Photo: Frances Mocnik
Bina Brown
October 19, 2008

Taking pre-emptive action will ensure your personal details don't fall into the wrong hands, writes Bina Brown.

With many people posting or sending everything from their shoe size to their dog's name on the internet, it's not hard for someone to get enough details to assume an identity and commit fraud. Criminals require only your name, date of birth and address to create havoc.

Armed with the right information, fraudsters - operating online and in the real world - can travel under your name, use your credit card for a spending spree and siphon money out of your bank account. In a worst-case scenario, they could use your name and identity to commit crime.

According to a 2007 Australian Bureau of Statistics survey, 800,000 Australians experienced a form of personal fraud in the past year, with total losses of almost $1 billion.

More than 500,000 were victims of identity fraud, the majority of which was credit or bank card fraud followed by identity theft.

Then there were the 329,000 people who fell victim to at least one type of scam by responding to or engaging with an unsolicited offer including lotteries, pyramid schemes, phishing and related scams.The average loss was $2160 and that doesn't include the inconvenience and stress of proving one's innocence.

- CREDIT CARDS

Losing your credit card is the most obvious way to expose yourself to credit card fraud.

Another way is for scammers operating over the internet to use spyware or some other scam to obtain your credit card details. It is possible for them to steal your credit card numbers and the security code, which are all they need to buy things over the internet or the telephone.

According to SCAMwatch, a scammer who knows your PIN could get cash advances from an ATM using a "cloned" credit card, where your details have been copied onto the magnetic strip of another card.

Prevention The best way to stop anyone getting access to your credit card or bank account details is to never send money or account details to anyone you do not trust.

If you are paying over the internet by credit card, make sure the site you are using is secure. Look for the locked padlock icon on a website or "https" in the address.
Checking bank account and credit card statements will help identify any unexpected transactions.
Choose passwords that would be difficult for anyone else to guess.
Try to avoid using public computers (at libraries or internet cafes) to do internet banking.
Never send your personal, credit card or online account details through an email.

- SPYWARE AND KEYLOGGERS

Spyware (also called "malware") is a type of malicious software scammers try to install on your computer. As the name suggests, spyware programs allow people to spy on what you are doing on your computer - the websites you visit, the files you use and the details you store. Keyloggers are a particular type of spyware.

Keyloggers record secretly what keys you press on your keyboard and send this data back to the scammer over the internet.

Scammers use these programs to steal passwords such as online banking passwords. They may also use spyware to steal other personal information from you such as documents stored on your computer.

They use a wide range of tricks to get their spyware and keyloggers loaded on to your computer, such as tricking you into clicking on a link in a spam email they have sent, or visiting a website they have set up solely to infect people's computers. Other sources of spyware and keyloggers are free games or music you can download. When they are delivered in this way, they are sometimes called "Trojans" - a file that claims to be for some harmless purpose so it can get under your guard, but in fact contains a nasty surprise.

Prevention Installing software that protects your computer from viruses and unwanted programs - and making sure it is up to date - is one way to protect against spyware.

Another is not opening suspicious or unsolicited emails (spam) or clicking on a link contained in a spam email.

Clicking on pop-up boxes can allow spyware to be downloaded.

Detecting spyware can be tricky but giveaways are new icons appearing on your computer screen or if your computer is not as fast as normal.

- PHISHING

Phishing e-mails are those sent by criminals who want to steal your personal information.

The messages appear authentic and mostly purport to come from banks and legitimate businesses. They are designed to lure you into divulging personal data such as bank account numbers and passwords by your attempt to log on. Links within these fraudulent emails may also take you to fake or "ghost" websites that are designed to fool consumers. It may look like an authentic website, with logos and a homepage but it is in fact another way criminals steal your personal information.

According to the Australian Bankers' Association (ABA), most phishing emails do not address you by your proper name because they are sent out to thousands of recipients. They sometimes contain typing errors and grammatical mistakes, even if they include the banks' registered logos.

Prevention: No one should ever provide personal details, including customer ID or passwords, in response to any email.

The banks have spent years assuring customers they will never ask for private passwords.

The best way to deal with a link or attachment in an email that purportedly sends you to a bank's website is to delete it. Never click on it.

A really obvious red flag is if you get a message claiming to be from a bank you don't even have an account with.

Bank statements should be checked regularly for any transactions that look suspicious. You should immediately report to the bank any transactions not made by you.

Software that filters spam email will generally filter phishing emails.