Online identity theft is an ever-growing problem in Australia. Now more than ever, we share personal and financial information through various channels, from convenient online shopping platforms and apps to social media and beyond. With this comes an increased risk of having personal information stolen online, and the effects can be significant, including financial loss, damage to credit scores, emotional distress, and more.

The good news is that there are some simple steps you can take to protect personal or financial information against theft. Here, we’ll share some practical tips to reduce the risks and keep your information secure.


What is identity theft?

Identity theft is a type of fraud where someone unlawfully obtains your personal information, like your name, address, date of birth, Tax File Number (TFN), or credit card details, without your knowledge or consent. This stolen information can then be used to commit financial crimes, like opening new credit accounts, taking out loans, or making unauthorised purchases or withdrawals from your accounts.

Throughout the 2021-2022 financial year, the Australian Bureau of Statistics reported that:
• 0.8% (around 159,600 people) experienced identity theft.
• 2.5% (around 509,000) experienced online impersonation.
• 2.7% of Australians (around 552,000 people) experienced a scam.
• 8.1% (around 1.7 million) experienced card fraud.

From the data you can see identity theft and fraud impacts a significant number of people in Australia. It can cause serious financial damage, and it can take significant time and effort to undo that damage. Plus, it can cause emotional distress and feelings of violation because your personal information has been compromised and used without your consent.


Examples of identity theft

Criminals are getting bolder with their scams — texts, emails, and even social media messages are looking more realistic than ever, landing thousands of Australians in hot water with their finances and security.

With this in mind, it’s crucial to understand how scammers can access your information and what it can be used for. Some common examples of identity theft include:

Email and phone scams: A thief poses as a trusted source, like a bank or government agency, and requests personal information through email or via text messages on your phone.


Credit card fraud: A thief steals a person’s credit card information and uses it to make unauthorised purchases or withdrawals.

Loan fraud: A thief uses a person’s personal information to apply for loans, like a car or personal loan, resulting in unauthorised debts.

Tax fraud: A thief uses a person’s Tax File Number (TFN) to file false tax returns and claim refunds or benefits.

Superannuation fraud: A thief uses a person’s personal information to access their superannuation account and make unauthorised withdrawals.

Medicare fraud: A thief uses a person’s Medicare card or personal information to receive medical services or treatment, resulting in fraudulent medical bills.

Utility fraud: A thief uses a person’s personal information to open or transfer utility accounts, such as electricity or gas, resulting in unpaid bills and negative credit reporting.

Data breaches: Hackers can gain unauthorised access to databases or systems containing personal information and use or sell the stolen data that can be used to impersonate others as part of ID takeover.

These are just a few examples of fraud committed by criminals using identity theft in Australia. It’s important to be vigilant, protect your personal and financial information, regularly monitor your accounts and credit report, and be cautious when providing personal information.


How to prevent identity theft in Australia



Keep your PIN and passwords safe 

Protecting your PIN, account passwords, and codes is critical for preventing identity theft. Here are a few quick tips for password management and protection:

  • Change your online banking password as soon as you receive a temporary PIN or password. We also recommend changing your password and PIN regularly.
  • Create unique passwords with a minimum of eight characters and a maximum of 15 which includes uppercase and lowercase letters, numbers, and symbols.
  • Do not use readily accessible information, like your name, date of birth, telephone number, pet’s name, or relative’s name in your password. You should also avoid using an obvious combination of letters and/or numbers that can easily be guessed, like “1234”.
  • Wherever possible, use multi-factor authentication, e.g., receiving a special code via your mobile phone or email to confirm your identity.
  • Keep your PIN and password a secret. Do not disclose your PIN or password to anyone, including your family and friends. Also, protect your PIN when shopping out and about — you never know who’s watching and waiting to steal your credit and debit card information.
  • Do not write down your PIN or password unless it’s disguised. For an extra level of security, we recommend trying to commit your PIN or password to memory or use a password manager to create, save and manage passwords securely.
  • If you’re worried someone knows your PIN or password, immediately change it, and report the risk to your financial institution.

Protect your devices 

Install and maintain up-to-date antivirus software and firewalls on your computers and mobile devices to prevent malware and hacking attempts. Also regularly update your operating system and applications to ensure you have the latest security patches.

