Around one in five clients that reported to IDCARE said that they completed the details and experienced further crimes. The most common misuse risks relating to the provision of this information captured by these clients involved:

• Unauthorised transactions on debit / credit cards
• Establishment of new transaction account
• Unauthorised Individual Tax Return submission
• Establishment of new email account
• Unauthorised Mobile Phone Porting/SIM Swap
• Unauthorised Access of Email Account
• Mobile Number Spoofed
• New Credit Card Application
• New Personal Loan Application
• Welfare Claim
• Mail Redirection
• Fraudulent Access of Superannuation Account

‍

IDCARE advises that if you have not opened the link or followed any other instructions received on the SMS text message then the risks in relation to identity theft and misuse are very low. If you are using an Android device it is recommended that you install anti-virus. Apple products rely upon operating system updates to maintain their security.

If you have clicked a link and completed the required fields we recommend you take the following immediate actions (where appropriate to your situation):

1. Contact your financial institution immediately and explore what additional controls you can place on your accounts and cards;
2. If licence or passport information was sent, request credit bans from each of Australia’s three credit reporting bureaus and apply for copies of your credit reports (see IDCARE’s Learning Centre, Credit Ban Fact Sheet & Credit Report Fact Sheet). For passports you may wish to explore cancelling the passport and having a new one re-issued with a different number – note there will be fees for this;
3. If a Tax File Number was provided, contact the ATO and ask for additional security measures to be placed on your account (call 1800 467 033 M-F 8am to 6pm AEDT);
4. Update your passwords to your online accounts that has used the same email address (if provided) as their username;
5. Contact the Department of Human Services if you believe your Medicare or Centrelink Reference Number has been exposed (call 1800 941 126 M-F 8am-5pm AEST);
6. Contact your Superannuation Fund and explore what additional controls they can put in place, such as updating passwords, implementing second-factor authentication, or implementing additional “account change” authorisation procedures (such as confirming using alternate communication channels that requests to roll-over or access funds are legitimate);
7. Contact your telecommunications and email provider about implementing second-factor authentication on your accounts or other security setting upgrades.
   ‍

Brands impacted include major financial institutions,Commonwealth government agencies, social media, large retailers and telecommunication carriers.

If you require further assistance or have had other identity or account information compromised please complete an IDCARE Get Help Form. We will endeavour to respond to your requirements within two-business days but this will be influenced by demand. Note that we are a charity and not all organisations who refer their customers to IDCARE to address their needs support our charity financially. We appreciate your patience.