Privacy Awareness Week

ID theft

Test yourself — how aware are you about your risks of ID theft?

Our easy online test looks at 11 situations in which you might be subject to ID theft.

For each situation, you get a choice of statements. Decide which statement best describes you and select it.

At the end, you will receive a score and an assessment of your answers for each situation.

If you complete the whole test you will receive an overall assessment of how exposed you are to identity theft.

You can also find some more information in the “book” in each section, with some tips for you to use.


The 11 subjects

Here are 11 situations in which you can be exposed to ID theft. Test yourself against one or more of them. You can do them in any order you like. Just click on the subject you want to start with.

If you answer all the questions in the test, you will receive an overall assessment of how exposed you are to identity theft.

1. My wallet

Keep track of your wallet and identity documents.
  Yes Sometimes No Not relevant to me

I contact the card companies immediately if my wallet is lost or stolen.

I make sure I regularly remove ID cards and other documents I don't need from my wallet.

I know I am supposed to contact the card companies immediately if my wallet is lost or stolen.

I have the phone numbers for the card companies available in case I need to cancel my debit or credit card.


Read & Learn Book — My wallet

Your wallet holds a lot of information about you. This information can be misused. Do you need the information in your wallet on a daily basis, or do you only need it occasionally?


Identity documents such as your passport and driver’s licence are especially attractive for identity thieves. This is because an identity thief can either try to use these as identification, or as a source to find out more information about you.

  • Always make sure you know where your identity documents are stored. You might want to invest in a safe or place them in a locked cabinet. Documents you rarely use can be placed in a safety deposit box.
  • Regularly remove cards and other documents that you don't need from your wallet.
  • If an identity document is stolen or lost, notify the police and other appropriate authorities.
  • Keep contact numbers for your bank and other agencies where you can find them, in case you need to cancel a debit or credit card.

2. My mailbox

What kind of information can intruders find in your mailbox?
  Yes Sometimes No Not relevant to me

I have a lock on my mailbox or have my mail delivered to a post office.

When I am away, I stop my mail or get my neighbour to collect it for me.

I get my invoices delivered electronically to a secure online address.

If I change address, I organise for my mail to be automatically redirected.


Read & Learn Book — My mailbox

A lot of personal information is sent by mail including certificates, debit and credit cards, passports, forms and other documents. This isn’t usually something you can avoid. However, you can do a lot to reduce the risks that information sent by mail can be misused.


  • Put a lock on your mailbox.
  • Ask a neighbour to collect your mail if you are on holiday, or ask the post office to stop your mail while you are away. Then the mail won’t accumulate in your mailbox.
  • Use electronic invoices sent to a secure online address if you can. Then you get fewer invoices or other letters through the mail that identity thieves could use.
  • Think about what you’re expecting through the post. If you suspect something is missing or your mail has gone astray, contact the post office straight away.
  • Make sure you organise for your mail to be redirected when you move house and tell your contacts what your new address is. This will reduce the chance of your mail going astray.

3. My rubbish bin

A rubbish bin is a great place for identity thieves to pick up personal information!
  Yes Sometimes No Not relevant to me

I shred documents that contain personal information (like invoices and bank statements) before I throw them away.

I cut up my invalid or expired bank or identity cards before throwing them away.

I store important documents such as my passport, marriage certificate and birth certificate in a locked cabinet, safe or safety deposit box.

I tell the relevant authorities if I lose my passport or other identity documents.


Read & Learn Book — My rubbish bin

Believe it or not, thieves do go through rubbish bins. Documents that are of no interest to you can be a goldmine of information for a criminal. This is because those documents can include information that an identity thief can use to impersonate you. For instance, the document may tell the thief about your contacts – he or she can then get in touch with them and pretend to be you.

Businesses can be easily fooled if an identity thief can provide information only you should know about. The documents could also include details the identity thief needs to build a profile about you.


  • Tear up or shred all documents that contain information about you before you throw them away. You can get cheap shredding machines these days. For example, always destroy:
    • Credit or debit card bills.
    • Credit information.
    • Personal applications.
    • CDs, DVDs with personal information on.
    • Salary documents.
    • Expired registration documents.
    • Documents containing any identity number.
  • Cut up invalid or expired identity cards before throwing them away, to make sure they cannot be used afterwards.
  • Smash discs containing digital personal information.
  • Rent a safety deposit box or get a personal safe to store important documents like your birth certificate, diplomas, marriage certificate and insurance certificates.
  • Notify the relevant public authorities if you lose your passport or other identity documents, or if those documents are stolen.

