MyCRA Specialist Credit Repair Lawyers

Tag: fraudsters

  • Identity theft at their fingertips: Fraudsters and Social Media

    Media Release

    Identity theftIdentity theft at their fingertips:

    Fraudsters and Social Media

    5 June 2014

    As identity theft numbers increase in Australia, a consumer credit advocate shows how easy it can be for fraudsters to commit identity theft using social media, warning there are too many Australians disregarding their personal information, and leaving themselves wide open to identity theft and credit rating misuse.

    Graham Doessel, who is a Non-Legal Director of MyCRA Lawyers, a firm focused on credit dispute, says social media users who don’t opt in and maintain strong Privacy settings are ‘sitting ducks’ for fraudsters.

    “Fraudsters are trolling Social Media and other internet sites right now, looking for those consumers who are free and easy with their personal information,” Mr Doessel warns.

    “If you don’t strengthen your Privacy settings you run a grave risk – it’s not just the risk of having your account hacked, it’s the risk of having your identity stolen and having crime, including credit fraud, committed in your name.”

    Mr Doessel says the reason Facebook and other social media are so tantalising for fraudsters, is because many of the building blocks for identity theft are laid out.

    “If your Privacy settings aren’t secure your personal information is right at the fingertips of fraudsters,” he says.

    In order to obtain a birth certificate in Australia, a full name, date of birth, father’s name, mother’s maiden name, place of birth, and residential address are required.

    Mr Doessel says this can all be freely available on many social media profiles.

    “The other day I went on to a popular social media site, to see how easy it could be to obtain information. The frightening thing is, within five minutes of browsing a ‘random’ name, I was able to get four points of the information required on this person, and have a pretty good guess at the fifth. By simply changing the address, a fraudster could have a red-hot go at obtaining a birth certificate in this person’s name,” he says.

    Mr Doessel says other random browses proved to be similarly forthcoming, particularly amongst men using social media.

    “Women seemed to safeguard their information much better than the men I came across, begging the suggestion that women are much savvier when it comes to social media Privacy,” he says.

    His warnings come as part of Stay Smart Online Awareness Week 2014, a national education campaign aimed at helping Australians using the internet understand the simple steps they can take to protect their personal and financial information online.

    “We are raising awareness of some simple ways Australians can stay smart with their credit rating. Smart Facebook and other social media use have got to be number one,” he says.

    He is urging Australian users of social media to take some simple steps to protect the privacy of their profiles:

    Staying Smart on Facebook

    1. Don’t share too much, remember your personal information is valuable – and often once you’ve posted something online – it’s permanent.

    2. Install and maintain strong Privacy settings on social media.

    3. Change passwords regularly and use different passwords for different sites.

    4. Put a password on your mobile device.

    5. Don’t ‘friend’ someone you don’t know.

    6. Be wary about the type of requests, emails and attachments you click on.

    According to a recent Australian Institute of Criminology Identity crime and misuse survey, identity theft has increased to 1 in 10 Australians affected. 14 per cent of those victims were refused credit as a result.

    “Identity theft can lead to loans or other credit being taken out in the victim’s name, and often the victims don’t even know they’ve succumbed to identity theft until they’re refused credit themselves,” Mr Doessel says.

    He says recovery can be painstaking because the victim needs to prove they didn’t instigate the credit in the first place, but often necessary due to the victim being locked out of credit for between 5 and 7 years.

    “Identity theft can be really hard to prove, especially if the victim has no idea how their personal information was obtained in the first place. Police reports and large amounts of documentary evidence are generally required to substantiate to creditors the case of identity theft, but to those experiencing this, it’s a point worth fighting for,” he says.

    /ENDS.

    Please contact: Graham Doessel – Non-Legal Director MyCRA Lawyers Ph 3124 7133

    Lisa Brewster – Media Liaison MyCRA Lawyers media@mycralawyers.com.au

    www.mycralawyers.com.au www.mycralawyers.com.au/blog  www.mycralawyers.com.au/mediacentre

    MyCRA Lawyers 246 Stafford Rd, STAFFORD Qld Ph 07 3124 7133

    About MyCRA Lawyers: MyCRA Lawyers is an Incorporated Legal Practice focused on credit file consultancy and credit disputes. MyCRA Lawyers means business when it comes to helping those disadvantaged by credit rating mistakes.

    Image: Gualberto107/ www.FreeDigitalPhotos.net

  • 1 in 12 Australian credit ratings threatened by identity theft.

    Media Release

    Identity theft1 in 12 Australian credit ratings threatened by identity theft.

    24 October 2013

    A survey conducted for the Attorney-General’s Department reveals Australian credit ratings are under increasing threat from ballooning identity theft numbers, and a consumer advocate for accurate credit reporting warns victims can pay heavily, with many locked out of mainstream credit for years.

    CEO of MyCRA Credit Rating Repair, Graham Doessel says when fraudsters take out credit in their victim’s name they can leave a trail of destruction on the victim’s credit file.

    “Fraudsters are never so kind as to pay the credit back. Defaults can then mount on the victim’s credit rating and hinder the victim’s ability to obtain credit in their own right,” Mr Doessel says.

    He goes on to say that “unless the victim can prove they didn’t initiate the credit in the first place, these defaults stay on the credit file for the term, which is five years.”

    The warnings come following the release of the ‘Identity Theft Concerns and Experiences‘ survey conducted by Di Marzio Research for the Attorney-General’s Department. (1)

    The survey found that identity theft had increased by a massive 40 per cent from 2011 to 2012 to almost one in four Australians having been a victim or known somebody who has been a victim of identity theft.

    It also showed 31 per cent of those victims had had their identity used to obtain finance, credit or a loan. This is an increase of 5 per cent from the previous survey in 2011.

    These figures correlate to almost one in every twelve Australians being victims of identity fraud which has had the potential to impact their credit rating.

    Mr Doessel says pieces of personal information are the building blocks for credit file misuse.

    “People can lose personal information in many ways, and they may be unaware of how or when it has occurred – particularly if it has happened via malware or even through too much sharing online,” he explains.

    “Sometimes it’s not until the victim applies for credit and is refused that they find out they have been exposed to identity fraud, and by then it may be too late to trace how it took place.”

    The survey pinpointed the private sector (Credit Providers such as banks and telcos) as providing victims with the most help with recovery, at 48 per cent – followed by Police at 32 per cent. Interestingly the government was cited as providing only 8 per cent of help with recovery, and 18 per cent of people had no help with recovery.

    But Mr Doessel warns that whilst Credit Providers may be able to help with reimbursing some identity theft victims, those that end up with defaults may not be so lucky.

    “It’s not a simple case of being ‘reimbursed’ for credit file misuse under the Credit Provider’s insurance. It is a slow and difficult process to try and recover a good name which has been tarnished,” he says.

    Mr Doessel says preventative measures centre around the safeguarding of personal information.

    “Get up to speed on the ways that fraudsters could misuse your personal information or your credit rating. Put as many preventative measures in place as possible, so that you have the least possible chance of becoming a victim.”

    “Also, check for credit file discrepancies. We recommend people regularly obtain a copy of their credit report to ensure that everything on their file is as it should be. That way if there are any problems, they can be rectified while there is no urgency,” he says.

    Under current legislation a credit file report can be obtained for free every 12 months from the major credit reporting agencies Veda Advantage, Dun and Bradstreet and TASCOL (if in Tasmania) and is sent to the owner of the credit file within 10 working days, or for a fee it can be sent urgently.

    Mr Doessel adds, Australia needs to create a culture of transparency when it comes to combatting this crime.

    “Talk, talk, and talk some more, about what you know about identity theft.  If you’re a victim – tell others about your story. In particular, talk to young people who might not fully understand the consequences of giving away their personal information and also talk to older people – who may be less tech-savvy and more vulnerable to predators,” he advises.

    You can find more information on identity theft on the Attorney General’s Website http://www.ag.gov.au/identitysecurity.

    /ENDS.

    Please contact:

    Graham Doessel – CEO Ph 3124 7133

    Lisa Brewster – Media Relations media@mycra.com.au

    Ph 07 3124 7133 www.mycra.com.au www.mycra.com.au/blog

    MyCRA Credit Repair 246 Stafford Rd, STAFFORD Qld

    MyCRA is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

    (1) http://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity%20Theft%20Data%20Survey%20Report%202012%20[PDF%205.3MB].pdf
    Unsubscribe me from this list

    Image: Victor Habbick/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Watchdog criticised over lack of prosecutions for fraudsters and identity thieves

    Identity theftPeople are starting to get angry over scams and identity theft. As anyone with a computer, a telephone or who banks would know – the attempts to steal our financial information, or to scam us online are getting more and more frequent, but it seems the prosecutions are not increasing. We examine Michael Pasoce’s controversial opinion piece from todays The Age. The piece refers to criticism that the Australian Competition and Consumer Commission and Police are ignoring 99.9 per cent of scamsters.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Michael Pasoce’s article Watchdog lacking any bite as scammers fleece us is pretty damning of the ACCC and the Australian Police, and their lack of ‘bite’ in matters of prosecution of fraudsters. Here is an excerpt from Pascoe’s article today:

    “The ACCC doesn’t even try to lumber fraudsters and scam artists – it just hopes to “disrupt” them with a little education of us mugs. Education is indeed a good thing and that deserves a tick, but locking up the very nasty little perpetrators wouldn’t be a bad idea either. They’re not even trying.

