Country, Culture, People, Future

Cyber Safety Tips

Cyber Safety Tips

Simple steps to protect your personal information
Cyber Resilience Outreach Clinics
Ways to protect and respond to data incidents
How do to tell if your information has been misused?
How to prevent identity misuse?
Additional information and support
Office of the Australian Information Commissioner (OAIC) Cyber Safety Tips

 

Here are some simple, precautionary steps to protect your personal information:

Never click on any links or open attachments that look suspicious in texts, emails or social media messages from strangers or if you’re unsure the sender is genuine.

Change passwords for email, bank and other accounts. Make sure you have strong passwords or pass phrases that you have not used for other accounts. You may want to change your banking PIN. Generally, a financial institution won’t ask you in an email or SMS to click on a link to update your password or PIN. For more information about creating strong passwords and multi-factor authentication, visit cyber.gov.au.

Enable multi-factor authentication wherever possible. This makes it much more difficult for someone to gain access to your online accounts because you must confirm your identity in two or more ways – such as with a password and security code sent to your mobile phone.

Be alert to all emails received, including any invoices that claim to come from YMAC or appear suspicious in any way. A scam email might be personalised or refer to/address you by name. Ensure you have up-to-date anti-virus software installed on any device you use to access your emails.

Be suspicious of any unexpected requests for personal, financial or other information via email, text, phone call or social media message (particularly if it comes from overseas), and never provide your passwords or any personal or financial information.

• If you see any suspicious activity relating to your bank accounts, for instance, if you spot any purchases you didn’t make or transactions you did not authorise, we recommend you notify your bank and the police immediately.

Take care on phone calls. If someone calls you posing as a credible organisation and requests access to your computer or any account, always say no. Don’t share your personal information until you are certain who you’re sharing it with. If someone calls and claims to be from an organisation or agency, you can hang up and call the organisation or agency back using publicly available contact details from their website or the phone book.

Be alert to any unexpected checks against your credit reports or receiving any correspondence that you have been signed up to a new service/account or cancelled an existing one. If this occurs, we recommend you notify the relevant service provider, your bank and the police immediately.

Replace any identity documents that have been compromised.

If you are concerned your identity or financial information has been compromised, contact specific agencies such as the Australian Taxation Office (ATO), Centrelink or roads and transport authorities to discuss options for replacing compromised documentation.

 

Cyber Resilience Outreach Clinics in our regions

Next year, YMAC will partner with IDCARE to host Cyber Resilience Outreach Clinics in our regions. We are currently finalising dates and locations to ensure as many people as possible can attend. At these clinics you can talk to IDCARE staff on the ground and receive advice on what the cyberattack means for you, steps you can take to protect yourself and how you can access IDCARE’s free community support. Dates and details will be posted on YMAC’s website. Click here for more information.

IDCARE, Australia’s leading national identity and cyber support service for the community, has provided YMAC with the following information on how our community can recognise the signs of identity theft and misuse and further protect their personal information following data incidents.

Identity criminals typically use personal information for one of four reasons:

  • To enable further deception – such as impersonating someone’s email account to deceive others.
  • To commit direct financial misuse – such as fraudulent credit card spends or applying for a personal loan or mobile phone account (this is the most common).
  • To enable financial misuse – such as setting up a transaction account.
  • To build an identity – by collecting more information about a person through accessing their credit reports or stealing their mail.

The most common signs of identity misuse include:

  • You notice transactions, either withdrawals or payments, from your bank accounts and cards you did not initiate.
  • You receive an unsolicited email, phone call or SMS-text message by people who claim to know you, or are impersonating government or business, and ask you to provide further information, including payment details, credential information or other identity details.
  • You receive a bill in the mail for a service you did not request.
  • You are locked out of your email account, social media, online banking or permanently lose your mobile phone signal.
  • Your friends, relatives or work colleagues are enquiring about an email or social media post you apparently sent that you had nothing to do with.

