Identity theftIn the news this week it was revealed that Australia Post customers have been exposed to identity theft. On Monday a Sydney Postal Centre worker was found guilty on four charges of mail theft. The worker was caught stealing credit cards and other sensitive information for criminal contacts. Investigators are unable to say how many people’s confidential details had been compromised, having only recovered four letters. We feature this story in full from news.com.au, and look deeper at identity theft, what criminals have to gain from it, and how you and your credit file may be at risk.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

An Australian Government survey on identity theft, released in June 2011 by then Attorney-General Robert McLelland, revealed 1 in 6 Australians have been a victim or know someone who has been a victim of identity theft. Identity theft can happen to anyone, and it seems even if you have no Facebook account, only a minimal online presence, answer no scam phone calls and don’t unnecessarily reveal your personal information, you can still be at risk, just by your mail being compromised.

This recent news story illustrates how easily this can occur:

Australia Post customers at risk of identity theft after sorter stole credit cards for criminal contacts

AUSTRALIA Post customers have been left exposed to potential scams and identity theft after a worker at a Sydney postal centre was caught stealing credit cards and other sensitive information for criminal contacts.

Investigators are unable to say how many people’s confidential details disgraced night sorter Morris John Lilio compromised, with only four letters he lifted recovered.

The 60-year-old had been working at the Waterloo facility since 2008 when he was nabbed on camera sneaking out eastern suburbs residents’ mail in August.

CCTV footage of his early-morning shifts revealed him repeatedly looking around the facility before slipping mail into his jacket sleeves and leaving the building for his morning break.

On the day he was arrested police seized several letters – one of which had a credit card inside it – all addressed to one Woollahra household hidden in a Gregory’s street directory inside a colleague’s parked car.

Detectives also found a series of text messages on Lilio’s two mobile phones, including some from earlier in the morning when officers swooped on the thief.

“If you ever want the guy’s signature he can get that also,” one message said, listing a man’s birthdate and phone number. “He said if he could get two really good GE (Money) or GO. Also can you please look out for tax return cheques.”

In an earlier message Lilio wrote: “That’s all I could get this morning. 2 and u got both. But send one of girls 2 pick up.”

“No good, reported stolen,” he was messaged back.

Lilio told police that people had asked him to do “things I don’t want to do” after he got involved with drugs, but he denied acting on their demands for stolen mail.

He later claimed in court that any letters seen in his jacket got there by mistake when he was putting it on for his break. But in Central Local Court last week, magistrate Mark Buscombe said Lilio’s explanation that letters had repeatedly got stuck in his clothes accidentally was “fanciful”.

He found Lilio guilty on four charges of mail theft, adding the former Australia Post worker had told police a series of lies and the text messages clearly showed he had been stealing mail for others based on the details they sent him.

Police admitted the bulk of the mail Lilio stole was never found and it was not known who he had passed the confidential material to.

Australia Post spokeswoman Melanie Ward said the organisation had a “zero-tolerance” to mail-security breaches and any workers implicated were immediately sacked, although she would not say what screening processes Australia Post had in place for its staff.

Lilio is scheduled to be sentenced next month.

Organised crime and Identity theft

The typical identity theft victim is an ordinary person, who just happens to have fallen prey to the vast criminal network which exists on the internet or elsewhere.

A leading commentator on technology issues, Stilgherrian warned people of the intricacies of identity theft in the modern age in his article ‘The real cyber criminals are no lolling matter:

“First, these crimes are committed on a vast scale. Criminal processes are orchestrated globally, automated, and supported by thousands of unwitting, disposable minions. If only a tiny percentage of people fall for scams, we’re still talking millions of dollars.

Second, the bad guys are good at this. Really good. Blaming the victims is inappropriate. “They had it coming to them”? Really? Third, it all connects up. Fifty bucks went missing from your credit card precisely because the number had been stolen from a poorly-secured online store. The legitimate website popped up the message from the fake anti-virus product because it, too, was poorly secured and had been hacked automatically by software that probed a hundred thousand websites one night.

Or, in the case of identity theft, when someone takes out $50,000 of loans in your name? That happens through the gradual accumulation of personal data. Your name and email address from a list stolen from a hacked website, cross-matched with your street address from another, your date of birth from a third, and so on.

These databases can contain millions of people’s details. They’re traded in shady online markets where people buy the pieces missing from the databases they already have, merge them, refine them, mark ‘em up and sell ‘em on until eventually there’s enough to turn it all into a credit application. It’s then laundered though “money mules”, people recruited in the belief they’re making money at home with just a computer.”

The story of this vast, global ecology of crime is both fascinating and real. So why isn’t it told?

Well, it’s a hard story to tell. Everything’s new and different. Imagine trying to tell the story a bank hold-up if you had to first explain all the pieces as if they were brand new. Bank. Money. Gun, Trigger. Balaclava, “OK, everybody lie down on the floor and keep calm.” Getaway car.

Global organised crime is a complex octopus. By the time you’ve explained the first sucker at the end of tentacle number one you’re up to the next ad break and everyone’s lost attention.

The Australian Crime Commission’s CEO, John Lawler revealed at a national conference for credit professionals in September that identity crime is a “key facilitator” for organised crime groups because it is an anonymous crime which can enable significant fraud.

“Every single person in this room and the various sectors and organisations that you represent are targets for organised crime,” he told the Conference.

“Criminals will exploit technology to not only carry out new crimes but commit traditional crimes on a much larger scale.”

The ACC estimates organised crime is currently costing the Australian economy at least $15 billion per annum – and that the impacts of this are significant and growing.

Mr Lawler says the amount of personal information requested and stored online, along with the growing popularity of social networking sites, provides organised crime with a larger pool of victims and data to harvest.

 “Organised criminals seek to conduct significant research on their intended victims and tailoring their operations to target weaknesses,” he says.

So whilst this Aussie postal worker has been caught out and that is indeed terrible – we need to take a step back and look at the bigger picture. Look at the machine he was feeding this information to. That’s the big issue. The real problem here. They can probably find many people like him to do what he did. There are probably many people willing to go through somebody’s rubbish bin for a few bucks, to steal mail out of letterboxes, to make some shady phone calls to get personal information, even to write up computer programs and online scams to trick people. Some of these fraudsters probably have no idea that they are potentially contributing to not just theft, but in the wrong hands full-blown identity theft at some point – where not only money is stolen, but credit and therefore a person’s good credit rating.

A life turned upside down

Recovering from identity fraud is never an easy task – and it can be fraud to the tune of a mere $300 which is as devastating to a victim’s ability to obtain credit in the future, as fraud of $300,000.  Creditors need proof the victim didn’t initiate the credit. But many people don’t know how the fraud eventuated, and even if they do there’s no guarantee they can recover their good credit rating – meaning they can be locked out of credit for the duration of the credit listing, which in the case of a default, is 5 years. Not to mention if there is a hefty debt to pay they are not responsible for.

Early intervention is critical

If you have ever had any type of scam or crime committed against you, the message is – be wary of what the real ramifications of that fraud could be, and take action to protect your credit file as well as your finances. Check your bank and credit card statements thoroughly – any suspect signs could mean you are at risk of identity theft. You should also order a copy of your credit report – which would indicate if your credit file has been misused or attempts have been made to obtain credit in your name.

Contact Police immediately and also alert your Creditors and the Credit Reporting Agencies which hold your credit file if you are at all suspicious of identity theft before it leads to fraud.

Image: nuttakit/ www.FreeDigitalPhotos.net