    Responsibility for that of course should be shared with the various police fraud squads – but they are rather hopelessly under-manned, under-skilled and really only interested in the big stuff, preferably if it’s rather simple, old-fashioned fraud.

    Many of the online and telephone con artists are based overseas, but there are plenty of low-life locals as well. Successful fraudsters keep their jobs relatively small and remain mobile. That way the police and ACCC won’t bother taking an interest, even when a case is handed to them on a platter.

    At last month’s Retail World conference (disclosure: I was paid to chair it), online retailers told how completely frustrated they were in trying to get any authority to take action over fraud.

    For example, a fridge is purchased online by someone using a credit card. Fridge is delivered. The owner of the credit card phones his or her bank claiming they did not authorise the purchase – perhaps claiming a child used the card without permission. The bank refunds the money to their customer and hits the retailer with a charge-back. In the words of the Queensland Police website, the retailer then becomes the complainant – nearly all the time, police don’t want to know about it.

    What’s more, from the same website: “If the cardholder is reimbursed for the loss, financial institutions have agreed that they do not require the cardholder to report the matter to police for investigation.”

    The banks are treating this sort of fraud as merely a cost of business. The retailers are getting nothing in return for their merchant fees.

    A major online white goods retailer told me one of the fraudsters tried to hit them a second time. The retailer attempted to interest the local gendarmes in catching the thief in the act – but they weren’t interested.”

    Pascoe argues that the supposed authorities have been overwhelmed by this class of crime.

    “The law is too complicated in dealing with it, the manpower to tackle it is not forthcoming, there is yet again no sign of anyone having fire in the belly, a desire to kick heads. The scumbags who prey upon the gullible effectively have a free hand to go forth and defraud while police will visit a pop star’s hotel room to inspect a half a joint,” he says.

    So if it all too complicated – is the argument still there for reporting scams and other forms of identity theft to Police or other authorities even if no monies are lost?

    Absolutely. Without reporting, authorities won’t have any idea of the scale of the problem, and that is the first step towards fixing it. I have long been of the belief that not requiring the reporting of fraud which has been reimbursed by banks is exacerbating the problems in this area. The thing is, all of these small instances may just be a drop in the ocean, but they could all be drops from the same source.

    Was Pascoe right to call to task the authorities over a lack of prosecutions in this area?

    Absolutely. It is important that we apply pressure to government and to Police, to find a way to locate and prosecute fraudsters, or to justify why they can’t.

    In reality, prosecutions can be difficult simply because of the global nature of this crime. Small time fraudsters may be doing all of the leg work here – and on selling the information to global syndicates. Or fraudsters may be able to buy personal information obtained by international fraudsters and use it to obtain credit in Australia. It is a tangled web – but it’s one we should be throwing time, money and resources into now and in the future.

    Identity theft and your credit file

    Cyber-crime can be perpetrated by stealing the personal information of individuals, generally through obtaining it via virus software known as ‘malware’ or by phishing scams which appear to be genuine companies asking for personal details which can then be used to generate fake identification. Then the fraudster will go about taking out credit in the victim’s name. If the theft goes undetected, the fraudster can be racking up thousands of dollars in debt in the person’s name. This is when identity fraud affects the victim’s credit file. When this happens, it is not only the victim’s bank accounts that can be affected, but more importantly their ability to obtain credit in the future.

    In Australia, if a credit file holder fails to make repayments on credit past 60 days, then a default can be placed on their credit file by the creditor. This default remains on the credit file for 5 years, and can severely hinder their chances of getting credit once it is placed. For the identity theft victim, this can leave them severely disadvantaged for 5 years, and unable to take out legitimate credit. The only way they may be able to restore their good name is through lots of hard work proving to creditors they did not initiate the credit.

    For information on preventing identity theft, and help with repairing a credit rating following fraud, contact MyCRA Credit Repair, or call tollfree 1300 667 218.

    Image: Victor Habbick/ www.FreeDigitalPhotos.net

  • Gamers: cheating could cost you your credit rating

    If you or someone in your family is a gamer, then you would be familiar with gamershacks. Hacks and cheats are designed to give a gamer help with a game by allowing them to download useable software for assistance. But security company, AVG says downloading hacks could open up a can of worms not only for the gamer, but for anyone else that uses the computer, because you have probably also just downloaded Malware. We look at how this occurs, what Malware does and what the risks are for your personal information and  your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au

    Antivirus vendor AVG has issued a warning to gamers following research which suggests that more than 90 per cent of ‘hacks’ available online contain some form of malware or malicious code.

    Hacks and cheats are commonly incorporated into games; however, the sheer popularity of online multiplayer games has made gamers prime targets for cybercriminals.

    “The research suggests more than 90 per cent of hacks, cracks, patches, cheats, key generators, trainers and other downloadable game tools contain malware or executable code.

    These hacks are commonly delivered via unregulated torrents and file sharing sites, an easy vector for malware.

    Malware inadvertently downloaded with hacks can give attackers easy access to your online gaming account as well as other sensitive information such as online banking details, personal data and passwords for other online services,” Stay Smart Online recently advised.

    They advise gamers to only download patches from the game’s official site, and to avoid any unofficial software. They also recommend:

    Always be suspicious of any files downloaded from torrents and file sharing websites.

    Ensure you always have up-to-date security software installed on your computer.

    Use unique account logon and password information for each of your online gaming accounts (and every other online service you use).

    What is ‘malware’?

    Malware— is short for ‘malicious software’. It is a type of malicious code or program that is used for monitoring and collecting your personal information (spyware) or disrupting or damaging your computer (viruses and worms). Stay Smart Online explains in more detail:

    Spyware

    The term spyware is typically used to refer to programs that collect various types of personal information or that interfere with control of your computer in other ways, such as installing additional software or redirecting web browser activity.

    Examples of spyware include:

    Keyloggers  

    A keylogger is a program that logs every keystroke you make and then sends that information, including things like passwords, bank account numbers, and credit card numbers, to whomever is spying on you.

    Trojans

    A Trojan may damage your system and it may also install a ‘backdoor’ through which to send your personal information to another computer.

    Viruses and worms

    Viruses and worms typically self-replicate and can hijack your system. These types of malware can then be used to send out spam or perform other malicious activities and you may not even know it.  Both can use up essential system resources, which may lead to your computer freezing or crashing.  Viruses and worms often use shared files and email address books to spread to other computers.

    malwareMalware and your credit file

    If fraudsters can get their hands on your personal information they can steal passwords to not only the gaming site, but also to the bank or credit accounts of anyone who uses that computer.

    They can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents (identity theft), and apply for credit in your name (identity fraud).

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties –you may have a stack of credit defaults against your name by the end of their ordeal – and sometimes no proof it wasn’t you that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases you may have no way to prove you weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity theft happening long before the fraud took place.

    Who might be most at risk?

    Gamers often aren’t worried about risks to their personal information as they are often young people who consider they don’t have much to lose, when in fact they do. Firstly, if Malware is downloaded – it puts the entire family at risk. But secondly, a young person is just as vulnerable as anyone to exploitation. There have been reports of crooks harvesting the personal information of young people and storing it until the victim turn 18. Australian Police have issued warnings on the issue of data warehousing in relation to Facebook in the past, but fraudsters won’t be fussy about where they get it from. It all has a lucrative price on the ‘black market’ of personal information.

    For more help with teaching kids and young people about online risks, go to the Stay Smart Online website http://www.staysmartonline.gov.au/kids_and_teens.

    Visit our main website www.mycra.com.au for more information on identity theft and your credit file.

    Image 1: Arvind Balaraman/ www.FreeDigitalPhotos.net

    Image 2: Salvatore Vuono/ www.FreeDigitalPhotos.net

  • Cyber-security to protect your financial identity.

    SSO_Logo+WebHow can what you do online impact your ability to obtain credit? Understand the risks and protect your credit rating.

    MyCRA is a partner for Cyber Security Awareness Week 2013, running this week until 24 May.  The aim of Awareness Week is to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Cyber Security Awareness Week 2013 is an Australian Government initiative, held annually in partnership with industry, community and consumer groups and state and territory governments.

