IDCARE as Australia’s national identity and cyber support community service has been engaged by FIIG to assist community members who have concerns about the exposure of their personal information due to the FIIG cyber incident.
IDCARE advises FIIG customers to:
Be on the look out for emails, phone calls and text messages purporting to be from FIIG, financial institutions, telecommunications carriers, Government or other response agencies that request that you click on a link, provide personal or credential information, or request that you provide remote access to your device. Unfortunately, scammers and cybercriminals leverage privacy breach events in seeking to deceive community members to provide personal, account or credential information, infect devices, or motivate individuals to perform actions as part of a scam. IDCARE recommends:
Stay abreast of the latest scams impacting the Australia's community via IDCARE’s News and Media website, Facebook page, and by subscribing to our free community newsletter, Cyber Sushi.
IDCARE has formed response recommendations relating to the credentials potentially exposed as a result of the FIIG cyber incident. Please refer to your incident notification for specifics on what information of yours was exposed.
Potential Risks
Individually, these are both low risk identity attributes, however in combination with other information (such as address and phone number) scammers engaging you may appear more legitimate.
Recommendations
You may see an increase in targeted phishing attempts via email, text messaging or telephone calls, where the scammer uses details specific to you (such as your name and date of birth for “verification”). For more information on phishing watch IDCARE's what is phishing video here --> https://www.idcare.org/how-to-videos/what-is-phishing.
Never click on links in emails or text messages, no matter how legitimate they appear. Do not be pressured to respond, whether it is by email, text message or telephone. If you want to know whether an organisation tried to get in touch with you, contact the organisation yourself using contact details you know are correct.
Keep being scam vigilant and stay across the latest scams by regularly visiting idcare.org, connecting with our social media, and subscribing to our free online newsletter Cyber Sushi. Another great resource is Scamwatch that collate lots of information and alerts about scams.
Information
The phone number will be the one associated with your FIIG account. This could be your mobile or a landline/home phone number.
Potential Risks
The exposure of a phone number can leave you open to being targeted by spam or scam phone calls.
These can appear to be from legitimate phone numbers with local area codes.
They often claim to be an authority or organisation, such as the police, a telecommunication company or a government entity.
The scam-caller may frame the call with a sense of urgency, either in order to avoid a penalty (such as a payment or fine) or to receive a reward (such as a discount).
Scammers may send fraudulent SMS messages to the phone number. These may impersonate a legitimate organisation and include a link to a malicious download or scam website.
For more information on SMS scams please visit IDCARE's fact sheet --> https://www.idcare.org/fact-sheets/sms-scams.
Recommendations
Keep being super vigilant about scams, particularly telephone and SMS scams. Having a little bit of information exposed (such as your full name, address, date of birth, or phone number) can make the job of scammers much easier when convincing people about their deception.
Do not feel pressured to respond to a call or text message. If you think a call may be legitimate, hang up and call the organisation back using details that you know are correct. Do not accept that it is the real organisation because the Caller ID shows their correct number or name – these can be “spoofed” or masked to appear to be real.
Do not download apps or software (such as AnyDesk or TeamViewer), follow technology instructions, or allow remote access to your device to someone who has called you.
Do not click on links in text messages. Instead, contact the organisation using details you know are correct.
If you think a call may be legitimate, hang up and contact the organisation yourself using contact details you know are correct. Don’t automatically accept it’s the real organisation calling you because the caller ID shows their correct number or name: they can be manipulated to seem genuine.
Information
The Email Address will be the one associated with your FIIG account.
Potential Risks
You may see an increase in email phishing attempts, particularly from scammers claiming to be from FIIG. These emails may include malicious attachments, links to fake websites or may download malware onto your device. They may encourage you to update or verify your details or to access a reimbursement via a link.
There is also the risk that your email address may be “spoofed” so that it appears to the recipients that the email came from you.
Additionally, there is the potential for extortion attempts, whereby a criminal claims to have access to your information and threatens to release it unless you provide payment. It is important not to comply with such requests, no matter how convincing they may appear.
You can report extortion attempts to the police and or ReportCyber.
Recommendations
Continue being super vigilant about scams and phishing emails. Having a little bit of information exposed (such as your full name, date of birth, email address or phone number) can make the job of scammers much easier when convincing people about their deception.
Beware of phishing emails, including those asking to update billing details, pay invoices or apply for reimbursements.
Never click on links in unsolicited or unexpected emails, no matter how legitimate they appear.
Do not be pressured to respond to emails. Instead, contact the organisation directly using contact details you know to be correct.
Use an up-to-date antivirus application that includes email protection and scanning.
Information
The physical address will be the one associated with your FIIG account.
Potential Risks
For most individuals, physical addresses are considered low risk identity attributes. However, in combination with other attributes (such as your full name, date of birth, email address and phone number) scammers engaging you via email, SMS or telephone may appear more legitimate.
Reports made to IDCARE of cyber criminals physically attending a person’s address are very low. Most scammers and cybercriminals are not in Australia.
