4.2 Aussie Version Part 2 - Volunteer Identity Hack

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

1 hour 31 minutes
Video Transcription
the first thing the hacker thief will do is log onto the International Student Association website. I've just picked a random one here, but there are plenty of them out there.
This is the Australian version here,
and what they can do is they can sign up for a student I D card.
You can go for a virtual card or we can go for a physical car,
and you simply put in that person's details. Supply your own photograph
copy of proof of identity so this could be an I. D form. It can be a confirmation of study or something similar like that, so you don't need to provide a lot of information to get yourself on idea here.
Now. The cool thing about this is, once you've paid for it, they will then ship out a credit card sized photographic I d with the volunteers details, but your photograph on it.
What can we do from there with the next stage is to go into the Vic Roads website or two. Whatever state that you're in and asked for a replacement license, all I need to do is click on replace your license and or learners payment online,
so the evidence of identity is very, very basic. So as long as there is an up to date image off the person,
then a ll the hacker needs to do is ensure that the details that they supply are correct and accurate. So you click on the link
and you agree.
You then put in the basic information.
Now you'll see here it asks for the license number. If no.
Normally, if you're replacing a driver's license, it's because it's been lost or stolen. So you won't know that, which is why it's not mandatory.
The mandatory information that is required is the person's name, their address and their data birth, as well as a contact number for contact purposes only,
and the type of license that you are requesting.
So you can see here it is really, really easy to ask for a replacement driver's license.
You simply pay the $24 they'll send out a license in the next 10 working days. So now that a replacement license is being sent out, how can I gain access to that license?
Well, I go over to Australia post, and I ask for a male redirection I can do that in person or via the website, and the proof that they need in store is a photographic i d such a zone Australia's driver's license or passport.
Now, it says here on brackets of student cards and credit cards are not accepted. However, alternatively, they can provide one of each of the following
a document with your name and Australian residential address, such as a bank statement, rates notice or residential lease. And this is fairly easy to doctor and produce, and then a document that shows your signature, such as a student card or stat dec, for
We've already got the student card,
and we can fudge very quickly, very easily. A bank statement.
Now I've got enough information to be able to redirect the person's mail. So why would I do the Maori direction? I don't want the information going to the person's house. What I'll do is I'll send the information to a dead. So it did zone is a house that nobody lives in.
What the identity thief would do
is they will check them out every single day, generally at night time, when it's difficult to see anyone and if they're smart. What they'll do is they walk deliver the person's mail to their physical address once they've taken out the bits and pieces that they need, what they'll check for our things, like a bank statement,
a credit card statement, a utility bill, a physical credit card. If they're lucky enough to get that
or the driver's license, which they've requested now, why would they do that? The reason why they do that is now they can open up bank accounts in that person's name. So in Australia, you need 100 points of identification to open up a bank account. These can be from primary documents or secondary documents.
So our primary document are things like your birth certificate, citizen certificate,
current passport, secondary documents are things that have a photograph and a name on it. And here we've got things like a driver's license.
Tertiary documents are things like utility bills and statements. So by going to the post office and doing the male redirect, I have a very high chance of being up to pick up not only the replacement driver's license but enough secondary and tertiary identification
like utility bill or a bank statement, et cetera.
to be able to open up, bank out if I know what bank the target is with because I've picked up one of their statements,
I won't open up a new bank account in that person's bank. I'll go to some other banks, generally smaller credit unions or smaller banks, and I'll open up a bank account in their night.
From there, I can go in and provide a regular savings plan, so I might put in $100 a week every single week for the next six months. This now shows a savings history. From there, I go into the bank and I apply for a small line.
Now this loan needs to be no more than $5000.
The bank will then go through into a very basic check on the person to make sure that they're a known entity, that they have a bank account with us, that they have a savings plan or they've got money coming in and that they're not a credit risk
now because it's $5000 it's a small risk to the bank. Generally speaking, the loan will be approved the next day, and from there all I need to do is go in into that bank withdrawal of the funds. If I've done it with a bank's, I've now pocketed $40,000 it was quicker and easier for the thief to
that person's identity and withdraw those fans. Then it will be for the victim to prove that their identity you've been stolen in the first place.
In Australia, we have superannuation schemes, and some of those schemes are what we call industry super scapes.
If I'm profiling a person and I know that there are a nurse, thou be working in the health industry and there is a specific industry Superfund called Hester that is designed for the health industry
again, What I can do here is I can gain access to the person's superannuation funds. I can call up this particular superannuation fund
and pretend to be the victim and asked to open up an online account to be up to view my funds.
They were asked for some form of verification
now because I was able to get the replacement driver's license. It was very easy to provide that information for the industry super fun to imagine what a hacker could do or a thief could do with that information. Now they can withdraw
the victim's entire superannuation fund, and this could be anywhere from $50,000
1/2 $1,000,000 depending on the age of the person.
Again, If I have a driver's license,
I can go to a rental car, place
and rent a BMW and never return it.
These are just some of the things that people can do if they want to steal your identity.
So let's go through the assessment question. What information do you need to do? Identity theft,
person's name,
address, date of birth or place of work
for the correct answer. Is
your name, your address? Any date of birth, that's all. Unite.
So in today's lecture, we discussed how a hacker can use your information to not only do identity theft, but to also cause real harm
in this particular case for my wife accounts and devices,
the hacker or the thief can also gain enough documentation to open up a bank account and take out personal loans, withdraw superannuation funds, steal cars, et cetera, all in that person's name. I hope you found this section really useful and interesting because for May
I love talking about this because
I want to be able to educate everybody on how to stay safe online.
Up Next