    One of the big risks for Australians is that their internet use will lead to fraudsters stealing their personal information for purposes of identity theft (now the fastest growing crime in Australia) and potentially fraud. The good credit rating of the victim could then be damaged.

    It is reported that 1 in 6 people in Australia is a victim or knows someone who has been a victim of identity theft or fraud in the past 6 months.

    Victims are not always ‘gullible’ as may be the impression in the wider community. Many experts say it is not a matter of if you experience an identity theft attempt, but when.

    Increasingly it comes from professional fraudsters whose main occupation is to steal personal information and financial details in order to commit fraud.

    The internet is a big source of personal information and its ever increasing use makes you more vulnerable to identity crime than ever.  This means identity crime can have very long arms – often it originates from overseas crime syndicates. Social networking, online banking, company databases can also be sources.

    The unlucky identity theft victim is unaware of the fraud until their identity is misused, and their credit rating with it. When identity theft damages your credit rating – it is because the fraudster has been able to overtake credit accounts, or has gained access to enough personally identifiable information about you to forge new identity documents.

    If credit accounts are not repaid – after 60 days you may be issued with written notification of non-payment and the intention for the creditor to list a default on your credit file. It is at this moment that some people who were previously unaware of any problems find out they have been victims of this more sophisticated type of identity theft.

    Protecting Your Financial Identity Online

    stay smart onlineYou can provide a safety buffer for yourslef and your family around one of the main channels for fraudsters to enter our lives – the internet.

    Remember the top tips

    Stay Smart Online encourages all Australians to remember these ten simple tips to improve their online security:

    1. Install and update your security software and set it to scan regularly
    2. Turn on automatic updates on all your software, particularly your operating system and applications
    3. Use strong passwords and different passwords for different uses
    4. Stop and think before you click on links and attachments
    5. Take care when buying online – research the supplier and use a safe payment method
    6. Only download “apps” from reputable publishers and read all permission requests
    7. Regularly check your privacy settings on social networking sites
    8. Stop and think before you post any photos or financial information online
    9. Talk with your child about staying safe online, including on their smart phone or mobile device
    10. Report or talk to someone if you feel uncomfortable or threatened online – download the Government’s Cybersafety Help Button

    For specific help with safe banking, we refer to the Australian Bankers’ Association’s recommendations:

    Protect your passwords – ensure you keep confidential your PIN and Internet banking logons and passwords. Avoid using the same logon/passwords for multiple websites, especially when it enables access to websites that include sensitive personal information. Set a pass code for your device and a PIN for your SIM. If your banking app allows logon with a PIN, make sure it is different to the one used to unlock your       mobile device. Make sure your password or code is something that’s hard for others to guess but easy for you to remember.  A bank will never ask you to provide passwords or PINs by e-mail or over the telephone.

    Lock – set your smartphone and tablet to automatically lock. The password will protect your device so that no-one else can use or view your information. Also store your device in a secure location.

    Contact your bank if you lose your smartphone or tablet – call your bank immediately to tell staff about the loss and provide your new phone number, especially if your bank uses an SMS message to authenticate transactions.

    Clear your mobile devices of text messages from banks especially before sharing, discarding or selling your device.

    Be careful what you send via text – never use text messages to disclose any personal information, such as account numbers, passwords or other personal information that could be used to steal your identity.

    Use only official apps – make sure to only use apps supplied by your financial institution and only download them from official app stores.

    Delete spam and scam e-mail – if the offer sounds too good to be true – it probably is.

    Guard identity information carefully and only provide it to trusted people and entities.  This includes date of birth, current address, driver’s licence and passport details.

    Anyone interested in online safety should subscribe to the email notifications from Stay Smart Online Alert Service. The Stay Smart Online Alert Service is a free subscription based service that provides home users and small to medium enterprises with information on the latest computer network threats and vulnerabilities in simple, non-technical, easy to understand language. It also provides solutions to help manage these risks.

    Also, you can look at securing different sections of your internet use in more depth with the help of Stay Smart Online’s key factsheets for online security.

    Check your credit file regularly, and act quickly on any discrepancies there – which can often be the first sign of identity theft. Copies of credit files can be ordered from one or more of Australia’s credit reporting agencies, and are free for the credit file holder once per year.

    Image 1: courtesy of Stay Smart Online

    Image 2: Ambro/ www.FreeDigitalPhotos.net

     

     

  • Bloggers and small business sites a target for cyber-criminals

    Press Release MyCRA

    blogBloggers and small business sites a target for cyber-criminals.

    23 May 2013

    There’s a gaping hole in cyber-security, and once again, the ‘little guy’ is at risk.

    Experts warn Australians using WordPress or similar sites about the risks of being hacked by cyber criminals unless they bump up their safety measures.

    “Small businesses and bloggers often don’t have the money to invest in online safety – and also believe their small site or blog is ineffectual, when in fact its resources make it a prime target for hackers,” Online expert Daniel Smith says.

    These warnings come as part of Cyber-security Awareness Week 2013, and follow the world’s biggest ever WordPress and Joomla attack last month.

    Mr Smith says the event demonstrates the ease with which small sites can be easily infiltrated and used to make a big impact as part of a systematic attack.

    WordPress currently powers over 60 million websites and is read by over a quarter of a billion users every month. WordPress and Joomla were recently attacked by a botnet of tens of thousands of individual computers. The botnet targeted users with the login “admin”, trying thousands of possible pass words.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i]

    Mr Smith says accessing sites can be easy if pass-phrase security is lax, particularly when the user ‘admin’ is used.

    “I liken it to a locksmith with a whole set of generic keys – he can turn the keys in many doors until he finds one that fits. Hackers have common pass word ‘keys’, and they roll trials of these words until one unlocks the computer, and enables them to use the resources that power the site which are far more than could be gained by a singular desktop computer,” he explains.

    He says the ramifications for individuals and businesses who become part of a botnet are loss of data, loss of secure personal information and break-down of the site.

    “I know victims of who have had to close their business down because they have lost so much information without having any backups,” he says.

    But he warns, hackers don’t always delete the information, but may leave it intact, putting in files in back doors so that they can go undetected – making use of these resources again and again.

    “Hackers can on-sell information to fraudsters, cyber-terrorists or spammers, and can also on-sell the entire botnet to be used in a distributed denial of service (DDOS) event,” he cautions.

    A national credit expert warns fraudsters can use the information to commit identity theft – the fastest growing crime in Australia.[ii]

    CEO of MyCRA Credit Rating Repair, Graham Doessel says information like dates of birth, account numbers, full names and other personal information can be used to steal your identity and take credit out in your name.

    “Fraudsters have been known to go so far as to take out personal loans, credit cards and even finance homes in their victim’s name,” Mr Doessel says.

    “Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.”

    Defaults remain on the credit file of individuals for between 5 and 7 years.

    “In the past it has not been easy for identity theft victims to prove they didn’t initiate the credit, particularly if they have no idea how they were duped in the first place. Often not much of a trail is left and prosecutions don’t come easily,” he says.

    Both Smith and Doessel say prevention is key, and recommend you make some simple but important changes to the way you log in to your WordPress or other sites:

    1. Use secure pass phrases. Come up with a unique scheme that is a minimum of 8 characters long – for example every 3rd vowel could be a number or symbol and you should always add some uppercase letters, numbers and any character that requires the shift key to type. Use multiple words in a pass phrase. You could use two unrelated words which are memorable to you.

    2. Use a different pass phrase and user for each account.

    3. Use a unique user name – not the default setting. Never use ‘admin’ as a user name.

    4. Minimise login attempts. Restrict the number of attempts to access the site before the user is ‘locked out’.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. This is harder to infiltrate by hackers, but Mr Smith says many don’t use 2-step verifications because they seem inconvenient.

    “We may need to get a little inconvenienced to prevent what could be a personal or business disaster, or in worst case scenario, a future global disaster,” he says.

    MyCRA is a partner for Cyber Security Awareness Week 2013 – an Australian Government initiative through Stay Smart Online, to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.[iii]

    To stay one step ahead of fraudsters, you can subscribe to Stay Smart Online Alerts at no charge – which lets you know about cyber issues as soon as they unfold http://www.staysmartonline.gov.au/alert_service.

    /ENDS.