4. My personal computer

Do you want strangers to get access to the information on your computer? If not, make sure your computer is secure.
  Yes Sometimes No Not relevant to me

I avoid leaving my laptop in my car or in public places.

My personal computer contains up-to-date software that protects me against intruders and online threats (for example, anti-virus software and a firewall).

I accept all updates for software on my computer.

I only download software updates when I am sure it is legitimate.

I make sure that all personal information is deleted from my personal computer before I sell, give away or throw away the computer.


Read & Learn Book — My personal computer

We use our computers to store lots of information about who we are and what we’re interested in, such as our personal documents, pictures, movies, music and appointments. Our computer also gets us onto the Internet, where we are particularly vulnerable to identity theft. So it is important to protect your computer against potential intruders, to prevent access to all that information about your life.


  • Never leave your laptop in the car or other places where it is visible and tempting for thieves.
  • Use a personal firewall. (This is usually a default with most protective software).
  • Use anti-virus software and keep it completely up to date.
  • Always use automatic checks for updates.
  • Always check if the security updates for your applications are installed.
  • Uninstall programs you no longer use.
  • Approve updates of programs you already have installed on your computer ( for example Word, Internet browsers or Flash), but first make sure that the updates really are from the approved software company. There are malware products that pretend to be updates of common programs — so beware.
  • Make sure all personal information is deleted from your computer before you sell it, throw it away or give it to someone. Just pressing the delete button isn’t enough, though. Remove and destroy the hard-drive or use an approved formatting application to ensure that no personal information can be retrieved.

5. Online shopping

Before shopping on the Internet, check what’s going to happen with the information that you leave behind.
  Yes Sometimes No Not relevant to me

I make sure there is a secure connection (https) by checking the address bar, before shopping on the Internet.

I only buy things from legitimate companies I trust or feel confident about.

I always log out of Internet banking sites, payment services, or other public web portals when I am finished.

I keep my username, password and other login credentials secret (for instance I do not provide them in emails).


Read & Learn Book — Online shopping

Online shopping can be very effective, but can also raise significant risks. If you are uncertain about a website, don’t use it. Check online to see if it is a legitimate business. Not all websites are what they appear to be, and you don’t want intruders to be able to monitor your transactions.


  • If you’re paying for something online, make sure that section of the website is encrypted (the address starts with “https”). You should also look for the padlock in the address bar.
  • Before shopping online at a site you haven’t used before:
    • Test links.
    • Call customer service to make sure the business actually exists.
    • Ask the customer service simple questions about the business.
  • Always make sure you get a receipt or confirmation of the purchase when shopping online. Any legitimate business will send you one.
  • Always remember to log out of Internet banking services and public portals when you are finished. This can prevent hackers from obtaining information about you.
  • Never provide passwords or login credentials on the phone or e-mail.
  • Never reply or click links in e-mails asking for personal information. It is probably criminals who are trying to get information about you.

6. My mobile phone

Mobile phones are so advanced these days – we often use them like computers, and many of them can do what larger computers can do.
  Yes Sometimes No Not relevant to me

I know information in my mobile phone can be misused (for example, private or work related emails, banking details, account numbers and pictures).

I use a password or a PIN and/or encryption to secure my mobile phone.

I block my mobile phone subscription immediately if my phone is lost or stolen.

I inspect my mobile phone bill to make sure it is correct.


Read & Learn Book — My mobile phone

Yes, you have to secure your mobile phone. The latest cell phones are actually tiny computers with increasing functionality. It will have all sorts of information about your work and private activities. So a mobile phone is a very valuable tool for an identity thief. Unless your phone is secure, anyone who has it can gain access to your contacts and to get information about who you are and what you do.


  • Don’t store sensitive information on your mobile phone. You should particularly avoid storing:
    • Internet banking information, bank balance and card number.
    • Private or job-related e-mails.
    • Passwords and PINs.
  • Increase the security on your phone by:
    • Using a PIN or a password.
    • Encrypting the phone if this is available.
  • Contact your phone company and block your account if your phone is lost or stolen.
  • Check your phone bills. Make sure even the smallest amounts are correct. Identity thieves often start with small amounts to check if you are paying attention. If you think that something is amiss, investigate it straight away.

7. Passwords and codes

Passwords and codes are just like keys to a house or a safe. You need to protect them in the same way.
  Yes Sometimes No Not relevant to me

I choose a password that is hard to guess.

If I have to write down a password, I keep it in a safe place (lockable cabinet or safe).

