a crime, launder funds, and even support terrorism."
Shane White, Senior production editor, BlueNotes.
“When was the last time you withdrew or transferred money from this account?” Holly asked. “What was the amount?”
George answered a few questions and by the end of the conversation, he was feeling sick. He didn’t need Holly to confirm what he already suspected – his account had been hacked and his money had been stolen.
Holly’s diagnosis indicated the issue was much worse: George’s entire identity had been stolen. Malware had been deployed on his personal computer allowing criminals to compromise personal information including his account details, passwords, passport details and more.
George’s story is scary but not uncommon. A report from the Attorney General’s Department in 2016, Identity crime and misuse in Australia, shows an Australian becomes a victim of identity crime every 20 seconds.
Between 4 and 5 per cent of Australians experience financial loss from identity crime each year.
While fraudulent identities are often used to steal money, they can also be used to commit a crime, launder funds, and even support terrorism.
According to the Attorney General, the annual cost of identity crime in Australia is $A2.2 billion. So what are the common methods criminals use to steal information – and how can customers better watch out for them?
A common form of cyberattack, phishing scams target individuals randomly to entice people to click on links and trick them into providing details which can be used of nefarious means.
In a workplace context, it normally appears as otherwise inconsequential emails or links which open attachments or extract usernames, passwords or credit card details.
Customers can help prevent such attacks by ensuring software has all the latest updates, using only trusted websites and deleting emails which seem suspicious.
A more-targeted form of phishing, spear phishing targets a specific person or business, rather than the sometimes scattergun approach taken by traditional phishing.
Often these attacks can contain malware, malicious software which can be used to access or disrupt systems or gather sensitive information.
At work, report any suspicious email activity immediately, even if you are unsure.
Scareware is an attack which involves tricking the victim into thinking the victim’s device is infected with malware.
The hacker subsequently offers the victim a ‘remedy’ and in the process installs a malicious code designed to capture personal information.
Remember to protect all your personal information online and never share information with anyone on the internet you don’t trust.
More broadly, cybercrime is a growing danger.
“Between July 2015 and June 2016, CERT (the national Computer Emergency Response Team, which sits within the Attorney-General’s Department) responded to almost 15,000 cyber security incidents – 418 of which involved systems of national interest and critical infrastructure,” Australian Securities and Investments Commission chairman Greg Medcraft said in a speech to the Australian Chamber of Commerce and Industry in late 2016.
Also in 2016, PricewaterhouseCoopers (PwC) found 65 per cent of Australian organisations experienced cybercrime in the previous 24 months.
Senior Manager, External Investigations at ANZ Shaq Johnson says financial institutions are fighting back.
“ANZ has put in place a number of security measures to prevent, detect and mitigate the impact of digital and identity fraud,” he says.
At ANZ, digital-related fraud dropped consistently in the last six months of 2016, and in October was recorded at less than half of the corresponding period in 2015.
“The number of victims we’ve seen has dropped from its highest point of 570 customers in October 2015 to just 198 in October 2016,” Johnson says.
In addition, ANZ has partnered with IDCARE, an independent support service for victims of identity and cyber-related crimes.
David Lacey is the Managing Director at IDCARE. He says recovering personal information once stolen can be arduous.
“Often people who have had their identity taken over can only get so far with one institution,” Lacey says.
“A bank can get their accounts back in order but the problem can be much bigger, requiring new passports and driving licences, contacting phone and internet providers, checking credit reports, reporting to the police, and so on.”
Johnson says high-net worth individuals and businesses can be targeted with well advanced pieces of malware designed to gain access to online banking and deplete bank accounts.
The sophisticated malware is able to automate the attack by looking for the highest balance account before transferring funds electronically to another financial institution.
Back in order
George was immensely relieved when Holly and the specialised Identity Fraud Team stopped his old accounts, set up new ones, and applied multiple layers of security to his ANZ profile to prevent unauthorised access.
He was then referred to IDCARE to help him get his life back in order.
“The fact that ANZ picked up the suspicious activity and pre-emptively stopped all transactions on the account says a lot about the progress financial institutions are already making on the front lines of detecting and preventing identity crime,” Lacey says.
The methods of identity thieves are sophisticated, numerous and growing. Vigilance when using technology is important, but customers can take comfort in the knowledge their financial institutions are actively helping to stem the tide.
Never give personal details to those you don't know. If you receive a call from someone who claims to be from your bank or any other organisation, don't give them your details.
Check your bank statement. If you see any unusual transactions, contact your bank, credit card provider or super fund immediately.
Review your credit report. Get your credit report from a participating agency. This allows you to check that no-one is using your name to borrow money or run up debts.
Carry only essential information. Avoid taking important documents out of your home to minimise the chance of them being lost or stolen.
Secure documents at home. Store your important documents in a fire and waterproof container or a safe deposit box in case your home is burgled or damaged.
Destroy personal information. Shred or cut up your bills, statements and expired cards to prevent thieves from using them.
Secure mail. Secure your letter box with a lock and collect your mail regularly. If you move house, notify the post office to redirect your mail.
Protect your smartphone. Be wary when installing applications onto your phone. Scammers may send you applications designed to download malicious software onto your phone and steal bank account details.
Shane White is senior production editor at BlueNotes.
The author would like to thank Emily Vogel for her contribution to this story.
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
12 Oct 2016
02 Jun 2016