Identity theft: a personal and organisational threat

Share this post:

Author: John Martin, Senior Security Architect, IBM New Zealand

Identity theft is a growing phenomenon, affecting as many as 133,000 New Zealanders annually at a cost to the economy of as much as $209 million every year¹.

Typically, identity theft is used to perform financial transactions using accounts in another person’s name. These can be making purchases using a credit card number or taking out a loan for a car. Less commonly, it is used to obtain medical insurance, file fraudulent tax returns, impersonate another individual during an arrest, open phone or wireless services, or even attempt blackmail.

But the impacts of identity theft go beyond the personal – it’s also the easiest way for criminals to gain access to networks and data. Once a malicious actor has the identity information of a member of your organisation, they can target it with phishing or ransomware attacks.

By taking precautions and addressing common risks, users can thwart cybercriminals in both their personal and professional lives.

Simple steps to protect your identity

Personal identity information can be stolen by rummaging through rubbish for sensitive documents, infiltrating organisations that manage large amounts of personal data, or hacking into computer systems.

You can fight identity theft by taking the following precautions²:

• Never give out personal or financial information over the phone or in an email. Beware of phishing scams, where a pop-up message or email asks you for personal or financial information.
• Always use strong passwords that are at least eight characters long and contain numbers and special characters (like: $, %, &), and that do not contain a word found in the dictionary. Or use password phrases, which are longer sequences of words. Change your passwords frequently and never share them.
• Use a password manager to store and protect your passwords.
• Use anti-malware software daily. It can help detect spyware, which is software installed on your computer (often without your knowledge) that collects information about you.
• Avoid using software downloaded from unknown websites or peer-to-peer file-sharing services. Also avoid software that claims to be a game, a screensaver, collects information for ‘marketing purposes’ or promises to ‘accelerate your internet connections’. These programs may contain spyware.
• Shred credit card receipts, junk mail, and other documents with sensitive personal or financial information. Never leave these types of documents exposed in a public space (such as an office desktop).
• Never make personal information about yourself (like your birthdate, place of birth, family members’ names) publicly available on social networks like Facebook or websites like Google. This information can be easily found by search engines and used to help perpetuate identity theft against you.

If you’re concerned, you may be the victim of identity theft, use the DIA checklist, or raise an Incident Report with the CERTNZ.

And to find out more about protecting your organisation from identity theft, talk to a member of our Cyber Elite team.

1. https://www.dia.govt.nz/Identity—What-is-identity-theft
2. https://www.cert.govt.nz/individuals/explore/online-identity-theft/?topic=online-identity-theft