I protect my PIN or password from everyone, even support staff or banking employees.

I hide my keystrokes when typing my PIN into an ATM machine.

I hide my keystrokes when typing my PIN into an EFTPOS machine.

I keep track of where I use my credit or debit card, especially when overseas.


Read & Learn Book — Passwords and codes

Think of your security codes, PINs and passwords in the same way as physical keys. You keep your physical keys secure, so do the same with your passwords and codes. This includes login credentials and passwords for your computer.

If someone gets your passwords, they can easily pretend to be you. They can also change or create business accounts and social networking accounts in your name. If an identity thief gets access to your social networking account, they will also get access to your contacts.


  • Use a password that is easy for you to remember, but also hard to guess. For instance don’t use the name of your pet or family members.
  • Have different passwords for each service or account, for instance e-mail, Internet banking or social networks.
  • If you do have to write down your passwords or PINs, store them in a safe location separate from the thing that they are securing, and code them so only you know what they refer to. If you can memorise them, do – and shred, tear up or burn any note of the password or code.
  • Never provide your PIN or password to someone that pretends to be helping out, like bank employees, customer service or others – either in person, on the phone or online.
  • Make sure no one looks over your shoulder when you’re entering your PIN in an ATM or EFTPOS machine.
  • Shield your hand as you type the number in so that any hidden camera cannot see your PIN.
  • Think of how you use payment cards, especially when overseas. Assess how safe it is to use it. If in doubt, use cash where you can.

8. Driver’s licence

Keep your driver’s licence in a safe place. Identity thieves can get you in a lot of trouble if they misuse it. They can pretend to be you.
  Yes Sometimes No Not relevant to me

I only provide my driver’s licence number if it is absolutely necessary and never share it with my friends.

I prefer my licence to be sighted rather than giving out the number and, if my details must be recorded, I prefer to give the number rather than a full copy. If the copy is necessary, I ask how they will safely store my details.

I know who to notify if my licence is lost or stolen and that the sooner I do that, the better.


Read & Learn Book — Driver's licence

A driver’s licence number is a unique identifier that governments issue when you pass a driver’s test. People use their driver’s licence in many situations, for example, to enter licensed venues, clubs or pubs.

An identity thief may not be able to get a passport in your name with just a driver’s licence, but it may add credibility when combined with a fake birth certificate. An identity thief can also pretend to be you, and can take out loans or get other benefits in your name using your driver’s licence number. This person could cause a lot of trouble for you with authorities through the unauthorised use of your licence, for example by hiring a car and damaging a vehicle in a traffic accident or committing other traffic offences.


  • Be very careful about sharing your driver’s licence number and never give your licence to someone else.
  • Act quickly if you have lost your licence by reporting it to the authorities. If it is stolen, early cancellation lessens the chances of you becoming a victim of identity crime.
  • Try not to send someone your driver’s licence number by fax. If you do have to send it, call the person you are sending it to first to make sure they are expecting it. Never email your driver’s licence number.
  • Take action if you find your driver’s licence number on documents where it seems to be unnecessary or where you have not provided it. Contact those who sent you the document and ask why they have it and why they need it, or who provided it if you did not.
  • Choose to deal with businesses who don't use a driver’s licence number as part of their requirements.
  • If you are asked for your driver’s licence so it can be scanned before you enter a venue, always ask if they really need to scan it. If it is necessary to provide your driver’s licence number, ask if they can simply sight it instead of scanning it. If they refuse, ask them how they will keep your information safe and secure.
  • Destroy or shred your old licence.

9. Debit and credit cards

Have a good routine to secure and use your debit and credit cards.
  Yes Sometimes No Not relevant to me

I only provide credit card details over the phone if I have initiated the call.

I check the account printouts from my credit and debit card company.

I keep a list of all my credit card numbers in a safe place and sign new cards as soon as I receive them.

I keep an eye on the expiration date(s) on my credit or debit card(s), so I know when to expect a new one in the mail.

I cut up my invalid or expired credit or debit cards before throwing them away.

I keep my card in my sight at a bar or restaurant, instead of letting staff take it away.


Read & Learn Book — Debit and credit cards

We use debit and credit cards all the time, but we need to be careful about who has that card information. Never provide credit card details via phone or internet without being absolutely sure about who you are communicating with. Identity thieves are especially interested in your card number, expiration date and the CVC (also known as security code, the last 3 digits on the back of your credit card) code on the back of the card. Know where and to whom you are providing your card information. Never let your credit or debit cards out of your sight.


