Identity Theft - Latest Warning From Scamwatch Regarding

The latest warning from Scamwatch regarding identity theft.

Perhaps the website would be more appropiately named “Scumwatch”.

2 Likes

Another article regarding identity theft.

I expect thet “Sylvia” could rectify the problem of not being able to change her driver’s licence by moving interstate for a while and getting a new licence, and presumably then getting a new licence number if she moves back to WA.

But what a disgraceful situation thet a recalcitrant state government will not assist their citizens.

image

1 Like

I never knew about this and it is possible something the State and Territory Governments need to explore, if it provides a quick fix to prevent identity theft in the situation where a licence is lost or stolen. One already pays for a licence replacement, so any costs associated with having a new licence number could be covered by such payment.

If the banks/credit car companies can do it for credit/debit cards, then it should be possible for the government to implement such changes.

3 Likes

A follow-on article by the same ABC journalist regarding her own experience with identity fraud.

Almost scammed by a grub just released from prison who probably learned nothing from his stay other than new ways to steal.

image

1 Like

One of the worst cases of identity theft that I have heard of was the horrific experience of a Sydney resident some years ago when a police officer operating a speed trap rang him on his home phone after 1:00AM, claiming that he had just passed the speed trap at an extremely high speed and that if he did not return to the site immediately, he would come around and punch his lights out.

The victim asked for time and the location of the alleged offence and the details of the vehicle, and when told, he queried how he could possibly have been there when his home more than an hour away.

It turned out that the vehicle in question was a new HSV sedan bought on finance in the victim’s name but that was just the start of his nightmare as multiple fraud cases came to light and he was left fighting to try to clear his name and rebuild his life and credit rating.

I am pretty sure from memory that the colour of HSV sedan was red because red cars go faster but I don’t recall the other specific details other than noting that if the speed trap operator had tried to arrange for the crimminal to be intercepted instead of threatening an innoncent victim in the middle of the night. the victim’s problems may have been resolved earlier and more easily, as well as possibly ensuring that the crimminal did not kill anyone during his illegal escapades.

1 Like

Another article regarding identity theft, albeit with appaling grammar mistakes.

2 Likes

I noticed that AusPost advised the use of PO boxes. Many deliveries will not be made to PO boxes thus negating that advice… I think that part was a small bit of opportunity on AP’s part to perhaps increase revenue, I may be very wrong on that of course.

3 Likes

An article regarding Barclays Bank warning parents about the risks of posting information online regarding their children.

2 Likes

An article regarding a syndicate of online fraudsters.

1 Like

An article regarding someone easily obtaining Tony Abbott’s personal details.

An article regarding crimminals not only ransacking and stealing an Airbnb host’s property but also stealing her identity.

https://9now.nine.com.au/a-current-affair/airbnb-warning-property-owner-no-longer-feels-safe-after-being-targeted/5874d61a-f613-4598-bced-005b9c465b61

1 Like

Another article regarding a case of identity theft.

https://9now.nine.com.au/a-current-affair/aussie-man-messaged-over-social-media-about-identity-used-online-dating-scam/2d03264b-e7a5-4f44-8a5c-8867c3e35a55

An article regarding a woman who was a victim of identity theft.

https://9now.nine.com.au/a-current-affair/australian-tracks-down-identity-thief/2818baa3-28ae-483a-9f6b-32deff295c56

A new dimension in identity theft: Experts say AI scams are on the rise as criminals use voice cloning, phishing and technologies like ChatGPT to trick people - ABC News

From time to time people talk about baiting the scammers (scambaiting) and I have heard some very amusing recordings of that but scambaiting now seems riskier. A scammer can buy your name, phone number and other details online and then call you up on some scammy pretext, recording the phone conversation. If 3 seconds is all it takes (per the above article) then scambaiting will give them a lot longer than that. So now the scammer also has your voiceprint.

So (suggestion): don’t scambait.

Do what I do: Press 1 to talk to a human scammer, and then remain silent when the scammer answers, until the scammer gives up and hangs up. Wastes a bit of their time, without handing over your voiceprint, and still has plausible deniability (phone system malfunction) if someone in the scam organisation gets pissed off.

Several points out of that article.

The Guardian’s investigation suggested the “voiceprint” security systems used by Centrelink and the Australian Tax Office (ATO) — which have used the phrase “In Australia, my voice identifies me” — could be fooled.

I have always declined to participate in the ATO’s voiceprint system. That is even more justified now.

The ATO said it was “very difficult for someone else to mimic your voiceprint and access your personal information”.

