The Impersonator
The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.
This might involve using false or stolen identities, attributes or credentials for personal gain.
Examples:
- A criminal poses as a vendor to hijack payments intended for the vendor.
- A scammer uses stolen identities to receive fraudulent payments.
Case studies
A Victorian woman has been sentenced to three years and six months’ imprisonment, with a non-parole period of 20 months, for defrauding the Australian Taxation Office (ATO) of $452,000 and attempting to swindle a further $245,000 across a 15-month period.
A Queensland man has plead guilty to 5 offences of defrauding the Commonwealth of $94,777.82 by fraudulently claiming disaster recovery payments.
Countermeasures
Counter the Impersonator using measures that support identity security and authentication:
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Make sure requests or claims use a specific form, process or system for consistency.
Limit access to systems, data, information, physical documents, offices and assets.
Confirm the identity or attribute of the individual.
Evidence of identity should be collected and verified using policies, rules, processes and systems to make sure only known, authorised identities can gain access to information stored in networks and systems.
Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Verify any requests or claim information you receive with an independent and credible source.
Match data with the authoritative source and verify relevant details or supporting evidence.
Services such as the Identity Matching Service can be used to verify identity credentials back to the authoritative source when the information is an Australian or state and territory government issued identity credential.
This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Create lists to quickly compare information to automate or require further actions.
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may identify fraud or corruption as a cause for complaints, such as a failure to receive an expected payment.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.