Some people can have specific concerns about the exposure of their address details, such as survivors of family and domestic violence or as a result of other personal reasons.
Recommendation
You may wish to discuss your concerns around physical security. You may engage an IDCARE Case Manager with these concerns, please book a time via our Get Help for Individuals Form.
Information
The tax file number associated with your FIIG account.
Potential Risks
In conjunction with other information, your tax file number may be used to submit fraudulent tax returns in your name and/or register or re-register Australian Business Numbers in order to submit GST refunds. There is also a risk of an ATO link being created with a myGov account.
Recommendation
FIIG have informed the Australian Taxation Office (ATO) about the incident and provided them with the details of tax file numbers that may have been compromised through this event in order for the ATO to implement protective measures. This measure means you are now not required to contact the ATO in relation to this matter unless you wish to. ATO can be contacted via their Client Identity Support Centre on 1800 467 033 Monday to Friday 8:00am–6:00pmAEST.Please be advised in some cases the security measures implemented by the ATO in response to a compromised TFN may result in tax related services being unlinked within the MyGov portal. It may also mean you need to call the ATO prior to submitting your tax return to have restrictions temporarily lifted on your account.
Information
Please refer to your incident notification to determine whether this credential may have been exposed. If notified that your passport was exposed, this is likely to have occurred when these details were provided at the commencement of your FIIG account.
Potential Risks
A passport can be used by identity criminals, much the same as a driver licence. The photo on a passport is not necessary to enable a criminal to exploit these details. What is most commonly exploited on a passport is the personal details, the passport number, and expiry date. Rarely does IDCARE hear from community members who have exposed passports about the use of their passport at the border by someone impersonating them to travel. Border security makes travelling on a compromised passport very difficult.
However, passport information can be used to establish new accounts in a person’s name, and in some cases deceive either a person or an organisation into providing access to existing accounts.
Recommendations
Australian Passport
Options to consider for a breached passport that is still in your possession:
Note that there are costs associated with replacement or renewing your passport.
For more details and useful links about Australian passports, please call the Australian Passports Office on 131 232 or visit the Australian Passport Office.
IDCARE has additional information in our Learning Centre about managing Passport risks (see IDCARE's Fact Sheet on Australian Passports).
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
New Zealand Passport Recommendations
For New Zealand passports, DIA can place a flag on your passport which will alert DIA if an application is made to replace or renew your passport. DIA call centre staff have been unable to confirm with IDCARE if the impacted individual will also be notified of a renewal or replacement attempt.
According to the DIA, a flag on your passport will not prevent:
However, a flag may delay processing of your own application for a replacement or renewal passport.
To place a flag, contact DIA online or call 0800 22 50 50.
If you choose to replace your passport, you can apply for a new passport with DIA online. This will automatically cancel your current passport, but an application fee will apply.
You may also wish to consider New Zealand credit reports and New Zealand credit suppressions as additional protective measures to protect against credit misuse.
Passports issued in countries other than New Zealand
If you are not in your home country, please contact your embassy or consulate to make a report and discuss whether it is necessary to organise a replacement document. Please note, if you are in New Zealand on a student visa, any changes to your passport may have implications for your visa. Find your nearest embassy or consulate in Australia or New Zealand. If you are in your home country, contact the government organisation responsible for issuing the passport.
Please refer to your incident notification to determine whether this credential may have been exposed. If notified that your driver licence was exposed, this is likely to have occurred when these details were provided at the commencement of your FIIG account.
Potential Risks
A driver licence is the most common credential used by identity criminals. The photo on a driver licence is not necessary to enable a criminal to exploit these details. What is most commonly exploited on a driver licence is the personal details, card number, driver licence or Customer Reference Number, and expiry date that are commonly misused.
Driver licence information can be used to establish new accounts in a person’s name, and in some cases deceive either a person or an organisation into providing access to existing accounts.
Recommendations
QLD Driver Licence Number Change
Queensland driver licence numbers will only be changed if the holder can provide evidence that it has been misused, or is at a high risk of being used, for fraudulent transactions.
To apply for a new driver licence number, you will need:
Submit these in person to your nearest Transport and Main Roads Service Centre.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on Queensland Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
NSW Driver Licence Number Change
Transport for New South Wales will consider changing a driver licence number if there is evidence the current licence has been misused or is at risk of being misused.
If you do not wish to apply for a new driver licence number, or your application is unsuccessful, you may wish to instead replace your licence. A replacement licence will have the same driver licence number, but a new card number. Where organisations accept only licences where both the driver licence number and card number match the issuer’s records, replacing your driver licence will reduce the risk of misuse.
Please note that changes to your driver licence details may take time to be updated across all systems.
