Since August 2024, reports of stolen shares linked to identity theft have surged, as ASIC notes, revealing a rising trend of fraudsters targeting Australian investors. Criminals access sensitive personal information as extensive data breaches escalate concerns, profoundly affecting the cybersecurity framework of the public sector.
ASIC released a formal announcement, cautioning that “fraudulent activity using stolen identities is increasingly sophisticated,” and urged both investors and organisations to remain vigilant against these threats. These offences increase the risk to personal investments and threaten the overall safety of digital and financial assets in the public sector.
Prevent identity theft
Fraudsters often access sensitive details like the Security Reference Number (SRN) or Holder Identification Number (HIN) using various methods. Once they obtain these details, they impersonate legitimate investors and sell their shares without permission. Criminals often open bank accounts under the victim’s name to receive the proceeds from the share sales, further facilitating their scheme. Fraudsters use various methods to gather personal information.
They exploit data breaches to access readily available online data and steal mail from letterboxes to obtain sensitive information. “Fraudsters can gather personal information not only from information available online but also by stealing mail from letterboxes,” ASIC clarifies. In such instances, the dark clouds of uncertainty hang over victims until they receive notification of the sale, often discovering it too late to avert the harm.
Identity theft and share theft pose a significant challenge to cybersecurity in Australia, particularly in the public sector. Fraudulent activities demand improved security protocols and increased awareness among investors and financial institutions. Addressing and investigating these incidents imposes a significant burden on law enforcement and cybersecurity organisations.
Protecting Australian investors and institutions
Given the surge in identity theft incidents, particularly following significant breaches impacting government systems, it is imperative for individuals and public sector organisations to adopt proactive security measures.:
- Monitor investments regularly: Investors should regularly assess their portfolios, including superannuation and managed funds, to quickly identify any unauthorised activities. ASIC advises you to conduct “regular reviews of your share trading accounts” to help detect potential fraud earlier.
- Enhance account security: Use robust passphrases instead of basic passwords; activate multi-factor authentication (MFA); and keep contact details for brokers and registries current to significantly reduce the risk of unauthorised access to financial accounts.
- Physical mail security: Secure letterboxes and conduct regular checks to safeguard against the interception of physical mail that may contain sensitive information.
- Respond to suspicious activity promptly: If an investor detects any irregularities, they should take prompt action by reaching out to the appropriate organisations through official channels to confirm and address unauthorised transactions.
- Report incidents to authorities: Scamwatch and IDCARE provide assistance to individuals who suspect a potential compromise of their identity. IDCARE offers tailored recovery plans to help victims reduce the effects of fraud, supported by the government.
Identity theft significantly increases the number of stolen shares, directly impacting the cybersecurity environment in Australia. This situation highlights the importance of staying vigilant, which is the most effective form of defense. ASIC warns that “Australians previously affected by data breaches should be particularly alert to the increased likelihood of identity theft,” as their personal information may be accessible online. Investors, institutions, and government entities must collaborate to protect Australia’s public sector from further exploitation.