    Please Contact:

    Graham Doessel – Founder and CEO MyCRA Ph 3124 7133

    Lisa Brewster – Media Relations MyCRA & for comment from Daniel Smith Web analyst  media@mycra.com.au

    http://www.mycra.com.au/ www.mycra.com.au/blog

    246 Stafford Rd, STAFFORD Qld

    MyCRA Credit Rating Repairs is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

    Stuart Miles/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Lax cyber-security makes us all vulnerable: Cyber Security Awareness Week 2013

    password securityIf your password is one of the most 1,000 common passwords, it could be hacked in literally seconds…

    Are you one of the millions of Australians who have a pretty basic password? We show you how important strong passwords and other security measures are to keep you, your credit file, your business and perhaps your country safe from cyber-attack. This week is Cyber Security Awareness Week 2013, hosted by Stay Smart Online. This is an Australian Government initiative, held annually in partnership with industry, community and consumer groups and state and territory governments. As part of this week we have been fortunate to speak with online expert Daniel Smith about cyber-security. He gives us a unique insight into the importance of cyber-security awareness for every ordinary Australian.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    You may have heard last month about the biggest ever global brute-force attack. You may have heard about it, but like many it may have gone straight over your head. But the ramifications of an attack like this are pretty important.

    The attack was on WordPress sites, which currently powers over 60 million websites and is read by over a quarter of a billion users every month. WordPress was attacked by a botnet of tens of thousands of individual computers. The botnet targeted WordPress users with the username “admin”, trying thousands of possible passwords.

    But online expert Daniel Smith warns this attack is definitely only a small taste of things to come.

    “Last month’s attack was orchestrated on a large scale, but this happens continuously on an individual basis on sites like WordPress, Joomla, Drupal or similar,” Daniel says.

    “I liken it to a locksmith with a whole set of generic keys – he can turn the keys in many doors until he finds one that fits. Hackers have common password ‘keys’, and they roll trials of these passwords until one unlocks the computer, and enables them to use the resources powered by the site which are far more than could be gained by a singular desktop computer,” he says.

    The ramifications for individuals and businesses who become part of a botnet are loss of data, loss of secure personal information and break-down of the site.

    “I know victims who have had to close their business down because they have lost so much information,” he says.

    But he warns, hackers don’t always delete the information on these sites, but may leave it intact, putting in files in back doors so that they can go undetected – making use of these resources again and again.

    “Hackers can on-sell information to cyber-terrorists or spammers, and can also on-sell the entire bot-net to be used in a brute-force attack that is capable of crashing a country’s economy,” he cautions.

    He says individuals with a WordPress or similar blog, and small companies could be at risk.

    “They don’t have the money to spend on security protection that a larger business would – and they are the ones that think their small site or blog is ineffectual, when in fact its resources make it a prime target for hackers,” he says.

    So just how easy is it to find these passwords?

    “I did a quick 5 minute search on the internet yesterday, and found a list of 6 million usernames and passwords that are out there. If I went searching for more in depth, there would be more there,” he says.

    Daniel says what’s gone wrong, is that the way we’ve been taught to create usernames and passwords is in fact broken. He says we need to make these changes to the way we run sites like WordPress:

    1. Use secure pass phrases. Come up with a unique scheme that is a minimum of 8 characters long – for example every 3rd vowel could be a number or symbol and you should always add some uppercase letters, numbers and any character that requires the shift key to type. Use multiple words in a pass phrase. You could use two unrelated words which are memorable to you.

    2. Use a different password for each account.

    3. Use a unique username – not the default setting. Never use ‘admin’ as a username.

    4. Minimise password login attempts. Restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. This is harder to infiltrate by hackers, but Mr Smith says many don’t use 2-step verifications because they seem inconvenient.

     

    “We may need to get a little inconvenienced to prevent what could be a business disaster, or in worst case scenario, a future global disaster,” he says.

    So where do we as credit repairers come in to cyber-security?

    Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

    Information like dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    SSO_Logo+WebPrevention really is key to protecting your credit file from this fraud – so spend some time and make sure the passwords on your site, or others that you use, are as secure as possible.

    To stay one step ahead of fraudsters, you can subscribe to Stay Smart Online Alerts – which let you know about security issues as soon as they unfold.

    Image 1: digitalart/ www.FreeDigitalPhotos.net

    Image 2: courtesy Stay Smart Online.

     

  • Fraudsters pinch Australian Crime Commission logo to scam consumers

    Don’t be fooled with unsolicited emails, no matter how ‘official’ they look. The Australian Crime Commission (ACC) announced last week it has been made aware of a number of scams using the ACC name and logo to lure consumers into paying thousands of dollars into fraudulent bank accounts. We describe the details of this scam, and look at what you could be giving away that could lead to bad credit history.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    The ACC was last week alerted to a fraudulent email pretending to be from ACC Chief Executive Officer John Lawler, which asks the consumer to pay $900 into a Nigerian bank account in order to receive US$5 million.

    The email is sent from a non ACC email address. The ACC says all legitimate ACC emails contain @crimecommission.gov.au.

    They say the ACC will never request money from individuals in this way.

    Identifying characteristics of these emails may include:

    • Reference to the Department of Homeland Security
    • Reference to the Chief Executive Office of the Australian Crime Commission
    • Reference to Nigerian based banks
    • Requests for recipients to send amounts of money,” the ACC media release explains.

    This comes hot on the heels of another scam using the ACC name to rip off Australians.

    In late September the ACC became aware of a scam that falsely used the ACC, Australian Federal Police (AFP) and Australian Security Intelligence Organisation (ASIO) logo in an attempt to lure consumers into paying large sums of money for fake criminal background checks.

    The fraudulent criminal background checks were being initiated by criminals using dating websites.

    The ACC says the scams highlight the prevalence and scope of frauds being initiated by criminals operating in the cyber environment.

    Criminals are prepared to go to great lengths to pilfer the money or personal details of their victims. To target Australian victims, the average cyber-criminal or scammer needs to be pretty savvy. Most Australians are aware of the obvious scams (although they still do catch out some), but elaborate ones such as the recent investment super scam has meant many well-educated and intelligent people become victims.

    It’s do with the logos, the proof, the fake websites, and the fake statistics. You just don’t assume that people would go to those lengths to steal your money –right? Wrong! The more elaborate the scam, the more likely it will catch out those with serious money. If the prototype works – fraudsters can use it again and again to catch out thousands before they are shut down.

    The other danger with receiving unsolicited emails, is that you can unknowingly download a virus by clicking on a link or attachment. This virus can cause your computer to be part of a botnet, or it can use keyloggers to record your keystrokes and take your passwords and usernames for important sites you use online. So even if you don’t fall for the scam, you can still fall victim to scammers.

    Scams can bring profits in a myriad of ways. Fraudsters can swipe small amounts over a widespread group – or they can concentrate on draining the bank accounts of a few. What they can also do, is misuse or even on-sell the personal details of the victim for purposes of constructing a fake identity to steal credit.

    If successful, crooks can access credit cards, goods or even larger items like houses and cars. This leaves the victim in debt, and it will also leave the victim with a series of credit defaults attached to their name. It is just debilitating for the victim, who then has to go and try to prove to creditors they didn’t initiate the credit in order to clear the bad credit history.

    To prevent this from happening to you, we have compiled a quick list of some ways you can prevent becoming a scam or identity theft victim:

    1. Keep virus software up to date on your computers. Install automatic updates and perform regular virus scans.
    2. Be careful with unsolicited emails. Check the email address before you click on links and attachments.
    3. Keep your privacy settings secure on all social networking sites.
    4. Keep your passwords and PIN numbers secure. Don’t carry PIN numbers with your credit/debit cards, change passwords regularly and use a variety of passwords for different purposes.
    5. Check all your credit card and bank statements each time they come in.
    6. Cross-shred all personally identifiable information which you no longer need, rather than throwing it straight in the bin.
    7. Buy a safe for your personal information at home.
    8. Do not give any personal information or credit card details to anyone via phone, online or email unless you are sure the site is secure, and or you can verify the company details.
    9. Be aware of who gets your personal information and for what purposes. What can these people do with the information they are gathering? For instance, is it really necessary for the site you are registering on to have your date of birth?
    10. Keep up to date with the latest scams by subscribing to the government’s ‘SCAM watch’ website.
    11. Check your credit file for free every 12 months. By requesting a copy of your credit file from one or more of the major credit reporting agencies, Veda Advantage, Dun & Bradstreet and Tasmanian Collection Service (TASCOL) you can be aware of any discrepancies which may need to investigated. Often it is only through a credit check which comes back with defaults on your credit file that  you may realise you have been a victim of identity theft.
    12. Report any incident of identity theft, no matter how small, or even if you have been reimbursed for the damage – to the Police. The more of us that report identity theft, the more effective will be our Government and Police response to it.

    For further information, visit these helpful links:

    ACCC’S SCAMwatch www.scamwatch.com.au for help with how to spot a scam and how to keep personal details safe.

    To report a scam, telephone them on 1300 795 995

    Stay Smart Online www.staysmartonline.gov.au for help with how to secure your computer, and how to keep abreast of cyber-related crime.