  • Only provide card information if you are the one who initiated the contact. Thieves may contact you pretending to be a company you know.
  • Always check your account details and bills. Take immediate action if even small or insignificant amounts are incorrect. It may be the beginning of an attempt at identity theft. Notify your card company if something seems out of order, even if you only are unsure.
  • Create a list of card numbers, expiration dates and contact details for the card company, then store this list in a secure place. This may be useful if a card is lost or stolen and you need to get it blocked.
  • Keep an eye on the expiration date on your card. If you don't receive a replacement card within a reasonable time before the expiration date, contact the card company straight away. An identity thief may have stolen the replacement card from your mailbox. If you suspect the card has been stolen, block the account immediately.
  • Always immediately block accounts that have been exposed to unauthorised withdrawals. Ask for written confirmation that the account has been closed.
  • Cut up or shred cards before throwing them away.
  • Your cards may also have identification details on the back that can be used as an ID if the card goes astray, so always know where your cards are and keep them safe.
  • Don’t let the card out of your sight in the bar or a restaurant. Watch what the staff member does with it – beware of double-swiping that may indicate your card could be cloned.

10. Sharing personal information

Be careful about who you share personal information with. Do you really know who you’re talking to?
  Yes Sometimes No Not relevant to me

I am careful about sharing personal information over the phone or on the Internet unless I know who I am talking to.

I am sceptical when I get an offer that seems too good to be true, and never let myself be persuaded to provide personal information.

I am aware of the information that is posted about me on the Internet and through my profiles on social networking sites.

I apply safety settings on forums and social networking sites to reduce the sharing of personal information.


Read & Learn Book — Sharing personal information

The phone is a very useful tool for identity thieves. If you’re not careful, it can be quite easy for them to collect information from you or your contacts and then use that information against you. Legitimate businesses do not call customers and ask them for secret information over the phone.

We put a lot of information about ourselves online, particularly on social networking sites. Hackers or identity thieves may be able to break into user accounts. Phishing emails can be used to fool you into giving up login credentials or passwords that allow access to your accounts and information. Viruses and malware can also collect and distribute information from your computer.


  • Never provide password or other login credentials for user accounts over the phone, e-mail or by other personal contact.
  • If something looks too good to be true, it is. Never let the temptation of receiving a prize or reward cloud your judgment – don’t be persuaded to provide information that could be harmful to you if it is in the wrong hands.
  • Don’t put information on social networking sites that you aren’t willing to give to future employers, your family, your partner or your school administration. If you publish pictures of someone else on the internet, you must ask that person if it is ok to do this.
  • Get familiar with the security settings on your social networking site (eg. Facebook or Twitter) and use them to control who you want to get your information.
  • Change passwords often and use different passwords for each site or business that you deal with.
  • Never respond to requests for personal information in emails, or click on links that ask you for personal information. The request may well be from a criminal who is trying to get information from you.

11. Credit checks and credit worthiness

Always pay attention if you find out that someone has been checking your credit-worthiness. If possible, check your credit information at least once a year.
  Yes Sometimes No Not relevant to me

I investigate who and why someone has reviewed my credit-worthiness.

I realise when I am giving permission for credit checks to be done on me.

If I find out that a business has a customer account or subscription in my name that I didn’t ask for, I immediately write asking the business to remove the information from its records.


Read & Learn Book — Credit check and credit worthiness

Credit checks and evaluations are increasingly used in our society. A business will need a credit check on you, for example, if you are applying for a loan or credit arrangement.

Checking your credit record regularly is an important method of detecting identity theft. If you find out that there has been a credit check on you, and you did not know about this, then immediately make enquiries to find out who did the credit check and why.


  • If you find out that someone has done an unexpected credit check on you, ask the credit reporting company to show you the record. Who asked for the check and why? What information have they gained? Contact the organisation that asked for the check as well as the credit reporting company. Make sure your information is protected.
  • If you suspect that you might be the victim of identity theft, immediately contact the credit reporting company and notify them. Ask them to put an alert on the system. Contact the police if necessary.
  • If you find out that someone has done a credit check and then has set up a new account that you don’t recognise, contact the company that has the account (verbally and in writing) and ask it to terminate the account immediately. Explain that it is not your account. This is important if a dispute arises.
  • Check your credit record at least once a year, and ask the credit reporting company to correct any wrong information that is on your record.

Your score

Rubbish bin
Personal computer
Online shopping
Mobile phone
Passwords and codes
Driver's licence
Debit and credit card
Personal information
Credit check