That seems naive to me, if not outright contradicted by the previously quoted paragraph. Sure it may be “very difficult” but something that is “very difficult” today has a habit of becoming easier over time. These days ransomware (etc.) kits are available off the shelf. A criminal entity might not have the technical expertise to set up the “AI” but they will have the nous to buy one online.

I listened to the AI-generated voice and it didn’t sound very natural. However it only has to fool the ATO’s or Centrelink’s or …'s voiceprint system. The technology will of course get better.

So (suggestion): don’t use voiceprint.

As a consumer, decline to participate.

As a company, don’t bother to set it up - or if you have already done so then plan for phasing it out and replacing it with something better.

As a voter in the 2025 Federal Election … don’t believe everything you hear with your own ears. :wink:

1 Like

As consumers we all make choices.
Noted what is being said sounds like a direction rather than a suggestion.

What could be?
The voiceprint is just one of several layers of personal identification required when accessing the services by phone. There are many, mostly older Aussies or those with other needs unable to use other than voice. There are also the times when online just cannot deliver. It’s likely many will continue to use the Voiceprint security option until such time as there is a change in the service, or hard evidence it is an unacceptable risk.

There are so many other concerns around the security and retention of personal information requiring immediate attention. Agree we need to be mindful of what might be next and to ask what will provide adequate protections.

Fair enough. I edited for clarity.

That’s fine. As I understand it, the ATO only uses voiceprint identification for authentication when you call up on the phone (so “online” should have no applicability here). If you decline to use voiceprint identification then the ATO uses traditional, even easier, authentication (that shouldn’t be a problem for older Aussies). No web site. No password. No 2FA. No app. No RSA token. None of that new-fangled ****.

I am a semi-regular caller to the ATO and have always declined voiceprint identification. So I get to experience what the ATO is offering as an alternative reasonably often.

Yes, it wasn’t obvious to me whether The Guardian is claiming … no ifs, no buts, we have compromised the ATO voiceprint identification. Or they are claiming something slightly weaker. The language is unclear.

Even so, by declining to participate, I have protected my identity for the day, that may already be in the past, when voiceprint id is compromised.

It occurred to me, LOL, that this attack can work even if you don’t answer the phone - because the scammers can use your answering machine / mobile voicemail to get 3 seconds of your voice i.e. in the greeting message.

Ah, well, that’s a much bigger question. Risk from whose perspective? Are they good judges of risk? Is the execution of their security measures as good in practice as it is in theory? (These questions are not specific to the ATO - and apply to any company / government agency that is assessing risk but some of the risk is on you.)

In my experience, yes, but … for a start you can assume that your TFN is already available on the web. There will be millions of Aussie employees where that won’t (yet) be true but there will be a great many where it is already true. So best to be conservative.

Obviously date-of-birth is dead in the water.

Have you yourself authenticated to the ATO using voiceprint identification?

Appreciate the clarification and edit. Thank you.

Yes, along with TFN, and possibly one’s home address. One can’t even be certain their DL number, or even Passport number have not been leaked at some time. Since I’ve a new recent PP and number I could feel secure, however that relies on those organisations holding it realising the old one has expired and to not accept the old number.

A great point, considering how easy it is to authenticate personal ID to a variety of service providers. Includes council, electricity and internet providers. Several others typically financial providers have added 2FA, secret question and answer or lock actions subject to certified documentation being sent in support. Is there a simple universal solution? I’m on the fence with a centralised Govt ID system. I’m wondering if Apple and Google expect their ‘secure’ wallet type Apps to be the universal solution?

Yes, noting it is only one part of the identifying details required. Depending on whether the call has been more an enquiry or major transaction the greater the details requested by the ATI rep through the call.

1 Like

Interesting stats

How much was lost in 2022:

  • Investment scams: $1.5b
  • Remote access: $229.2m
  • Payment redirection: $224.9m
  • Romance scams: $210.2m
  • Phishing: $157.6m
  • Other: $784m

Source: Australians lose record $3.1 billion to scams in 2022, as ACCC calls for tougher measures - ABC News which in turn credits " ACCC Targeting Scams report ".

As statistics, it is concerning that “other” is in fact the second largest category. Does this mean that it is a mass of different types of scam but no individual type reaches $157.6m?

Anyway, the message is very clear: By far the most lucrative scam for the scammers is “investment scams”. So if you are thinking of investing in something that you found out about via voice call, text message, social media, … always remember things like:

  • Ask yourself: Is it a scam?
  • If it seems too good to be true, it probably is.
  • How much do you know about the other party?
  • How much of that is independently verifiable?
  • Have you talked to someone else about this investment?

This is on top of the things that you should think about whenever making an investment (even when it’s all completely legitimate).

3 Likes