NZ Incident Response Bulletin - March 2020
The March edition of the NZ Incident Response Bulletin was published today. The bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Each Bulletin also includes a section of our own content, based on a trending theme, this months being “Identity Crime”.
Each article contains a brief summary and where appropriate, a linked reference on the web for detailed information.
We'll give you a brief summary of each article, and a link to more information. Why do we publish this bulletin? Because we want to keep you up to date with the latest Forensic and Cyber Security news, so that you aren't caught by surprise - and you'll know about risks and changes before they become problems.
In this Linkedin Article, we've included an extract from this months Bulletin.
Identity Crime
Identity crime (which includes creating false identities) is estimated to cost the New Zealand economy as much as $209 million annually according to the Department of Internal Affairs (DIA) and as many as 133,000 New Zealanders may be victims of identity theft each year.
Identity crimes, which are often committed online and across jurisdictions, are also hard to prosecute and have long term impacts for victims. Identity crime is growing, and it impacts companies and individuals across all areas. Knowledge of how this type of cybercrime is perpetrated and how to protect your identity information is vital for all individuals to remain secure and lower the chances of becoming a victim of identity theft.
For business, identity crime is a bigger problem than just identity theft. Identity crime includes the creation of fake identities, using the details of deceased persons, as well as identity theft. Organisations should be aware of identity crime, both due to the financial risks, and the potential reputational risks involved.
What is Identity Theft?
Identity theft is when someone uses your identity information (facts that establish who you are) and pretends to be you.
Information that may be obtained or stolen and used to establish an identity includes:
- Name
- Date of Birth and Birthplace
- Addresses (physical and email) and Phone Numbers
- Passport and Driver’s License Details
- Bank Account Numbers
- Photos and Social Networking Details
How does Identity Theft occur?
The methods used by criminals to steal identity information vary frequently; however, common ways this occurs are as follows:
1. Information is given away freely
In this scenario, the criminal does not even have to steal anything as many individuals will give away their personal data (often over social networking sites) without understanding the long-term consequences. For someone with ill intent, even a name and date of birth can be used maliciously.
2. Offline
Offline methods to obtain information include:
- Dumpster Diving – Digging through your rubbish or mail in search of statements or personal information
- Shoulder Surfing – Looking over a shoulder to collect passwords/pins
- Fake Phone Calls – Pretending to be a legitimate entity company or individual and tricking the victim into supplying information
- Wallet theft – Theft of your wallet to obtain cards, ID, data.
- Skimming – Using a device attached to an ATM machine to obtain credit or debit card details
- Pretexting – Contacting a business and impersonating a legitimate customer to get login details changed/ obtain password information etc.
- Record or document theft – Physical theft of documents from airports, cafes or bags
- Posing as a home buyer – Using open homes to gain access to information insecurely stored
- Fake change of address form – Fraudulently completing a form to forward mail to another address
3. Online Methods
Online methods to obtain information include:
- Phishing/Smishing and Spear Phishing – using phoney emails, text messages and fake websites to trick the victim into supplying information
- Hacking – Exfiltrating data once a system has been breached
- Malware – Using any form of malicious software such as virus, worm, keystroke loggers or spyware
- Spam
- Monitoring unsecured websites or public WiFi to view the data you transfer
Impact of Identity Crime
The implications of identity crime include financial, reputational, emotional and social tolls. In complicated scenarios, identity theft can take many months to resolve. Financial hardship can result from the need to clean up compromised systems and accounts, create new networks and open new accounts. Disputing an identity thief’s activity in your credit history, tax declarations or employment records may be necessary. Loss of income from the theft of investment funds and bank accounts may occur.
Reputational damage can be severe as a criminal can commit offences in your name or your business name that directly harm your reputation and can be time-consuming to fix.
Victims of this type of crime also suffer social and emotional impacts that ultimately impact their personal lives and can also affect workplace productivity. An Identify Theft Resource Centre survey found that 23% of ID theft victims feared for their safety and many suffered an inability to focus, sleep issues and physical illness as a result. 10% were unable to continue working during this period.
How to protect yourself?
Controlling the amount of information you release publicly can reduce the chance of identity theft. Additionally, as thieves may not use any information they steal for months or even years after obtaining it, the need for constant vigilance is required.
- Be careful with whom you share your information and limit the amount you share whenever possible
- Always ask why a business or individual needs any information requested and how they intend to use it before supplying it to them
- Securely store important documents such as your passport or birth certificate (this includes securing electronic copies adequately)
- Do not use public Wi-Fi or a shared computer for online banking or sending any sensitive information or documents
- Do not overshare on social media
- Be suspicious of unexpected events such as unusual bank account activity or unusual letters from creditors
- Request a regular credit report
- Request an access report from Births Deaths and Marriages at the DIA to see who has applied to view your records
- Keep antivirus protection up to date
What to do if you are a victim of Identity Theft?
If you suspect someone is using your identity fraudulently, you should first contact the police. Individual organisations such as your bank and the Department of Internal Affairs may also need to be informed to prevent any further fraudulent activity.
The Department of Internal Affairs has an Identity Theft Online Checklist you can refer to for specific advice. Further resources and information can also be found at the links below:
- New Zealand Police Tips
- CERT NZ – Online Identity Theft
- Department of Internal Affairs Identity Theft Checklist
The Bulletin:
To obtain a full copy of the Bulletin, please visit https://incidentresponse.co.nz/bulletin