Time
1 hour 31 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
the first thing the hacker thief will do is log onto the International Student Association website. I've just picked a random one here, but there are plenty of them out there.
00:10
This is the Australian version here,
00:12
and what they can do is they can sign up for a student I D card.
00:17
You can go for a virtual card or we can go for a physical car,
00:21
and you simply put in that person's details. Supply your own photograph
00:26
copy of proof of identity so this could be an I. D form. It can be a confirmation of study or something similar like that, so you don't need to provide a lot of information to get yourself on idea here.
00:40
Now. The cool thing about this is, once you've paid for it, they will then ship out a credit card sized photographic I d with the volunteers details, but your photograph on it.
00:51
What can we do from there with the next stage is to go into the Vic Roads website or two. Whatever state that you're in and asked for a replacement license, all I need to do is click on replace your license and or learners payment online,
01:04
so the evidence of identity is very, very basic. So as long as there is an up to date image off the person,
01:11
then a ll the hacker needs to do is ensure that the details that they supply are correct and accurate. So you click on the link
01:21
and you agree.
01:23
You then put in the basic information.
01:26
Now you'll see here it asks for the license number. If no.
01:30
Normally, if you're replacing a driver's license, it's because it's been lost or stolen. So you won't know that, which is why it's not mandatory.
01:40
The mandatory information that is required is the person's name, their address and their data birth, as well as a contact number for contact purposes only,
01:51
and the type of license that you are requesting.
01:55
So you can see here it is really, really easy to ask for a replacement driver's license.
02:01
You simply pay the $24 they'll send out a license in the next 10 working days. So now that a replacement license is being sent out, how can I gain access to that license?
02:15
Well, I go over to Australia post, and I ask for a male redirection I can do that in person or via the website, and the proof that they need in store is a photographic i d such a zone Australia's driver's license or passport.
02:31
Now, it says here on brackets of student cards and credit cards are not accepted. However, alternatively, they can provide one of each of the following
02:39
a document with your name and Australian residential address, such as a bank statement, rates notice or residential lease. And this is fairly easy to doctor and produce, and then a document that shows your signature, such as a student card or stat dec, for
02:59
We've already got the student card,
03:00
and we can fudge very quickly, very easily. A bank statement.
03:06
Now I've got enough information to be able to redirect the person's mail. So why would I do the Maori direction? I don't want the information going to the person's house. What I'll do is I'll send the information to a dead. So it did zone is a house that nobody lives in.
03:23
What the identity thief would do
03:27
is they will check them out every single day, generally at night time, when it's difficult to see anyone and if they're smart. What they'll do is they walk deliver the person's mail to their physical address once they've taken out the bits and pieces that they need, what they'll check for our things, like a bank statement,
03:46
a credit card statement, a utility bill, a physical credit card. If they're lucky enough to get that
03:53
or the driver's license, which they've requested now, why would they do that? The reason why they do that is now they can open up bank accounts in that person's name. So in Australia, you need 100 points of identification to open up a bank account. These can be from primary documents or secondary documents.
04:10
So our primary document are things like your birth certificate, citizen certificate,
04:15
current passport, secondary documents are things that have a photograph and a name on it. And here we've got things like a driver's license.
04:24
Tertiary documents are things like utility bills and statements. So by going to the post office and doing the male redirect, I have a very high chance of being up to pick up not only the replacement driver's license but enough secondary and tertiary identification
04:41
like utility bill or a bank statement, et cetera.
04:45
to be able to open up, bank out if I know what bank the target is with because I've picked up one of their statements,
04:51
I won't open up a new bank account in that person's bank. I'll go to some other banks, generally smaller credit unions or smaller banks, and I'll open up a bank account in their night.
05:03
From there, I can go in and provide a regular savings plan, so I might put in $100 a week every single week for the next six months. This now shows a savings history. From there, I go into the bank and I apply for a small line.
05:21
Now this loan needs to be no more than $5000.
05:26
The bank will then go through into a very basic check on the person to make sure that they're a known entity, that they have a bank account with us, that they have a savings plan or they've got money coming in and that they're not a credit risk
05:41
now because it's $5000 it's a small risk to the bank. Generally speaking, the loan will be approved the next day, and from there all I need to do is go in into that bank withdrawal of the funds. If I've done it with a bank's, I've now pocketed $40,000 it was quicker and easier for the thief to
06:00
steel
06:00
that person's identity and withdraw those fans. Then it will be for the victim to prove that their identity you've been stolen in the first place.
06:10
In Australia, we have superannuation schemes, and some of those schemes are what we call industry super scapes.
06:18
If I'm profiling a person and I know that there are a nurse, thou be working in the health industry and there is a specific industry Superfund called Hester that is designed for the health industry
06:32
again, What I can do here is I can gain access to the person's superannuation funds. I can call up this particular superannuation fund
06:46
and pretend to be the victim and asked to open up an online account to be up to view my funds.
06:51
They were asked for some form of verification
06:55
now because I was able to get the replacement driver's license. It was very easy to provide that information for the industry super fun to imagine what a hacker could do or a thief could do with that information. Now they can withdraw
07:11
the victim's entire superannuation fund, and this could be anywhere from $50,000
07:16
1/2 $1,000,000 depending on the age of the person.
07:20
Again, If I have a driver's license,
07:24
I can go to a rental car, place
07:27
and rent a BMW and never return it.
07:33
These are just some of the things that people can do if they want to steal your identity.
07:43
So let's go through the assessment question. What information do you need to do? Identity theft,
07:49
person's name,
07:50
address, date of birth or place of work
07:55
for the correct answer. Is
07:58
your name, your address? Any date of birth, that's all. Unite.
08:03
So in today's lecture, we discussed how a hacker can use your information to not only do identity theft, but to also cause real harm
08:11
in this particular case for my wife accounts and devices,
08:16
the hacker or the thief can also gain enough documentation to open up a bank account and take out personal loans, withdraw superannuation funds, steal cars, et cetera, all in that person's name. I hope you found this section really useful and interesting because for May
08:35
I love talking about this because
08:37
I want to be able to educate everybody on how to stay safe online.

Up Next

How to Do a Live Identity Hack

This course has been specifically designed to successfully deliver a live identity hack presentation to an Australian, American or British audience.

Instructed By

Instructor Profile Image
Tom Mason
Senior Partner Development Manager at AWS
Instructor