This depends on the information that may have been exposed. In this instance IDCARE recommends you:

Step 1: Contact your Financial Institution(s)

  • Inform your financial institution that your personal information may be at risk of identity misuse and ask them what additional controls or measures they recommend. An incident involving a credit card does not automatically mean the credit card will be cancelled and a new one reissued. Talk to your institution about the options.
  • Change any online banking passwords and, if you haven’t already, explore whether your online banking has multi-factor authentication security (such as using a token PIN or SMS code in addition to your username or account ID and password).

Step 2: Check out your Credit Reports for any unexplained credit checks by organisations.

  • Every Australian can get free access to their credit reports. You may have three different credit reports from each of Australia’s three separate credit reporting bureaus.
  • To apply for your credit report, follow the steps in Fact Sheet – Credit Reports Australia via IDCARE’s Learning Centre.
  • If you find entries on your credit report that cannot be explained or are incorrect, such as a different address, please contact IDCARE immediately by submitting a support request form via idcare.org quoting your YMAC referral code.

Step 3: If you think you may experience misuse involving credit you can also apply for a Credit Ban with each of Australia’s credit reporting bureaus.

  • Like credit reports, credit bans are free under Australian privacy laws.
  • They sound bad, but a credit ban basically takes your credit reports off the shelf so that if someone goes to get credit in your name the credit provider can’t check your credit worthiness and is therefore less likely to grant credit to the criminal in your name.
  • Credit bans won’t upset any existing credit lines you may have (such as credit cards and loans).
  • They are only in place for 21 days in Australia, but you can ask for an extension if you think you face an enduring risk and provide a police report number. The report number for this incident provided by the Australian Federal Police is PN2423.
  • To apply for a credit bans follow the steps in IDCARE’s Fact Sheet – Credit Bans Australia.

Step 4: If you have had your Medicare Card details potentially exposed, you may wish to apply for a completely new card number using the Services Australia MS011 form. More information on this process can be found online at Services Australia. When completing the form you will need to select "transfer to a new card" and have everybody listed on your current Medicare card complete their details if they also wish to transfer to a new card number.

Step 5: You may wish to replace your Driver's Licence if you have had your licence details exposed. Some States and Territories make a notation on a person’s account if they believe their licence is at risk. But it is important to note that this alone will not prevent criminals from misusing your licence.

Step 6: Change your email and social media passwords and activate multi-factor authentication if available. Monitor these accounts looking for contacts people that may claim to know you or have information about you and report this immediately to IDCARE. One of their Case Managers will work with you to determine what it is, what it could be, and what can be done about it.

Remain alert to telephone call, SMS and email phishing scams and, if in any doubt about the communication speak to someone about it or look to engage the organisation using alternative means.

More information about phishing scams is available on the Australian Consumer and Competition Commission's (ACCC's) website on Phishing (https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing)

Remain alert to unauthorised requests to port your mobile telephone number to another provider. Most carriers will text message you first before this occurs. If this occurs or your phone loses a permanent signal, contact your telecommunications service provider to confirm whether a request for porting has occurred, and if so, request a reversal. You should also contact your financial institution to temporarily suspend online banking and change your email password and set up multi-factor authentication with another mobile number or email address. More information about this type of scam can be found at IDCARE’s Fact Sheet on Porting.

You can find additional guidance about protecting your identity and privacy rights by visiting the OAIC's website (www.oaic.gov.au). The OAIC is also the national privacy regulator.

You are not alone here. Navigating and understanding response options can be difficult. IDCARE is available to work with you to explore your concerns, any unique needs you may have protecting your identity and personal information, and related support. You can arrange to speak with an IDCARE Case Manager at the Get Help Now section on their website. Be sure to quote your YMAC referral code.

If there is any misuse of your personal information, IDCARE will help you restore your identity and account information. However, the ability to respond and recover lessens considerably if you respond to an email, SMS or telephone call and enable access to your accounts because of a deceptive act. This may be too difficult to correct. So be particularly mindful of socially engineered attacks, including phishing emails, fake social media requests and messaging, text messages that require you to click on links, and telephone scammers.

 

More information about actions you can take to reduce your risk of harm can be found at oaic.gov.au including:

The OAIC also has useful information on how to act quickly if you are affected by a data breach, including a downloadable PDF.