eSafety: Identity theft & online scams

If your personal information is taken by the wrong people, it can be used to perform identity theft. Identity theft is a type of scam or fraud that includes using someone else’s identity to steal money or gain some other type of benefit. 

 

Common methods of identity theft 

• Phishing 

The scammer tricks you into giving your personal information to them. 

• Hacking 

The scammer gains access to your personal information by taking advantage of the security weaknesses on your device.  

• Remote access scams 

The scammer tricks you into giving access to your device and paying for a service you don’t need. 

• Malware & ransomware 

Malware – The scammer tricks you into installing software that allows them to access your files and track what you are doing. 

Ransomware – The scammer demands payment to ‘unlock’ files on your device. 

• Fake online profiles 

The scammer tricks you by creating a fake profile on a social media or dating site and sends you a ‘friend’ request. 

• Document theft 

The scammer gains access to your personal information through your unlocked mail or letter box, or from personal documents that you throw away such as energy bills, bank letter or medical records.

Scams are often done by email, phone or SMS. Some scammers have very professional looking emails, websites or call centres – they often look and sound like the real thing. 

 

Examples of common scams 

• Unexpected money 

The scammer tries to convince you that you have won or inherited some money and in order to access or receive this money you need to provide banking details or other personal information so they can access your money to steal it. 

• ‘You just got lucky’ 

Scammers may try to trick you into thinking you are a very lucky person and offer you the chance to invest in a new idea or product, again so they can gain access to your bank details to steal your money. 

• Fake charities 

Scammers can set up some very convincing websites, emails or calls to make them look and sound like real charities and then ask for donations or bank details to steal your money. 

Before making a donation make sure to check the organisation and that they are real. Check the domain name and that the address follows the format of charityname.org or charityname.org.au 

• Dating scams 

Scammers begin an online romantic relationship with people over the time span of weeks, months or even years. They will tell you they are love in with you, often quite early in the relationship, and show great interest and attention in you – often calling, emailing, and messaging frequently. They might tell you that they want to visit you but don’t have enough money for the plane ticket. Or they might ask for you to buy them goods or services for them. These relationships can seem very real but often they are using you and your stolen money for criminal activities. 

• You receive a random email, text or phone call asking you to ‘validate’ or ‘confirm’ your personal details by clicking on a link or opening an attachment. 
  • Before you click on a link in an email, social media post or instant message, hover over that link to see what the actual web address looks like (this is usually shown at the bottom of the browser window). If you do not recognise or trust the address (it has too many random letters and numbers; it does not begin with https://), don't click on it.
  • The message usually has grammatical errors and is poorly written. 
• You receive a random pop-up on your device asking if you want to allow a software to run. 
• You receive a ‘friend’ request from someone you don’t know on a social media platform. 
• You receive bills, invoices or receipts for goods or services you didn’t buy yourself.

Phishing emails often direct users to enter personal information at a fake website which matches the look and feel of the real website.

 

Make sure that you check the text of the email, does it have:

• A generic greeting that doesn't use your real name e.g. Dear Customer 
• A sentence asking you to verify your account information e.g. we require you to confirm your details 
• Spelling and grammar errors and mistakes
• Suspicious links; try checking whether a link is safe without clicking on it. 

These emails tend to appeal to specific emotions as well, for example:

• Sense of urgency to make you act now so you don't have time to check and analyse the email content
• Sense of curiosity to make you click on links in the email
• Greed to make you think you're winning a large amount of money
• Lust to make you think you're receiving a service or product

Source: ECU Information Security.

Edith Cowan University takes the security of its information seriously.
It is important that we are able to detect and respond to threats as quickly as possible.

The best way to report these incidents is via the IT Service Desk.

If you wish to remain anonymous the following you can report directly to Information Security staff, not to the IT Service Desk.