Identity Theft - Don't Become A Victim!

30th November 2018

This blog on SecurityDigital is provided by LifeLot – Your Online Digital Safe.

Securely store and share your information with your important people when it’s needed.

Find out more about LifeLot

person hiding behind tree and holding leaves in front of face

This is our final installment in the 'Digital Security' series. We have seen how important it is to protect ourselves online but it's not only when using a device that we need to be careful as there are many offline methods that can be used to steal your identity also. Have a read of the other articles in this series to make sure you know everything you need to, to stay safe both offline and online!

What is Identity theft?

Identity theft is using the identity information of another person to pretend to be them. This can have serious impacts on people’s lives, if they are no longer able to prove who they are.

When we talk about identity theft, identity means the facts about you that the government and businesses use to establish who you are.

These are often your:

  • full name
  • date of birth
  • place of birth
  • current address

In some cases, a number that is attached to your account, such as an IRD number.

Your identity information

Your IRD number, for example, is probably not all that important to you until you need it. You might also not think about telling someone your full name and date of birth (on a social networking site, for example). However, for someone with malicious intentions, your name and date of birth are powerful pieces of information that can unlock a lot about you. You can try searching your name on the Internet and see how much information comes up, you may be surprised.

Your identity information is valuable and important. It enables you to do many things, such as work, receive government benefits and prove that your assets belong to you. It is the first thing that will be asked for when you call a company or government agency. By staying aware of your own identity information and protecting it, you can lower your chances of becoming a victim of identity theft.

Identity crime

Identity crime (which includes creating false identities) may cost the New Zealand economy as much as $209 million every year. As many as 133,000 New Zealanders may be victims of identity theft annually. Identity theft is a crime that is difficult to prosecute people for (it may have been committed overseas or online) and it can also take a long time to resolve.

Identity crime is a global problem and New Zealanders tend to be trusting people, which could make this country appear to be a soft target. This is why vigilance and awareness are vital. While the methods of identity theft change frequently as the criminals adapt, there are a number of simple things you can do to protect yourself.

If you think you are a victim of identity theft, there is checklist available to assist you.

What does the Department of Internal Affairs do?

The Department of Internal Affairs registers births, deaths and marriages, as well as issuing passports and granting citizenship. It is the source of authoritative identity information for New Zealand citizens. The Department is also part of a group of government agencies that are working to tackle the problem of identity crime in New Zealand.

How does identity theft happen?

Identity theft is stealing details about a person to pretend to be that person. This could be committed to gain financial benefits the person is entitled to, to avoid arrest or court orders by appearing to be a different person or even to maliciously impersonate the person, perhaps to make it appear that they believe or think something controversial.

The methods criminals use to steal personal information change frequently, particularly those that exploit technology. There are some methods that have been used in many cases and they can be divided into three categories.

Information given away

This method is the simplest, when people give their personal information away. Frequently this occurs on social networking sites, so it is important to ensure that you have privacy controls in place and don’t accept friend requests from people you don’t know.

Offline Methods

Dumpster diving

Going through people’s rubbish to find items showing personal information, such as credit card and bank statements, bills and envelopes showing a full name (and sometimes a logo of a company where an account is held).

Shoulder surfing

Looking over a person’s shoulder as they enter their PIN at an ATM, eftpos terminal or when using Internet banking in a public place.

Wallet or document theft

Stealing or acquiring a document and using the information it includes. If this is a wallet, this is likely to be a large amount of information about a person, even if the cards are cancelled.

Bogus phone calls

Calling a person and convincing them to provide information or to take some action. Callers may pretend to be from a legitimate company or government agency.


Capturing the information encoded into the magnetic strips on the back of credit and eftpos cards. This data can then be put onto a blank card and used to access the account.


Contacting a business and impersonating a legitimate customer

to request their account information.

Business record theft

Stealing data from a business (which could be computerised or paper records). This is often done in larger numbers than pretexting, but both can involve staff members.

Online Methods


Any software used to cause harm to a computer system or to subvert it for another use. Malware includes viruses, worms, trojan horses, backdoors, keystroke loggers, screen scrapers, rootkits and spyware.


Unsolicited electronic messages, which can be used to deliver malware or by criminals who are phishing. The Department of Internal Affairs’ Anti-Spam Unit provides help and information about spam, as well as enforcing the Unsolicited Electronic Messages Act 2007.


Luring people into providing information using emails and mirror-websites that look like they come from a legitimate business.


This is the same as phishing, but is directed at cellphones. As smartphones become more advanced, so does smishing.

Spear phishing

Luring people via websites and email that appear legitimate, when the criminal already knows something about the person’s habits (this could be by hacking into a business’s system or from information freely provided on the Internet).


Exploiting vulnerabilities in an electronic system or in computer software to steal personal data.

The Ministry of Consumer Affairs runs Scamwatch, which provides more information about scams (some of which are created to gain identity information).

Identity theft is more likely to occur if you make it easy for someone to take and use your identity information.

There are a number of things you can do to protect your identity information:
  • Be careful with your identity information, how much you give out and who you share it with. LifeLot members - ensure your delegate is up to date and knows what they should do if they need to access your information. What is a delegate?
  • If someone asks for your identity information, ask why the organisation or individual needs it, and what they intend to do with it.
  • Keep key documents that are used to establish your identity (e.g. birth certificate and passport) in a safe and secure place. LifeLot members - make sure you keep a copy of these documents safely stored in your LifeLot account!
  • Make sure you properly dispose (shred or burn) of bank statements, electricity bills and any piece of correspondence with your name and address on it. These documents should never be put in public rubbish bins or recycling bins. Consider getting your statements provided online – it’s good for you and the environment too.
  • Be cautious, identity crime does not always result from information that is stolen; people often give it away by publishing it in public places (e.g. date of birth posted on a social networking website).
  • If you use Internet banking, do not log on from a shared or public computer, such as an Internet café, to make any sensitive transactions.
  • Remove all personal information from computers before you dispose of them.
  • Be suspicious of any unexpected events (e.g. letters from creditors, bank transactions you can’t remember making) that could be the result of identity crime.
  • Request an access register report from Births, Deaths and Marriages at the Department of Internal Affairs. This is a free service that allows people to find out who has applied to access their records (e.g. whether or not a certificate/printout was issued) since 25 January 2009.
  • Request a credit report from Dun & Bradstreet or Veda.  Note that from 1 April 2012 a "positive" credit reporting system will operate in New Zealand. Further changes to the credit report system can be found on the Privacy Commissioner website.


Related: How To Protect Your Personal Computer | Digital Security - Protect Yourself Online | My Digital - What's My Password?


Read previous informative and interesting Blog Posts from LifeLot

I've got your back!Why It’s Important To Organise And Share All This Stuff With Someone

Life is full of twists and turns. Planning and gathering together all these jigsaw pieces now will relieve a lot of stress later. Whether you’re recovering from surgery, involved in an accident, or embarking on the one adventure every human must eventually take into the great beyond. This info will come in handy for you in every day life, your family and loved ones. By organising and sharing the location of all these things you’re helping yourself to become more efficient,  engaged in your life and your family can easily take over if needed.


It's simple to set up, free to try, and it can make a world of difference for your family if something happens to you.