Public or Private?

Make decisions about what personal information you share online and what personal information you keep private.

How to protect yourself

Protect your identity – don’t become an identity theft victim!

Identity theft is more likely to occur if you make it easy for someone to take and use your identity information.

There are a number of things you can do to protect your identity information:

• Be careful with your identity information, how much you give out and who you share it with.
• If someone asks for your identity information, ask why the organisation or individual needs it, and what they intend to do with it.
• Keep key documents that are used to establish your identity (e.g. birth certificate and passport) in a safe and secure place.
• Make sure you properly dispose (shred or burn) of bank statements, electricity bills and any piece of correspondence with your name and address on it. These documents should never be put in public rubbish bins or recycling bins. Consider getting your statements provided online – it’s good for you and the environment too.
• Be cautious, identity crime does not always result from information that is stolen; people often give it away by publishing it in public places (e.g. date of birth posted on a social networking website).
• If you use Internet banking, do not log on from a shared or public computer, such as an Internet café, to make any sensitive transactions.
• Remove all personal information from computers before you dispose of them.
• Be suspicious of any unexpected events (e.g. letters from creditors, bank transactions you can’t remember making) that could be the result of identity crime.
• Request an access register report from Births, Deaths and Marriages at the Department of Internal Affairs. This is a free service that allows people to find out who has applied to access their records (e.g. whether or not a certificate/printout was issued) since 25 January 2009.
• Request a credit report from Dun & Bradstreet or Veda. Note that from 1 April 2012 a "positive" credit reporting system will operate in New Zealand. Further changes to the credit report system can be found on the Privacy Commissioner website.
• https://www.dia.govt.nz/Identity---How-to-protect-yourself-from-identity-theft

Traditional ways to access personal information for identity theft

• Dumpster diving: fraudsters go through bins to collect ‘trash’ or discarded items to obtain copies of individuals’ cheques, credit card or bank statements, or other records that contain their personal information.
• Pretexting: criminals contact a financial institution or telephone company, impersonating a legitimate customer, and request account information. In other cases, the pretext is accomplished by an insider at the financial institution, or by fraudulently opening an online account in a customer’s name.
• Shoulder surfing: looking over someone’s shoulder or from a nearby location as the victim enters a PIN at an ATM or EFTPOS machine, or enters a password online.
• Skimming: capturing personal data from the magnetic stripes on the back of credit or debit cards. The data is transmitted to another location where it is re-encoded onto fraudulent credit cards.
• Business record theft: someone steals data from a business or bribes insiders to obtain the information from the business or organisation.

Online methods for stealing personal information

• Malware: a software code or programme inserted into an information system in order to cause harm to that system, or to other systems or to subvert them for use other than that intended by their own users.
• Viruses, worms, trojan horses, backdoors, keystroke loggers, screen scrapers, rootkits, and spyware are all different kinds of malware.
• Spam: unsolicited, unwanted or harmful electronic messages are increasingly being used as a method for delivering malware and criminal phishing scams.
• Phishing: obtaining unsuspecting Internet users’ personal identifying information through emails and mirror-websites that look like legitimate businesses, such as financial institutions or government agencies. Typically, a phishing attack is composed of the following steps:

• the phisher sends its potential victim an email that appears to be from an existing company. The email uses the colours, graphics, logos and wording of the company;

• the potential victim reads the email and provides the phisher with personal information by either responding to the email or clicking on a link and providing the information via a form on a website that appears to be from the company; and

• through this, the victim’s personal information is directly transmitted to the scammer.

• Hacking: exploiting vulnerabilities in electronic systems or computer software to steal personal data.

https://www.dia.govt.nz/diawebsite.nsf/Files/EOI/$file/identity_theft_checklist_pdf-a.pdf

https://docs.google.com/document/d/1oBN389ycFpCXkS-rZlAFlBKCCGs7vPVSnR1-7E1woMA/copy