eCrime

Electronic or e-Crime involves the misuse of electronic devices, such as computers, mobile phones or other electronic devices that have internet access.

How does this work?

The misuse may be on the victim’s computer or by using an existing web site such as an online auction site. In line with modern technological advances, e-crime is becoming increasingly sophisticated and complex, with offenders hacking into computer systems or using stolen credit cards to carry out Internet transactions. Identities are being stolen and sold in online criminal markets with large financial transactions being carried out in the name of their victims. Businesses and individuals are equally at risk of e-crime both at home and in the workplace.

Examples of eCrime: 

Breaches of security and privacy

• This may include theft of equipment or data, unauthorised use of personal or sensitive information and use of malicious software. Criminals are also stealing the log in details of secure sites so legitimate users cannot access their account.

Fraudulent transactions

• This may include the use of stolen credit cards or dealing with bogus companies.

Identity theft

• With the amount of personal information available on the internet, it has become easy for cyber criminals to assume the identity of another person. Identification documents can be purchased online through criminal markets that sell sufficient documentation for 100 points, assisting in the creation of bank accounts.

Account takeovers

• This is where another person obtains the log-in details of another person and assumes their name online. This can cause damage to the victim especially if the attacker makes derogatory comments about others in the name of the victim.

How do I protect myself?

It's vital to secure your computer and allow password access only. The most essential parts of the computer are the hard drive and removable storage devices, which store your data.

It's important to develop and implement appropriate system failure procedures, also known as data backup.

This can be done by:

• transferring your data to an external drive, USB, CD Rom, zip drive or the main server
• keeping the serial numbers of your computer equipment (separate from the hard drive) in a safe place
• considering the value of your data to how you would feel if it was lost or stolen.

If you take work home to complete, be aware of who was using the home computer before you and what sites they were viewing. Malicious software can be installed on your computer which records keystrokes and is then forwarded to the cyber criminal. Also, ensure the wireless network you are using is encrypted.

I have concerns about identity theft

• Contact IDCare who will be able to advise on ID concerns
  • IDCare have a dedicated team of technicians who are able to inspect laptops and Android phones at no cost to you.  Technicians will look for indicators of compromise, perform a comprehensive anti-virus/malware scan, and remove any unwanted remote access programs. Once completed, you will received a certificate from IDCARE saying your device has been examined and cleaned.  This can be useful when dealing with financial and government organisations. T
  • To find out more, contact their National Case Management Centre on 1800 595 160 or fill in the help form.
• See IDCare's Cyber First Aid Kit

If you have concerns about your Queensland Driver Licence, the TMR website has further information about protecting your identity and how you can apply for a replacement driver licence (you do not require a police report to obtain a replacement driver licence).

I'm worried about my identity being used to obtain loans

• We recommend you obtain a credit check and ask all relevant agencies (see below) to block the use of your details.  
• When a ban is put in place it ‘freezes’ access to your credit file. This means that Credit Reporting Agencies (CRAs) are not able to disclose any personal information from your consumer credit file to any credit providers unless you provide written consent for them to do so, or if they are required by law.
• A ban does not impact your current credit line or credit payments unless credit is due for renewal (e.g. credit card about to expire). You will still be able to use any credit cards you currently hold and repay any existing loans.
• A ban is initially valid for 21 days. An extension may be provided with evidence supporting that you are, or are at risk of becoming, a victim of fraud. In most cases this will require you to show that you have either a police report number or a ReportCyber number.
• You will need to apply for bans with all 3 Australian CRAs:
  • Equifax:
    • Email banrequestAU@equifax.com with the subject line ‘Request a ban’. Tell them you are asking for a ban to be placed on your credit file as you have been (or may become) a victim of identity theft. Include the following information: Driver licence number, full name, date of birth, current/ previous address.
    • If you have reported this matter to the police or ReportCyber, please include the reference number.
    • When applying for a ban with Equifax you do not need to provide scanned copies of your driver licence; only the number is required.
  • illion:
    • Request a ban here.
  • Experian:
    • Email with the subject line: ‘Add Ban’ to creditreport@au.experian.com.  Include your phone number in the body of the email and scanned copies of 3 forms of ID; 1. Driver licence, 2. Medicare card and 3. Utility bill (showing your current address).

Data security

Increasingly, businesses and individuals are taking advantage of evolving computer technology. This has led to an increase of unauthorised use of data, such as confidential, personal or sensitive information and theft of data for commercial purposes.

It's important to always safeguard your data by ensuring:

• A firewall is installed and is regularly updated
• A virus protection programme is installed and regularly updated
• Data files and listings are secured and shredded when they are no longer required
• Email safety program is employed teaching staff how to identify and delete potentially dangerous emails
• Security violation reports are reviewed and investigated
• Operating systems are regularly checked for updates
• Applications on the device/network are regularly checked for updates
• Offline backups of data are kept up to date and in a secure location and not permanently attached to the host device.

Keep reviewing your data security, especially if a staff member leaves or there are changes in your organisation.

Make sure:

• You allow password-only access 
• Only authorised employees are given access to data
• Data access is cancelled promptly when it is no longer required by a staff member or they leave
• You set limits to the data staff need access for their roles. There are few instances where staff require access to the entire corporate database
• Two-factor authentication is enabled, especially when accessing corporate data from a remote location
• Use a Virtual Private Network to access corporate data from a remote location.

When you buy a new computer, and no longer need the old one, remove the hard drive before disposal to protect your data. Criminals have purchased computers at corporate auctions with the goal of obtaining access to the data left on the device.