    MyCRA Credit Rating Repairs www.mycra.com.au for help with recovering your credit file following credit defaults from identity theft. Call 1300 667 218 to speak with a Credit Repair Advisor.

    Image: fotographic1980/ www.FreeDigitalPhotos.net

  • They’re ba-ack again! Fraudsters change tactics on Microsoft virus scam

    If you own a computer – or a telephone for that matter – you may be vulnerable to computer-related scam attempts. The old Microsoft virus scam may have been shut down, but a new one has popped up in its place. We look at the current computer cold call scam warning, what you should do if you are called by these scammers, and what the ramifications of falling for this scam could be for your financial identity and credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Remember the scam going around where fraudsters were claiming to be from Microsoft and were cold calling in Australia to offer “technical support” to remotely assist in clearing viruses off home computers?

    First detected in 2010, the ‘Microsoft Phone Scam’ was clever, and caught out thousands. Callers knew the victim’s name and address. These fake security engineers were claiming to see problems with the victim’s computer and asking whether the victim had noticed their computer becoming slower recently.

    They went on to offer to take over the machine and fix the problems. The scammers were using legitimate remote access software, such as LogMeIn, TeamView and Ammyy.

    Scammers then requested money for this ‘service.’ On top of that, it put the victim’s personal and banking details at risk. It also gave the scammers remote access to their computer, which can potentially lead to infected computers and pilfering of personal information via keyloggers.

    Gizmodo’s recent article ‘Global Operation Sees Infamous ‘Microsoft’ Scammers Finally Taken Down [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Updated]’ explained the extent of the success of the scam prior to its takedown:

    Three years on from the first report into the ACMA about the Microsoft scammers, over 10,000 complaints have been recorded. The ACMA says that the worst point came two years ago, when every second complaint to the agency was about the Microsoft scammers. This was in 2011 — a year when scam activity had doubled on the previous period. 52 per cent of the 83,000 scam complaints the ACMA received in 2011 presented as phone scams. All in all, in that 12 months, Australians lost a total of $85.6 million to various scammers.

    Gizmodo reported international efforts from Australia, Canada and the United States brought down U.S. based scammers only a couple of weeks ago. The scammers became the first individuals to be caught in connection with the scam. They’ve had their assets frozen and they are presumably now awaiting a hearing over fraud charges.

    Not to be dismayed, scammers have obviously thought the gig was too lucrative to dismantle yet – and they have changed tactics – hitting those original victims with yet another scam. As if they hadn’t suffered enough!

    On Friday Stay Smart Online issued a warning that computer-related scams were doing the rounds again. It may be important for those who may have been targeted last time.

    “Following international efforts by agencies to close down the infamous ‘Microsoft imposter scam’, reported earlier this month, examples of scammers responding with new approaches have been noted.

    This includes scammers making follow up calls to previous targets of the original scam, offering apologies and refunds in response to the closing down of (fake) support they provided previously.

    Scammers may also claim to be from a foreign government, foreign law enforcement agency or bank, and offer to recover the money you initially lost, in return for a fee,” SSO notes in its warning.

    Your personal information in the wrong hands can lead to identity theft which threatens the health of your credit rating. Fraudsters can duplicate your identity and take out credit in your name – leaving you with debts you didn’t initiate and bad credit from outstanding accounts in your name.

    Think recovery would be easy? Think again!

    Clearing bad credit history is always difficult for individuals to undertake. Most enquiries will result in Creditors telling you that bad credit is there to stay for the term of the listing (usually 5 years). The only thing you can do to change that is to prove there is an inconsistency by demonstrating that the listing was put there unlawfully. An identity theft victim’s task is then to prove that they did not initiate the credit in the first place, but proof is not always easy to obtain – especially when you have no idea of exactly how the fraud occurred. Many people don’t know they are victims until they go to obtain credit and are refused because their credit file is riddled with defaults.

    So what should you do if you get a phone call from one of these guys? SSO gives this advice:

    Suspect: Don’t accept anything at face value. Don’t make a payment over the phone or online without first checking the details.

    Think: Recognise the signs. If you’re being pressured to act, disclose personal details or send money to a stranger, it’s almost certainly a scam. (Microsoft never makes unsolicited phone calls about its products.)

    Report: Act to report the scam. Tell SCAMwatch and help stop scammers in their tracks.

    Ignore: Never respond. Hang up or delete the SMS or email after reporting.

    If you have had your credit file destroyed by identity theft, and need help recovering your good name – contact a professional Credit Repair Advisor on 1300 667 218 or visit the MyCRA Credit Rating Repairs website www.mycra.com.au. Professional credit repair can offer you the best chance of being able to clear bad history from identity theft for good.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • W.A Government to toughen up on identity checks to combat identity fraud

    Western Australia’s Births Deaths and Marriages just got that little bit harder to swindle with the introduction of tighter identity controls to prevent identity theft and fraud. The changes come into effect next week and will mean anyone who applies for a birth, death or marriage certificate or a name change will have to provide at least three forms of current identification. We look at what these changes will mean in preventing fraud and subsequent bad credit history that shouldn’t be there, and why the positives of increased security outweigh any ‘inconvenience’.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Attorney General Michael Mischin told Perth Now yesterday these tighter measures are designed to ensure those who are entitled to access personal information can do so easily, while deterring those who are not.

    “In the past few years thousands of West Australians have been affected by identity crime with millions of dollars stolen from innocent people,” Mr Mischin said.

    Under WA law people can face up to seven years jail if they produce, use or supply another person’s identification when there is intent to use that information to commit a crime, or facilitate someone else to commit a crime.

    The nature of this form of identity crime is pretty complicated, but the payoffs for the criminals would be huge. This type of identity fraud involves the use and misuse of someone’s personal information. Fraudsters may have one piece of the identity puzzle that they may have obtained from somewhere – say a credit application dumped un-shredded in a rubbish bin, personal details from social networking, or perhaps a stolen wallet containing a licence or bank account. What the fraudsters then do is look at piecing together different bits of information – requesting replacement copies of basic identity documents, even changing addresses until they have enough information to commit fraud. The icing on the cake for this type of identity fraud – would be obtaining a replacement copy of an actual birth, death or marriage certificate.

    If fraudsters had this type of document, they could easily apply for new credit in their victim’s name – even going so far as to mortgage a property in their victim’s name.

    The ramifications of this crime would be absolutely devastating for the victim. They would not only be in debt thousands and thousands of dollars, but also facing a series of defaults against their name which would stop them getting credit in their own right for a very long time (up to 7 years).

    Western Australia has not been without its share of well-publicised fraud cases. One such bout late last year involved the mortgaging of properties owned by overseas investors.

    In 2010 Wembley Downs retiree Roger Mildenhall had his Karrinyup investment property sold without knowing anything about it. And in 2011 Nigerian-based scammers sold a Ballajura property without the owners’ knowledge.

    The previous owners were living and working overseas at the time and didn’t discover the property had been sold until they returned to Perth to inspect the property.

    The real estate agent involved has told investigators that he received a phone call from a man claiming to be the owner in February of 2011 inquiring about the property. Shortly after, the agent received an urgent request to sell the property as funds were needed for a business investment, later revealed to be a supposed petro-chemical project –  Landgate announced in a statement in September last year.

    Following this, the WA Government was prompted to upgrade its security measures for overseas-based property owners.

    “WA property owners living abroad who are concerned about identity theft can now lodge a caveat over their property to reduce the risk of being targeted by scammers, under a raft of anti-fraud measures introduced by Landgate,”Lands Minister Brendon Grylls said at the time.

    “They could remove the caveat only by attending Landgate’s Midland office in person and completing a 100-point identity check”, Mr Grylls said.

    Under the range of increased security measures, all transfers of land executed overseas now requires a 100-point identity check, signatures to be witnessed by an Australian Consular officer and the sales will need to be independently checked by at least two senior Landgate officers.

    The introduction of new security at the Births, Deaths and Marriages Departments seems a no-brainer, and a change which should be going across the board in every Australian State.  A person’s identity and their credit file are the flag for their financial life, and to allow any fraudster opportunity to mess with that through less than bullet-proof security of their personal information is to do them a great disservice.

    If you have been a victim of identity theft – whether you have lost money or not – don’t forget three important rules…

    1. Tell Police and/or the ACCC. We must report these crimes – however “embarrassing” it may be.

    2. Tell your Creditors. Just because nothing has happened yet, doesn’t mean it won’t in the future. Alert them to your identity theft vulnerability before you become a victim and your bank accounts or credit rating suffers.

    3. Check your Credit File. Make sure you have not had credit taken out in your name. If you haven’t – warn the credit reporting agencies that you may be vulnerable to identity theft.

