Skip to main content

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

This might involve using false or stolen identities, attributes or credentials for personal gain.

Examples:

  • A criminal poses as a vendor to hijack payments intended for the vendor.
  • A scammer uses stolen identities to receive fraudulent payments.

Case studies

Strike Force Sainsbery investigators with assistance from the Service NSW Fraud Response Unit have laid charges against 87 people for allegedly making fraudulent grant applications against NSW Government financial relief schemes related to the COVID-19 pandemic and natural disasters.

Countermeasures

Counter the Impersonator using measures that support identity security and authentication:

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Confirm the identity or attribute of the individual. Evidence of identity should be collected and verified using policies, rules, processes and systems to make sure only known, authorised identities can gain access to information stored in networks and systems. This control is supported by the National Identity Proofing Guidelines and the Trusted Digital Identity Framework.

Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.

Verify any requests or claim information you receive with an independent and credible source.

Match data with the authoritative source and verify relevant details or supporting evidence. Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.

Create lists to quickly compare information to automate or require further actions.

Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.

Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.

Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may identify fraud or corruption as a cause for complaints, such as a failure to receive an expected payment.

Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.

Was this page helpful?