How to protect yourself against identity theft

Have you applied for a government benefit but are told that you are already claiming? Do you receive bills, invoices or receipts addressed to you for goods or services you haven't asked for? Have been refused a financial service, such as a credit card or a loan, despite having a good credit history?

If you have received letters from solicitors or debt collectors for debts that aren't yours or a mobile phone contract has been set up in your name without your knowledge, then you may have been a victim of identity theft.

Believe it or not, identity crime is a critical threat to the Australian community, generating significant profits for offenders and causing financial losses to the Australian Government, private industry and individuals.

Recent estimates by the Attorney-General’s Department indicate that identity crime costs Australia upwards of $1.6 billion each year, with the majority (around $900m) lost by individuals through credit card fraud, identity theft and scams.

Identity theft has always existed in various forms. Theft of printed identity information via dumpster diving, mail- intercepts, pick-pockets, con-schemes, etc. has contributed to the crime for years. However, the digital age and the rise of the Internet have dramatically expanded the scale of the crime.

The same Web applications that provide consumers with direct access to inventories of books, music and cars, offers international criminals with the opportunity to access credit card numbers, social security numbers, and passwords. A single incidence of digital identity theft may compromise thousands of consumers at once.

Identity theft occurs when a criminal gains access to your personal information (such as your name, address, date of birth or bank account details) to steal money or gain other benefits.  Criminals may attempt to gain your personal information using a number of different techniques, including, 'phishing', hacking into your online accounts, duplicating your social media profile, or illegally accessing your information from a business database.

Digital identity theft has multiple sources. For instance, lost or stolen storage media, such as laptops, backup tapes, or disks, containing sensitive data end up in the hands of identity theft criminals. In another example, malicious employees abuse direct access to corporate databases or storage media. Criminals around the world can also use vulnerable Internet-enabled Web applications as an entry point to back-end corporate databases.

As a means to illegally access and utilise identity information, Internet-enabled Web applications, in particular, have accelerated the growth of identity theft. Web applications provide a convenient link between international crime organisations (often residing in Russia, Indonesia, and Nigeria) and vast inventories of worldwide identity information. By exploiting vulnerabilities in ecommerce, banking, healthcare, and human resource applications, these criminals have found that they can access back-end databases containing identity information.

Once a malicious party has your information, the world is their unfortunate oyster. They can engage in activities like applying for a credit card, open a bank account, run up debts or obtain a loan, all in your name. The Internet also provides a relatively anonymous medium for utilising identity information once acquired. Cell phone accounts, bank accounts, credit cards, auto loans, and short-term bank loans can all be approved online without requiring physical proof of identity.

To reduce the risks of insider threat, enterprises must improve access controls over high-risk elements of code, so as to prevent an unauthorised user from gaining access to security-sensitive operations in a program. Another risk mitigation strategy is to use predictive user analytics to detect suspicious network activity. User behaviour analytics tools build profiles of employees based on their usage patterns and send out alerts when they spot abnormal user activity.

Another class of software, security identity event management (SIEM) tools, can monitor user activity for threat management and rules compliance.

Ensure that the virus and security software on your computers and mobile devices is up-to-date and current. Confirm who has access to your information, and which third parties it may be supplied or sold to. Only use trusted online payment websites and regularly review your bank statements and obtain a copy of your credit history report.

So if both IP and identity crime continue to be a key enabler of serious and organised crime, which in turn costs Australia around $15 billion annually - so what is being done about this in Australia?

The Australian Federal Police, in collaboration with other government departments and private sector organisations, is involved in a variety of activities to tackle identity theft and identity crime. For instance, the joint AFP and New South Wales Police Identity Security Strike Team (ISST) is supported by the Department of Immigration and Border Protection and New South Wales Roads and Maritime Services. ISST is dedicated to the investigation of identity-related crime, including the compromise of personal information and the production of false or forged documents.

If you think you are a victim of identity theft, it is important that you act quickly to limit the fraudulent use of your identity. You should report the incident to the ACORN and immediately inform the police and report the loss or theft of identity credentials to the issuing organisation. Contact the credit providers and businesses with which any unauthorised accounts have been opened in your name.

As in any case, prevention is the best cure. All web sites contain vulnerabilities that provide attackers with the foothold that they need to perpetrate an array of identity theft attacks. To help enterprises focus their efforts on the most critical risks. Imperva Defence Centre’s  SecureSphere’s Web Application Firewall integrates its unique Dynamic Profiling technology with a combination of other technologies to immediately and cost-e ectively prevent identity theft attacks.

If you want to know more about how to protect your data from hackers and insider threats, please contact me at [email protected].

About the Author

As the Country Manager at Imperva, Chris Wood partners with organisations to ensure their data is contained in completely secure cloud environments. His services determine the most effective security solution for his clients’ cloud, database, application and DevOps requirements.