In the same vein, avoid using public WiFi or a public computer for online banking — anyone can use public WiFi, including identity thieves. You should only ever connect to a WiFi network you trust.

If you absolutely need to use public WiFi:

  • Avoid entering personal information and passwords into public computers. If you have no choice, ensure you don’t click “remember login details”.
  • Avoid downloading credit card statements and personal documents to a public computer.
  • Ensure your screen is not easily visible, and consider using an incognito tab, i.e., a private browsing window that doesn’t save browsing history, cookies, or any kind of data. Websites can no longer access your previous browsing session information, and downloaded files will be deleted.
  • Clear your browsing history when you’ve finished using a public computer.

Shred sensitive documents

Before binning personal documents and financial statements you’ve received in the mail, shred them to prevent them from falling into the wrong hands. This also applies to expired credit and Medicare cards and any other cards or documents that involve sensitive information.

Keep an eye out for phishing emails, texts, and social engineering

With scams and frauds on the rise, it’s becoming harder to tell what’s real and what’s not. Scammers have been known to impersonate banks and send out phishing campaigns leading to a false bank website. With this in mind, it’s important to stay vigilant, do not click on unexpected links, and do not respond to the email or text. Always contact your bank using their contact information published on their official website.

Here are a few telltale signs you’re looking at a phishing text/email:

  • The message contains a call-to-action, like “download” or “click here”, encouraging you to click a link and enter personal information on a ‘fake’ website.
  • The message has a sense of urgency or importance, e.g., your service will be cut off unless you log in and action something immediately.
  • The message was “sent” by a senior member of the “company”.
  • The message has poor grammar and spelling.
  • The message references “security and maintenance upgrades” or “investigation of irregularities”, tempting you to lower your guard.

If you are a member of Gateway Bank, log into online banking exclusively through our app or our website’s homepage. Never click on unexpected links. If uncertain, please contact our team at 1300 302 474 and report suspicious activity.

Regularly check your credit reports and financial statements

Checking your bank statements and online banking regularly is important — it allows you to monitor your accounts and detect any errors or fraudulent activity.

Also check your credit report, as this records your credit history, including information about your credit applications and any delinquencies or defaults.

If you see any unfamiliar applications or accounts on your report or bank statements, contact your bank immediately. It could be a sign that someone has stolen your identity and is using it to apply for and open credit accounts or obtain loans.


How to report identity theft



If you’ve received a suspicious call, text, or email claiming to be from Gateway Bank, don’t engage with them. Hang up the phone, delete suspicious texts and emails, or block the person on social media. Then, it’s time to report the scam to us and ACCC Scamwatch (Australian Competition & Consumer Commission).

• Contact us to report unauthorised transactions and compromised passwords or if you suspect your security has been compromised in any way. Our team is available at 1300 302 474 Monday to Friday, 8 am - 6 pm (AEST / AEDT) to assist.

• The ACCC will use your report to identify new scams, disrupt them, and warn other consumers and businesses ahead of time. Your report might also assist law enforcement (both here and overseas), banks, and other companies who can take proactive steps to stop scammers.

When reporting identity theft, we also recommend contacting the police for further advice and assistance.

You might be directed to your state or territory’s ID Support Program — for example, ID Support NSW is designed to help you understand and prevent identity crime and provides support if your proof of identity credentials have been compromised.


How we protect our members against security threats

At Gateway Bank, we take your security and privacy seriously, which is why we have various security measures in place to protect our members. For example:

Online banking security: We provide firewall protection, encryption, automatic time-outs, secure SMS code authentication, incorrect password access lock, and last login time checks.

Security platforms: We have implemented a leading edge security company to mitigate the risks of DDOS (distributed Denial of Service) attacks. Suspicious internet traffic is monitored, challenged, and blocked in case of an unexpected response.

• Eco Visa Debit Card security: We partner with Orion, a fraud detection company, to help keep your Visa Debit Card safe. If Orion detects any suspicious activity on your account, you may be contacted on behalf of Gateway by a phone call, an SMS message, or an email.

We’re always updating our security measures to ensure our members feel safe and secure using our services. You can count on us to add layer after layer of protection for your information.

Contact us for advice on how to protect yourself from identity theft and fraudulent, criminal behaviour.