To apply for a new driver licence number, you will need to:
Please note that as the process for changing a NSW driver licence number has recently changed, some IDCARE clients are reporting being given incorrect advice from NSW licence issuers, such as a requirement for a magistrate’s certificate. If this happens, please refer the customer service officer to the following website https://roads-waterways.transport.nsw.gov.au/roads/licence/proof-of-identity/changing-your-licence-number-or-customer-number.html
For more details, useful links and contact information, please see IDCARE's Fact Sheet on NSW Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
Victorian Driver Licence Number Change
IDCARE has observed that replacing a Victorian driver licence number is extremely difficult and rarely occurs. VicRoads will consider a change of driver licence number if the current licence has been used in the attempt to commit fraud resulting in identity theft. VicRoads will not change your driver licence number if it has been exposed in a data breach but no fraud has occurred.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on Victorian Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
ACT Driver Licence
Unlike most Australian states, Australian Capital Territory driver licence numbers cannot be changed. When a licence is replaced, only the card number will change. Where organisations accept only licences where both the driver licence number and card number match the issuer's records, replacing your driver licence will reduce the risk of misuse.
Please note that changes to your driver licence details may take time to be updated across all systems.
You can replace your licence online through the replacement licence page or in person at an Access Canberra Service Centre.
You will need to pay a replacement fee of $42.60.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on ACT Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
NT Driver Licence
Unlike most Australian states, Northern Territory driver licence numbers cannot be changed. When a licence is replaced, only the card number will change. Where organisations accept only licences where both the driver licence number and card number match the issuer’s records, replacing your driver licence will reduce the risk of misuse.
Please note that changes to your driver licence details may take time to be updated across all systems.
Submit your request to the Motor Vehicle Registry (MVR) via phone 1300 654 628, email mvr@nt.gov.au, at your nearest MVR office or at your nearest Australia Post office or by mail at:
Motor Vehicle Registry
GPO Box 530
Darwin NT 0801
You may be required to provide evidence of your identity.
You will need to pay a replacement fee of $22. If submitting your request by mail or email, the MVR will notify you upon receipt of your request for payment and identity confirmation.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on NT Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
South Australia Driver Licence Number Change
Service SA will consider changing a South Australian driver licence number if the licence has been lost or stolen or involved in a data breach, or if the details of the licence have been misused.
If you do not wish to apply for a new driver licence number, or your application is unsuccessful, you may wish to instead replace your licence. A replacement licence will have the same driver licence number, but a new card number. Where organisations accept only licences where both the driver licence number and card number match the issuer’s records, replacing your driver licence will reduce the risk of misuse
Please note that changes to your driver licence details may take time to be updated across all systems.
To apply for a new licence number, you will need to:
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on SA Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
Tasmania Driver Licence Number Change
Service Tasmania considers changes to Tasmanian Driver Licences on a case-by-case basis. You must attend your nearest Service Tasmania Contact Centre to initiate the process
If you do not wish to apply for a new driver licence number, or your application is unsuccessful, you may wish to instead replace your licence. A replacement licence will have the same driver licence number, but a new card number. Where organisations accept only licences where both the driver licence number and card number match the issuer’s records, replacing your driver licence will reduce the risk of misuse.
Please note that changes to your driver licence details may take time to be updated across all systems.
To apply for a change of driver licence number, you will need to provide:
If your application is successful, you will need to complete a driver licence replacement form and pay the duplicate fee of $28.49 (standard fee) or $21.69 (pensioner fee).
You can also request a file notation to reduce the friction caused by responding to traffic-related misuse.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on Tasmanian Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
WA Driver Licence Number Change
Western Australia Department or Transport will consider changing your driver licence number if you have evidence that your licence details have been compromised in a known data breach/cyberattack or that you have been a victim of identity fraud.
If you do not wish to apply for a new driver licence number, or your application is unsuccessful, you may wish to instead replace your licence. A replacement licence will have the same driver licence number, but a new card number. Where organisations check and accept only licences where both the driver licence number and card number match the issuer’s records, replacing your driver licence will reduce the risk of misuse.
Please note that changes to your driver licence details may take time to be updated across all systems.
To apply for a new driver licence number, you need to:
Processes for changing your driver licence number or replacing your driver licence may be streamlined where there has been a reported data breach/cyberattack. Associated costs may be reimbursed or covered by the affected organisation. Please check online with the WA Department of Transport Department alerts for the latest information.
For more details, useful links, and contact information, please see IDCARE's Fact Sheet on WA Driver Licences.
You may also wish to consider credit reports and credit bans as additional protective measures to protect against credit misuse.
Information
Please refer to your incident notification to determine whether banking details may have been exposed. If notified that your bank detail were exposed, these are likely to be the account name, BSB and account number provided to FIIG.
Potential Risks
Although a BSB and Account number does not present a direct misuse risk, the BSB does identify who the financial institution is, which may make impersonation scam attempts appear more legitimate.
Recommendation
Talk to your bank(s) about the type of information exposed and explore with them what additional security measures they may have available to protect you.
Always remain scam vigilant and follow the points made above.
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations.
We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page.
If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Home Affairs Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers.
A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.