Commonwealth logo, ACCC Logo and Scamwatch banner

SCAMwatch homeIdentity theft

Identity theft

What is identity theft?

Identity theft occurs when someone steals your personal information to use it for illegal purposes. It is now one of the most common crimes in Australia, and can lead to various forms of identity crime.

Scammers will go to great lengths to steal your personal details to commit fraudulent activities such as making unauthorised purchases on your credit card, or using your identity to open accounts such as banking, telephone or energy services, take out loans or carry out other illegal business under your name. They may even sell your information to other scammers for further illegal use.

You may not know you have had your identity stolen until you check your bank account, or find out that your credit rating has changed.

Having your identity stolen can be both financially and emotionally devastating. It can take months to reclaim your identity and the impact of having it stolen can last for years.

How do scammers steal someone’s identity?

Identity theft can take place in a range of ways, from crude methods to well organised, sophisticated scams.

Many of us have a wealth of personal information readily available; cards in our wallet, mail, public records, information saved in our computers and information posted on social media or blogs.

If you don’t take steps to keep this personal information secure, scammers can easily find it. For example, scammers will pay people to rummage through rubbish tips and steal letters (‘dumpster diving’) to collect personal information. A determined scammer will also use cunning, sophisticated methods to trick you into providing your personal details. For example, scammers may:

  • Send you an email or text message that looks like it comes from a trusted source such as your bank, telecommunications provider, a government department or charity organisation. Known as phishing scams, these emails are all about tricking you into handing over your personal and banking details to scammers.
  • Send you a phoney fraud alert. This is a specific phishing scam in which the scammer pretends to be from your bank or some other service provider, and informs you of a technical problem.
  • Telephone you out of the blue claiming to be from a telecommunications supplier,  computer company or  technical support service provider. They will tell you that your computer has a virus or some other technical problem they can assist with. They will request remote access to your computer and if you say yes, they will pretend to scan your equipment and claim there is a problem such as a virus.
  • Hack into your online systems or networks by guessing your passwords or using malicious software installed through a phishing technique. This enables them to steal detailed personal information for fraudulent purposes.
  • Set up a fake competition or survey and post it on social media or send you an email, inviting you to complete an online form that asks for your personal details.
  • Set up a fake social media profile or online dating profile and send you a ‘friend’ or ‘connection’ request.
  • Hack into your mobile device or online bank account while you are using a public Wi-Fi service.
  • Create ads for bogus job opportunities, usually posted on job websites. The scammer may use or sell your personal information provided in the job application.
  • Access the information on your electronic devices through bluetooth or Wi-Fi networks

Warning signs

  • You get an email, SMS or a phone call out of the blue asking you to ‘validate’ or ‘confirm’ banking or financial details. Alternatively it may be disguised as a survey, an electronic newsletter or a promotional catalogue, and ask you to click on a link or open an attachment.
    • If via the telephone, the caller pushes you to provide personal information and discourages you from checking if it is a genuine request.
    • If via an email or other electronic message, the note contains grammatical errors and is poorly written.
  • You get a prompt or warning on your computer or mobile device asking if you want to allow software to install or run.
  • You get a ‘friend’ or some other connection request from someone you don’t know on social media.
  • You are invited to enter a competition for a free laptop or other enticing prize on social media.
  • You notice that amounts of money go missing from your bank account without any explanations.
  • You are unable to obtain credit or a loan because of an inexplicably bad credit rating.

Protect yourself from identity theft

Watch out for scams - scammers target you anytime, anywhere, anyhow.

Be wary of any request for your details or money

  • If you receive a call from your bank or any other organisation, do not provide your personal, credit card or online account details—instead ask for their name and a contact number.
    • Use the phone book or an online search to get the organisation’s contact details and check whether the request was legitimate.
  • If you receive an email or other type of electronic message out of the blue, never click on links or open attachments – you could be exposing yourself to harmful computer viruses or malware.
    • Instead, verify the identity of the contact by calling the relevant organisation directly – find them through an independent source such as a phone book or online search.
  • If the email asks you to confirm, verify or update personal information, don’t respond – just press ‘delete’.
  • Do an internet search using the names or exact wording of the letter or email to check for  any references to a scam – many scams can be identified this way.
  • Never send money or give credit card, online account details, or copies of important personal documents to anyone you don’t know or trust and never by email.   
  • Avoid any arrangement with a stranger that asks for up-front payment via money order, wire transfer or international funds transfer. It is rare to recover money sent this way. 


You should never use the contact details provided in the original request. Always take your time and get independent advice if you are unsure whether an offer or request is genuine. Seeking a second opinion from a family member or friend can be helpful. If you are still unsure about whether an offer or request is genuine, seek professional advice from your bank, an accountant or lawyer.

A legitimate bank or financial institution will never email you asking you to follow a link or asking you for personal details.

All Australian government department websites address end with  ‘’.

Keep your personal details secure


  • Be very careful about how much personal information you share on social network sites. Use privacy settings to ensure your personal information is only accessible to people you know and trust, and regularly reset your passwords.
  • Take extra caution when sharing your personal details such as date of birth, home address, tax file number or driver’s license numbers - these are your unique identification records that are often used to verify who you are.
  • Choose your passwords carefully. Passwords are often the only barrier between scammers and your valuable information. Set and use strong passwords which are difficult to guess and change them regularly, especially when online banking. A strong password should include a mix of upper and lower case letters, numbers and symbols. Don’t use the same password for every account/profile, and don’t share your passwords with anyone.
  • Log directly onto websites you are interested in rather than clicking on links provided in an email.


  • Put a lock on your mailbox to ensure that your postal mail is not accessible to others
  • Shred all documents containing personal information, such as bills, credit card applications and bank statements before throwing them out.
  • Keep your credit card and ATM cards safe. Do not share your personal identity number (PIN) with anyone. Do not keep any written copy of your PIN with the card.
  • Regularly check your bank account and credit card statements to ensure that suspicious transactions are detected. If you see a transaction you cannot explain, report it to your credit union or bank.
  • Get a copy of your credit report:  Your credit report contains information on your credit history. You can get a free copy of your report every year to check that no-one is using your name to borrow money or run up debts. Find out how to get your free credit report on ASIC's MoneySmart website.

Keep your computers and mobile devices secure

  • Be careful what information you store on them.
  • Don’t share access with others (including remotely).
  • Change passwords regularly, update security software, keep it up to date and back up content.
  • Don't use software on your computer that auto-completes online forms. This can give internet scammers easy access to your personal and credit card details.
  • Secure your Wi-Fi network.
  • Avoid using public computers or Wi-Fi hotspots to access or provide personal information.
  • When you update your computer or electronic devices, take steps to ensure that the data in your old device is not available for scammers to access.

Report them

If you think your identity has been misused, you should immediately contact your bank or credit union to let them know.

You can also report a scam to SCAMwatch or contact iDcare, a free government-industry service which works with you to develop specific response plans to your situation to reduce risk and impact.

Tell your friends and family about the scam so they know what to look out for.

More information

Stay Smart Online
Protecting your identity

Printer friendly
Quick links

© Commonwealth of Australia 2015