• Simple steps to protect your personal information
• Cyber Resilience Outreach Clinics
• Ways to protect and respond to data incidents
• How do to tell if your information has been misused?
• How to prevent identity misuse?
• Additional information and support
• Office of the Australian Information Commissioner (OAIC) Cyber Safety Tips
• Never click on any links or open attachments that look suspicious in texts, emails or social media messages from strangers or if you’re unsure the sender is genuine.
• Change passwords for email, bank and other accounts. Make sure you have strong passwords or pass phrases that you have not used for other accounts. You may want to change your banking PIN. Generally, a financial institution won’t ask you in an email or SMS to click on a link to update your password or PIN. For more information about creating strong passwords and multi-factor authentication, visit cyber.gov.au.
• Enable multi-factor authentication wherever possible. This makes it much more difficult for someone to gain access to your online accounts because you must confirm your identity in two or more ways – such as with a password and security code sent to your mobile phone.
• Be alert to all emails received, including any invoices that claim to come from YMAC or appear suspicious in any way. A scam email might be personalised or refer to/address you by name. Ensure you have up-to-date anti-virus software installed on any device you use to access your emails.
• Be suspicious of any unexpected requests for personal, financial or other information via email, text, phone call or social media message (particularly if it comes from overseas), and never provide your passwords or any personal or financial information.
• If you see any suspicious activity relating to your bank accounts, for instance, if you spot any purchases you didn’t make or transactions you did not authorise, we recommend you notify your bank and the police immediately.
• Take care on phone calls. If someone calls you posing as a credible organisation and requests access to your computer or any account, always say no. Don’t share your personal information until you are certain who you’re sharing it with. If someone calls and claims to be from an organisation or agency, you can hang up and call the organisation or agency back using publicly available contact details from their website or the phone book.
• Be alert to any unexpected checks against your credit reports or receiving any correspondence that you have been signed up to a new service/account or cancelled an existing one. If this occurs, we recommend you notify the relevant service provider, your bank and the police immediately.
• Replace any identity documents that have been compromised.
• If you are concerned your identity or financial information has been compromised, contact specific agencies such as the Australian Taxation Office (ATO), Centrelink or roads and transport authorities to discuss options for replacing compromised documentation.
Next year, YMAC will partner with IDCARE to host Cyber Resilience Outreach Clinics in our regions. We are currently finalising dates and locations to ensure as many people as possible can attend. At these clinics you can talk to IDCARE staff on the ground and receive advice on what the cyberattack means for you, steps you can take to protect yourself and how you can access IDCARE’s free community support. Dates and details will be posted on YMAC’s website. Click here for more information.
IDCARE, Australia’s leading national identity and cyber support service for the community, has provided YMAC with the following information on how our community can recognise the signs of identity theft and misuse and further protect their personal information following data incidents.
Identity criminals typically use personal information for one of four reasons:
The most common signs of identity misuse include:
This depends on the information that may have been exposed. In this instance IDCARE recommends you:
Step 1: Contact your Financial Institution(s)
Step 2: Check out your Credit Reports for any unexplained credit checks by organisations.
Step 3: If you think you may experience misuse involving credit you can also apply for a Credit Ban with each of Australia’s credit reporting bureaus.
Step 4: If you have had your Medicare Card details potentially exposed, you may wish to apply for a completely new card number using the Services Australia MS011 form. More information on this process can be found online at Services Australia. When completing the form you will need to select "transfer to a new card" and have everybody listed on your current Medicare card complete their details if they also wish to transfer to a new card number.
Step 5: You may wish to replace your Driver's Licence if you have had your licence details exposed. Some States and Territories make a notation on a person’s account if they believe their licence is at risk. But it is important to note that this alone will not prevent criminals from misusing your licence.
Step 6: Change your email and social media passwords and activate multi-factor authentication if available. Monitor these accounts looking for contacts people that may claim to know you or have information about you and report this immediately to IDCARE. One of their Case Managers will work with you to determine what it is, what it could be, and what can be done about it.
Remain alert to telephone call, SMS and email phishing scams and, if in any doubt about the communication speak to someone about it or look to engage the organisation using alternative means.
More information about phishing scams is available on the Australian Consumer and Competition Commission's (ACCC's) website on Phishing (https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing)
Remain alert to unauthorised requests to port your mobile telephone number to another provider. Most carriers will text message you first before this occurs. If this occurs or your phone loses a permanent signal, contact your telecommunications service provider to confirm whether a request for porting has occurred, and if so, request a reversal. You should also contact your financial institution to temporarily suspend online banking and change your email password and set up multi-factor authentication with another mobile number or email address. More information about this type of scam can be found at IDCARE’s Fact Sheet on Porting.
You can find additional guidance about protecting your identity and privacy rights by visiting the OAIC's website (www.oaic.gov.au). The OAIC is also the national privacy regulator.
You are not alone here. Navigating and understanding response options can be difficult. IDCARE is available to work with you to explore your concerns, any unique needs you may have protecting your identity and personal information, and related support. You can arrange to speak with an IDCARE Case Manager at the Get Help Now section on their website. Be sure to quote your YMAC referral code.
If there is any misuse of your personal information, IDCARE will help you restore your identity and account information. However, the ability to respond and recover lessens considerably if you respond to an email, SMS or telephone call and enable access to your accounts because of a deceptive act. This may be too difficult to correct. So be particularly mindful of socially engineered attacks, including phishing emails, fake social media requests and messaging, text messages that require you to click on links, and telephone scammers.
More information about actions you can take to reduce your risk of harm can be found at oaic.gov.au including:
The OAIC also has useful information on how to act quickly if you are affected by a data breach, including a downloadable PDF.