A spike in reports of stolen shares due to identity theft has triggered a warning from the Australian Securities and Investments Commission (ASIC).
In a statement, ASIC said an increased number of fraudsters were impersonating individuals and stealing their shares, with many victims unaware their shares had been transferred or sold until they received a confirmation letter in the mail from a share registry or the Clearing House Electronic Subregister System (CHESS).
“Australians previously affected by data breaches should be particularly alert to the increased likelihood of identity theft, given the availability of their personal information online,” ASIC said.
It said fraudulent activity using stolen identities was increasingly sophisticated, so it was important to be vigilant and follow through with checks when you received notifications that were unexpected or did not look right.
ASIC has released some tips to help protect assets:
- Review your share portfolios regularly, regardless of whether they are issuer-sponsored holdings registered with share registries or held in share trading accounts with stockbrokers, so you’re quicker to detect unauthorised activity. It is also prudent to regularly review your other investment accounts such as super and managed funds.
- Use passphrases rather than simple passwords for online accounts.
- Turn on multi-factor authentication, if it’s available, as this can add an extra layer of security to prove your identity.
- Lock your letterbox to prevent mail theft and check it frequently.
- Ensure you have provided your most up to date contact details to your stockbroker, share registries and financial services providers.
- If you receive a new bank card or correspondence that is unexpected, like an update on how your shares are held, the creation of a new account, a notification of sale of your shares or confirmation of a change in contact details, don’t ignore the correspondence.
- If something is unexpected or feels wrong, act quickly. Call your stockbroker, the share registry or bank if there is activity you didn’t authorise and change your passwords.
- Contact the party that sent you the correspondence using the contact details from the organisation’s official website (not the email or letter which may be fraudulent).
- Report any incidents to Scamwatch.
- Contact IDCARE, a free government-funded service, which can help to develop a specific response plan if your identity has been compromised.
- If you’re a victim of fraud, you may also request that credit reporting bodies place a ban period on your consumer credit report, so it can’t be used as part of a credit check.
Visit the Moneysmart website for a range of tips to protect yourself from identity fraud.