A survey undertaken by IDCARE, New Zealand and Australia’s national identity and cyber community support service, suggests that more than 300,000 Kiwis had their identities stolen in the past 12 months, that two thirds of these had their stolen identities actively misused by the thieves and that they lost, on average close to $10,000 each.
Beyond this, almost one third of those suffering loss through identity theft required professional mental health support, and 83 percent of survey respondents that had suffered as a result of identity-theft felt extremely dissatisfied with how organisations treated them in response.
The findings are contained in IDCARE’s New Zealand Observations of Identity Compromise and Misuse 2016 report. It contains some salutary lessons using real world victim stories, for example:
“Mike engaged IDCARE after clicking on a US Travel Visa scam website ten days earlier. The client uploaded on the scam website an image of his New Zealand Passport and driver's licence, his credit card details, full name, date of birth, mobile phone number and current residential address, and travel particulars. … The immediate impact was a credit card fraud debt of $US120. Seven days later Mike noticed that $24,030 had been transferred out of his bank account. This coincided with his mobile phone not working. The identity thieves has ported his mobile phone using his passport details and accessed his bank account by using his driver's licence details via telephone banking.”
IDCARE said the victim facilitating the theft was common. “In the majority of cases where the compromise was not a physical theft of credentials, the individual had direct contact with the criminal – in other words, they actually facilitated the compromise of their personal information because they believed what the criminal was telling them.”
It added: “This can be avoided by not responding to someone who approaches you online or offline asking for your details.”
The top five methods of misuse were: unauthorised access of bank accounts (29 percent), unauthorised mobile phone porting (17 percent), credit card fraud (17 percent)), damage to reputation (nine percent) and fraudulent tax return claims (six percent).
IDCARE said: “The most popular credentials targeted by identity thieves impacting New Zealanders were passports (49 percent), driver licences (35 percent) and bank account details (32 percent). …The most prevalent form of identity compromise came from the theft of physical credentials (27 percent), followed by telephone scams (21 percent) and website scams (16 percent).”
However IDCARE said reliance by identity thieves on passports and driver licences should not be interpreted as necessarily the physical credential being compromised. “In 78 percent of instances the physical credential remained with the client. It was the credential information that was of most value to the identity thief. … In some cases, identity thieves were detected using voice altering software to aid in changing their gender to match the gender on the credential.”
The report noted also that identity theft alone in New Zealand is not an offence.