    If you find defaults on your credit file which should not be there, you may require help to recover your good name. Contact a Credit Repair Advisor on 1300 667 218 to discuss your suitability for credit repair or visit our main site for more information www.mycra.com.au.

    Image: photostock/ www.FreeDigitalPhotos.net

  • TMI – 5 things all young people should know about privacy, social networking and credit.

    If you didn’t have Facebook or Twitter – you’d be lost right? It’s a great way to keep in touch with friends– and sometimes it’s more convenient and quicker than a phone call. But if you don’t keep your personal information secure from outsiders while you use it– you could be keeping in touch with all the wrong people. There’s weirdos out there trolling the internet looking for the stuff you openly post – even people looking to commit identity theft with your info. We show you how the mistakes you make with your privacy now could lead to being unable to get a phone, a home, a car in the future because of a surprise bad credit rating.

    This information was put together for Privacy Awareness Week 29 April to 5 May 2012 and is all about promoting awareness of privacy rights and responsibilities in the community. The theme this year is “How to Protect Personal Information While Engaging With Social Media”  with a focus on secondary school students, parents and teachers. If you are not a student but you know one, flick them this link or print this page. We want all young Australians to have the luxury of a clear credit rating when they turn 18 and beyond.

    By Graham Doessel Founder and CEO of MyCRA Credit Repairs and www.fixmybadcredit.com.au.

    1. Fraudsters are looking for your personal information.

    They are looking to take it and use it for purposes of constructing a fake identity. Identity theft victims are not always ‘gullible’ as people might imagine. They are ordinary people. Many experts say it is not a matter of if you experience an identity theft attempt, but when. It is estimated one in six Australians may have been a victim or know someone who is a victim of identity theft.

    It can happen to you when someone you know obtains identity documents or credit card details to impersonate you. Or more and more it comes from professional fraudsters whose main occupation is to steal personal information and financial details in order to commit fraud.

    The internet is a big source of personal information and its ever increasing use makes you more at risk of identity crime than ever.  This means identity crime can have very long arms – often it originates from overseas crime syndicates.  Identity theft is increasing because the pay-offs are huge for criminals. It is estimated identity crime costs Australians $1 billion a year.

    2. Criminals are after information they can use to steal your identity.

    Criminals are looking for anything they can use to piece together enough information in order to construct a fake identity. Much of the information people post on Facebook or other Social Networking sites can be very good building blocks for identity thieves. They are taking snippets here and there and building a profile on people. They may know your name and they may also know where you live, or where you go to school, your pet’s names, your birthday, even your other family name which could be identified as your mother’s maiden name.

    All this is very handy information that is not only used to identify you, but may be used in passwords. After a little while, they have enough information to go about asking for replacement copies of driver’s licences, photo identification – whatever type of identification they have suitable information for. Then they can attempt to take out credit in your name. Some people have even had houses purchased in their names. Often it’s not until you go and take out credit and the bank says: “NO WAY look at all these defaults against your name!” that you may realise you have been struck by identity theft. The thing is, they are using your name so you are the one that ends up with the bad credit rating, and it can be a nightmare to recover the good credit rating you once had.

    3. These Privacy risks apply even if you’re under 18

    You might ask – what’s the point of worrying about privacy if you are underage – without a credit rating – there is no danger of identity theft right? Well think again! The fact is – crooks are pretty clever. The information you post today, could come back to haunt you in a big way. There are reports of crooks scanning social networking sites purposely looking for young people for this reason, because they usually have the most open privacy settings. That information is not used right away, but is ‘warehoused’ until the young people turn 18. They can then go on a ‘spending spree’ with the young person’s fake identity and credit. Imagine that, you turn up to buy your first car, and lo and behold you have a mountain of defaults against your name and no idea how it happened.

    Besides all this, if you have enough information on your Social Networking right now about your parents you could be putting their credit rating in jeopardy as well.

    4. The effects of a bad credit rating from identity theft

    Negative listings stay on a person’s credit file for 5 to 7 years, depending on the listing. During the time your credit file is affected most lenders and other credit facilities will refuse you credit. Unless you are able to prove it wasn’t you who took out the credit, you may be stuck with a bad credit rating until you are at least 23 if not 25. You can’t borrow to travel, purchase a home, or even take out a credit card or a mobile phone plan while you credit file has these defaults.

    5. What you should do to make sure fraudsters don’t obtain your personal information

    One important change you can make right now, is to change the way you use the internet. Keep your passwords and social networking settings as strong as possible.

    Here is some information that Stay Smart Online has provided to help young people in Australia today take steps to use social networking safely:

    • set your online profile to private and be discerning about who you accept as your ‘friend’
    • protect your accounts with strong passwords
    • have a different password for each social networking site so that if one password is stolen, not all of your accounts will be at risk
    • think before you post – expect that people other than your friends can see the information you post online
    • don’t post information that would make you or your family vulnerable – such as your date of birth, address, information about your daily routine, holiday plans, or your children’s schools
    • don’t post photos of you or your family and friends that may be inappropriate – or that your family and friends haven’t agreed to being posted
    • never click on suspicious links – even if they are from your friends – they may have inadvertently sent them to you
    • be wary of strangers – people are not always who they say they are. It’s a good idea to limit the number of people you accept as friends
    • always type your social networking website address into your browser or use a bookmark.
    • If you suspect any fraudulent use of your identity you should report it to your social networking service provider and your local police.

    MyCRA Credit Rating Repairs is proud to be a Partner for Privacy Awareness Week 2012. For more youth resources visit the PAW Website http://www.privacyawarenessweek.org/youth.html.

     

    Image of boy: David Castillo Dominici/ FreeDigitalPhotos.net

  • Personal information…the gateway to identity theft

    Hackers access databases searching for personal information that can be extracted and misused or traded to fraudsters for purposes of identity theft. We look at how your identity and ultimately your clean credit file can be put at risk. By GRAHAM DOESSEL.

    It’s Saturday night in Las Vegas. Thousands of pairs of shoes sit neatly in boxes on warehouse shelves in the dark. The store’s customers and staff are at home enjoying their evening. In the credit information office, the lights are off, the filing has been done. But in the dark, thousands of the store’s computers are being remotely accessed by hackers.

    The personal information of the shoe store’s customers is likely being transferred. It is likely this information will now be sold on the black market to fraudsters. This information could now be used to further attack those unsuspecting customers. Those customers could now be a target for identity theft and receive phishing emails in order to get further information from victims, including the credit card number.

    This may have been how the saga transpired for shoe company, Zappo.com on the weekend. In a story from the Sydney Morning Herald this morning it was reported that on Sunday Amazon.com owned shoe retailer Zappos.com announced it was hacked. Hackers broke into the credit card database. Up to 24 million of its customers’ personal information may have been accessed. The company said customers’ credit card information was not stolen, but names, phone numbers, email addresses, billing and shipping addresses, along with the last four digits from credit cards and more may have been accessed in the attack.

    Here is an excerpt from that story, titled ‘Zappo’s customers details walk out the door’:

    It is not yet known how hackers gained access to the database or if a zero day exploit was used, but a security expert said it is likely customer data will now be sold in the cyber underground.

    Robert Siciliano, a McAfee consultant and identity theft expert, told Mashable he expects whoever hacked Zappos’s site to now sell the data to people who run phishing scams.

    “They’ll sell it 10,000 accounts at a time, short money, like $100,” he said adding there is enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic phishing scam — which might be supplemented with a voicemail “vishing” attack as well, Mashable reported.

    Zappos said it was contacting customers by email and urging them to change their passwords.

    Las Vegas-based Zappos said the hackers gained access to its internal network and systems through one of the company’s servers in Kentucky.

    And in the news last week, we get an insight in to the type of crime ring that hackers may sell this information to. AFP report titled ’50 held in Puerto-Rico based identity ring’.

    The U.S. Justice Department announced late last week it has charged 50 people with conspiracy in a scheme to acquire personal identification information on US citizens in Puerto Rico and then sell it through fraudulent documents.

    Typically, the documents consisted of forged Social Security cards and birth certificates. They were sold for prices ranging between $700 and $2,500.
    The documents were sold from April 2009 until December 2011 to buyers throughout the United States.

    “The alleged conspiracy stretched across the United States and Puerto Rico, using suppliers, identity brokers and mail and money runners to fill and deliver orders for the personal identifying information and government-issued identity documents of Puerto Rican US citizens,” said Assistant Attorney General Lanny Breuer in a statement.
    The indictment alleges that identity brokers ordered the forged documents for their customers from Puerto Rican suppliers by making coded telephone calls.
    They would refer to “shirts,” “uniforms” or “clothes” as codes for various kinds of identity documents.
    “Skirts” meant female customers and “pants” meant male customers who needed documents in various “sizes,” which referred to the ages of the identities sought by the customers.

