Security

Identity theft: a personal and organisational threat

Share this post:

Author: John Martin, Senior Security Architect, IBM New Zealand

Identity theft is a growing phenomenon, affecting as many as 133,000 New Zealanders annually at a cost to the economy of as much as $209 million every year1.

Typically, identity theft is used to perform financial transactions using accounts in another person’s name. These can be making purchases using a credit card number or taking out a loan for a car. Less commonly, it is used to obtain medical insurance, file fraudulent tax returns, impersonate another individual during an arrest, open phone or wireless services, or even attempt blackmail.

But the impacts of identity theft go beyond the personal – it’s also the easiest way for criminals to gain access to networks and data. Once a malicious actor has the identity information of a member of your organisation, they can target it with phishing or ransomware attacks.

By taking precautions and addressing common risks, users can thwart cybercriminals in both their personal and professional lives.

Simple steps to protect your identity

Personal identity information can be stolen by rummaging through rubbish for sensitive documents, infiltrating organisations that manage large amounts of personal data, or hacking into computer systems.

You can fight identity theft by taking the following precautions2:

  • Never give out personal or financial information over the phone or in an email. Beware of phishing scams, where a pop-up message or email asks you for personal or financial information.
  • Always use strong passwords that are at least eight characters long and contain numbers and special characters (like: $, %, &), and that do not contain a word found in the dictionary. Or use password phrases, which are longer sequences of words. Change your passwords frequently and never share them.
  • Use a password manager to store and protect your passwords.
  • Use anti-malware software daily. It can help detect spyware, which is software installed on your computer (often without your knowledge) that collects information about you.
  • Avoid using software downloaded from unknown websites or peer-to-peer file-sharing services. Also avoid software that claims to be a game, a screensaver, collects information for ‘marketing purposes’ or promises to ‘accelerate your internet connections’. These programs may contain spyware.
  • Shred credit card receipts, junk mail, and other documents with sensitive personal or financial information. Never leave these types of documents exposed in a public space (such as an office desktop).
  • Never make personal information about yourself (like your birthdate, place of birth, family members’ names) publicly available on social networks like Facebook or websites like Google. This information can be easily found by search engines and used to help perpetuate identity theft against you.

If you’re concerned, you may be the victim of identity theft, use the DIA checklist, or raise an Incident Report with the CERTNZ.

And to find out more about protecting your organisation from identity theft, talk to a member of our Cyber Elite team.

  1. https://www.dia.govt.nz/Identity—What-is-identity-theft
  2. https://www.cert.govt.nz/individuals/explore/online-identity-theft/?topic=online-identity-theft
More Security stories

Whaling: a new front in cybercrime

Author: John Martin, Senior Security Architect, IBM New Zealand Earlier this year, the head of a UK-based energy firm received a call from the CEO of his German parent company. The CEO gave him an urgent directive, instructing the UK executive to send funds to one of the company’s suppliers in Hungary within an hour. […]

Continue reading

Keeping privacy front of mind

Author: John Martin, Senior Security Architect, IBM New Zealand A colleague was telling me recently that he and his wife had been idly viewing an open house on the weekend. It was a routine, everyday moment – but then something caught his attention. The estate agent was using an iPad to allow visitors to register […]

Continue reading