    Payment was made through money transfers while the documents were sent by mail.

    Some of the persons receiving the forged documents used them to obtain drivers licenses, US passports and visas, the Justice Department reported. Others are accused of using the documents to commit financial fraud.

    Sure this crime went on in the U.S. but it couldn’t happen here – could it?

    Well, to begin with – how many Australians have credit card details registered with Amazon, for example? We might live on an island, but U.S. crime can always reach our shores via the internet. Just look at the Sony PlayStation saga as a specific incident of how our details are not immune to theft on overseas shores.

    With identity theft being the fastest growing crime in Australia – it seems criminals here will be hot on the heels of the U.S. with newer, better, more sophisticated ways to get something for nothing.

    Interestingly, many hacks are actually not instigated to commit identity theft, but are statements to different industry bodies. For example the recent Robin Hood-style hacking of Texas security analysis company, Stratfor on Christmas Eve. Hackers obtained thousands of credit card numbers and other personal information from the firm’s clients and started making payments to several charities.

    “The assault was believed to have been orchestrated by a branch of the loosely affiliated hacker group called Anti-Sec and appeared to be inspired by anger at the imprisonment of Bradley Manning, the US army private accused of leaking US government files to WikiLeaks. An online statement from the group said the attack would stop if Manning was given ”a holiday feast … at a fancy restaurant of his choosing”,” the Brisbane Times reports.

    MP Malcolm Turnball and billionare businessman David Smorgon were amongst the victims who had relatively small amounts extracted from their credit card and donated to charities such as Save the Children, Red Cross and CARE.

    But for those hackers whose main aim is to extract details from databases and onsell them to fraudsters – we should all be very wary. And unfortunately, there is always that element of doubt about the security of our personal information in company databases.

    A leading fraud expert made this suggestion for online credit card use:

    In a story the Courier Mail featured in October last year, titled ‘Queensland Police Fraud chief Brian Hay calls for banks to bring in credit cards that can only be used in Australia to stop cyber-crime’, Det. Supt. Hay made some valid suggestions about how Australians can protect themselves from this type of fraud. One included for shoppers to have a credit card specifically for online purchases with a small credit limit. This is good advice to follow to prevent having large amounts extracted from credit cards if the companies with those details are ever hacked.

    Unfortuanately, it doesn’t stop identity thieves ‘phishing’ for further information on their victim for purposes of full-blown identity theft.

    If credit is taken out by fraudsters in the victim’s name, they can end up with defaults on their credit file – and this is not easy to recover from. First the victim has to prove they didn’t initiate the credit themselves. This would require documentary evidence and Police reports. But the identity theft victim would be virtually banned from obtaining credit until they are able to wade through the mess that has been created for them on their credit report, and clear their good name.
    For help with credit repair following identity theft, contact MyCRA Credit Repairs on 1300 667 218 or visit our main website www.mycra.com.au.

    Image: Danilo Rizzuti / FreeDigitalphotos.net

     

  • Mixed messages about protecting personal information

    Don’t give away your personal information to anyone – especially to strangers who come knocking at your door.  Seems like the golden rule to live by nowadays to avoid identity theft and scams…unless the person knocking is from the Australian Bureau of Statistics.

    The government has been very busy telling people to be careful with their personal information. With identity theft now the fastest growing crime in Australia it is no wonder. The Government’s SCAMWatch website continually warns the public about scammers who are trying to steal their personal and financial information by masquerading as a variety of people at their door.

    Here is a list of some of the ways SCAMwatch says people have been caught out by door to door scams:

    Home maintenance scams: scammers try to sell home maintenance services, like roofing or gardening services, and then bill people for additional work they did not agree to.

    Charity scams: These scams play on people’s generosity and involve a scammer posing as a genuine charity in order to fraudulently collect money.

    ATO scams: Australian Taxation Office—door-to-door scam. People claiming to be consultants from the ATO ask people to sign up to a fictional government program promising financial incentives, including a reduction in taxes. In return for signing up, scammers ask people for personal information such as credit card information or banking details.

    Survey scams: Sometimes scammers pretend to conduct a survey so they can get personal details or to intitally disguise their sales pitch.

    Digital television scams: door-to-door salespeople offering to sell people conversion equipment and falsely claiming to represent the government.

    People can not only stand to lose out financially, but if they have given over crucial personal information to the door-knocker, and they turn out to be a crook, that can also lead to identity theft. The victim could possibly have fraudsters not only drain their bank accounts, but take out credit in their name. The road to recovery is long and arduous as it can be difficult for people to prove they didn’t take the credit out themselves.

    It may have surprised many to then read a report in The Australian titled ‘Pushing the Limits of Privacy’ on Monday about a couple who felt pressured to give over their personal information to Australian Bureau of Statistics officers.

    The couple were randomly selected to participate in an extensive survey where they were required to provide financial and personal information to the ABS for their Survey of Income and Housing 2011-12.

    The couple felt “uncomfortable” doing this for a couple of reasons. According to the story, they had just returned from a long overseas trip and had no time to view any previous material the ABS had sent them by mail. The couple were simply greeted fresh by someone at the door “demanding” they book in an interview with an officer to give over their personal information and provide documentary evidence to boot.

    The couple had been victims of credit card skimming while overseas.

    “Interpol had warned them to be especially careful about giving anyone any financial information at all because their experience raised their risk of identity theft,” the story says.

    So they were quite “uneasy”. They sat at an interview in their home, answering important questions like date of birth, place of birth, citizenship status – all normal questions for the ABS to ask, but also normal questions for fraudsters looking to extract identity information from their victim.

    So why were the couple forced to give over their personal information if they felt uncomfortable about it?

    The story explains that in general, ABS collation is compulsory. Failure to comply can result in fines of $110 a day, at the discretion of the magistrate who will hear the case once the person has been charged.

    There are exemptions on offer, and the couple may have been able to apply for one, but it appears in the story they were not given an option to apply for an exemption.

    ABS spokesman Rod Smith expressed disappointment at the couple’s experience. “If it happened exactly as you’re suggesting, that’s not how we train our people to behave in public,” he says.

    The Australian Bureau of Statistics is by law allowed to regularly compel a random section of the population to be involved in more extensive surveys in which they are personally interviewed by ABS representatives, and their information is then used for more in-depth surveys.

    This makes sense – the ABS surveys are a great snapshot of the population. They are necessary for understanding the people who inhabit this country.

    The Personal Fraud Survey 2007 alone has helped us to understand so much more of how identity theft and fraud has affected Australians in reality.

    But in this day and age the prospect of a stranger coming into our home for an interview where we give over our personal information can sound quite confronting to some. Many mistrust those that show up at the door claiming to be from one company or another. Those that let people in – well we often read about them in the news as the country’s latest scam victim.

    To be compelled to participate may be too much for some people –as it was for this couple who had just had a brush with credit card skimmers. Other groups of people may also have a problem with this type of interview:

    “The very fact that someone can come in to a private home to ask these questions may upset those who are particularly sensitive: refugees from totalitarian regimes, for example, or from countries where rule of law and due process are unknown; people, especially the elderly or the physically vulnerable, who live alone; even people, introverts for example, who have never been traumatised but simply have a more highly developed sense than most of the divide between personal and public,” the story says.

    This brings to light the issue that possibly in this day and age, the selected people for this in-depth type of survey need to be well informed by the ABS of their right to seek exemption from participation in the survey despite its compulsory nature. In this way, they will feel less pressure to give over something which has turned into a valuable commodity – their personal information.

    If people are unsure of what to do if someone comes to their door, SCAMWatch has this advice:

    Protect yourself from door-to-door & home maintenance scams

    If someone comes to your door, ask to see their identification. You do not have to let them in, and they must leave if you ask them to.

    Check that the trader is registered on the Australian Government’s business.gov.au website.

    Do not agree to offers or deals straight away: tell the person that you are not interested or that you want to get some advice before making a decision.

    If you are interested in what a door-to-door salesperson has to offer, take the time to find out about their business and their offer.

    Carry out a web search on the business to see if there are other consumers who have commented on the quality of their work – many scams can be identified this way.

    ALWAYS get independent advice if an offer involves significant money, time or commitment.

    Read all the terms and conditions of any offer very carefully: claims of free or very cheap offers often have hidden costs.

    Always check that goods or services were both ordered and delivered before paying an invoice.

    Contact your local office of fair trading if you are unsure about an offer or trader.

    For help with repairing a credit rating following identity theft, contact our main website www.mycra.com.au or phone 1300 667 218.

    Image: nuttakit / FreeDigitalphotos.net

  • Don’t throw away your identity on rubbish day

    Rubbish day will never be the same again…not when fraudsters are sniffing around rubbish bins like alley cats at night looking for any kind of personally identifiable information on unsuspecting residents.

    If people think there’s nothing that can be done with that old electricity bill, or scoff at credit card offers and bin them immediately, they may be surprised to know that the information they throw away could be pilfered and those criminals could be putting everything they hold dear at risk.

    A growing crime known as ‘dumpster diving’ threatens the bank accounts, and the good name of many Australians every night. Personal information has become such a valuable commodity, criminals are willing to rifle through people’s rubbish to obtain it.

    Here’s how it happens…

    At night criminals are out on the streets of Australia going through rubbish bins. They are hunting for personal information to commit identity theft. This may not be their first time at a particular rubbish bin. They may be adding information to what they already have.

    Or piecing together information from a variety of sources including the internet, until they have enough to go about obtaining duplicate copies of identification documentation.

    Once this happens, they are able to take out credit such as loans, cards and even mortgage properties in the victim’s name.

    This comes as Today Tonight  in its story ‘Identity Theft Alert‘ interviewed Rob Forsyth from security company SOPHOS on 14th October.  It was revealed that 2 in 5 Australians put old bank statements and other key personal papers into recycling.

    Mr Forsyth says no suburb is immune to fraudsters rifling through that rubbish on the hunt for personal information.

    “They know, because it’s public information which councils have pick-ups on which day, and whether it’s garden waste or recycled waste, and they will cruise through those streets in the middle of the night and go through the garbage bins,” Mr Forsyth says.

    He says once they have enough personal information, they will on-sell that information abroad – including dumped bank statements, credit card offers, phone bills, which already bear the person’s name and address.

    The Australian Crime Commission cites identity theft as the “fastest growing crime in Australia” , and a survey commissioned by the Attorney-General’s office in June revealed 1 in 6 people had been or knew someone who had been a victim of identity theft or misuse.

    There are significant long-term implications for the identity theft victim past the initial monies lost if fraudsters gain access to a person’s credit rating.

    If an account – fraudulent or otherwise – goes unpaid past 60 days, the creditor will list the non-payment as a ‘default’ on the person’s credit file. This default will remain on the credit file for 5 years and can severely hinder  any chances of obtaining credit during that time.

    Often the first time victims of identity theft and subsequent fraud find out about the crime is when they go to apply for a loan or credit card and are refused due to defaults they were not aware of.

    Adverse credit file listings such as defaults are not removed easily, and at this stage, victims have to do a whole lot of work to try and prove to creditors they were not responsible for the unpaid accounts, including providing Police reports.

    Information should be treated with the respect it gets in criminal circles.

    Here’s some simple ways to protect personal information from identity theft:

    – Buy a shredder and cross -shred every piece of personally identifiable documentation that is no longer required before putting in the rubbish bin.

    -Buy a safe for personal documents at home

    -Put a lock on the letterbox to avoid mail being stolen.

    -NEVER give out personal information to any person or entity without verifying their identity .

    -Personal information is valuable – always question the need for people to have it. If in doubt – opt out.

    Obtain a credit report regularly. People who may be vulnerable to identity theft can contact one or more of the major credit reporting agencies in Australia and request a copy of their credit file.  A credit file report is free for Australians every 12 months.

    For a fee, Veda Advantage offers credit file holders an alert service, which tracks any changes to their credit file within a 12 month period.This could detect suspicious entries such as new credit enquiries or changes in contact details which would point to an identity theft attempt, allowing steps to be taken before the fraud affects the person’s good credit rating.

    Personal information is so valuable to fraudsters. Shred it before you bin it, and lock it up if you want to keep it. Filter who gets it.  Protect your identity and your credit file integrity.

    For more information on identity theft and credit repair, people may contact MyCRA Credit Repairs on 1300 667 218 or visit the main website www.mycra.com.au.

    Image: Grant Cochrane / FreeDigitalPhotos.net

  • Fraudsters target overseas-based property owners

    Identity theft appears to be the new black in criminal circles. Perhaps there has never been a better time to commit identity theft. Opportunity is high, awareness is still fairly low, and prevention of this crime unfortunately seems to be reactionary-based as fraudsters think up bigger and better ways of gaining access to people’s good names.

    Recently the West Australian Government announced details of a property scam which has presented itself in Western Australia.

    Police are investigating a scam in which properties are sold by fraudsters without the knowledge of the overseas-based owners. Last year, Wembley Downs retiree Roger Mildenhall had his Karrinyup investment property sold without knowing anything about it. But more recently, it is alleged that Nigerian-based scammers sold a Ballajura property without the owners’ knowledge.

    “A couple returning from overseas have advised authorities that their property has been sold without their knowledge or consent and a joint investigation has been launched.

    The previous owners were living and working overseas at the time and didn’t discover the property had been sold until they recently returned to Perth to inspect the property.

    The real estate agent involved has told investigators that he received a phone call from a man claiming to be the owner in February this year inquiring about the property. Shortly after, the agent received an urgent request to sell the property as funds were needed for a business investment, later revealed to be a supposed petro-chemical project,” Landgate announced in a statement earlier this month.

    The West Australian Newspaper last week reported the WA Government has upgraded its security measures for overseas-based property owners.

    “WA property owners living abroad who are concerned about identity theft can now lodge a caveat over their property to reduce the risk of being targeted by scammers, under a raft of anti-fraud measures introduced by Landgate.

    Lands Minister Brendon Grylls said yesterday Landgate would expand its TitleWatch service so homeowners can receive email alerts notifying them of any activity on the title deeds of their nominated property. Overseas-based property owners can pay $160 to lodge a new caveat on their property to prevent registration of a change of ownership, mortgage or lease.

    They could remove the caveat only by attending Landgate’s Midland office in person and completing a 100-point identity check, Mr Grylls said…
    Under the range of increased security measures, all transfers of land executed overseas will now require a 100-point identity check, signatures to be witnessed by an Australian Consular officer and the sales will need to be independently checked by at least two senior Landgate officers.

    “It is important that we continue to move to ensure that a person’s No. 1 asset is protected,” Mr Grylls said.

    Property owners and Real Estate agents in every state need to be aware that overseas-based property scams are occurring, and to arm themselves with preventative measures to protect against identity fraud.

    The other property scam to watch out for is the fake rental property scam. The ACCC’s SCAMwatch website warns individuals about responding to property advertisements, as there have been reported incidents of scams in the community.

    “SCAMwatch is warning prospective tenants to be wary when responding to rental properties advertised on the net where the ‘owner’ makes various excuses as to why you can’t inspect the property but insists on an upfront payment for rent or deposit.

    Scammers will often use various shared accommodation sites to post these fake listings. They will go to great lengths to ensure that the offer looks genuine by including photos and real addresses of properties. However, photos and details of properties can be easily obtained on the internet.

    Once hooked, the scammer will request money, often via money transfer, or personal details upfront to ‘secure’ the rental property. SCAMwatch warns consumers not to send money or provide personal details to people you don’t know and trust.”

    Long term affect for victims

    Fraudsters now see personal information as a valuable commodity. Many are able to use that information to take out credit in the victim’s name. Often the victim is not alerted to the misuse of their credit file for some time, often not until they attempt to obtain credit themselves. By then, victims may have credit applications as a minimum and possibly defaults, mortgages and mobile phones attributed to them incorrectly.

    Once any account remains unpaid past 60 days, the debt may be listed by the creditor as a default on a person’s credit file. Under current Australian legislation, defaults remain listed on the victim’s credit file for a 5 year period.

    If a victim has defaults on their credit file following identity theft – the defaults still remain there for 5 years. The onus is then on the identity theft victim to prove to creditors they didn’t initiate the debts in their name. If they are unable to prove this, they are virtually blacklisted from obtaining further credit themselves for 5 years.

    It is important for everyone to think twice about who they allow to have access to their personal information, and to verify all transactions are legitimate before handing over their details or any money. SCAMwatch has these suggestions:

    How to protect yourself

    * Insist on inspecting the property- a drive-by is not enough. With these types of scams, the property may genuinely exist, but it is owned by someone else.
    * If it is overseas, ask someone you can trust to make inquiries. If there is a real estate agent or similar in the area they may be able to assist.
    * Do not rely on any information provided to you from anyone recommended by the person advertising the property.
    * An internet search on the name of the person offering the property and their email address may provide useful information.
    * Where possible, avoid paying via money transfer. It is rare to recover money sent this way.
    * There are many share accommodation websites, consider choosing the ones with clear warnings about scams or which offer added protection.
    If you are satisfied that the offer is legitimate and decide to accept it, keep copies of all correspondence, banking details and the listing itself.

    For more information on identity theft prevention, or help with credit repair following identity theft, contact MyCRA Credit Repairs.

    Image: vichie81 / FreeDigitalPhotos.net