The Impersonator
The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.
This might involve using false or stolen identities, attributes or credentials for personal gain.
Examples:
- A criminal poses as a vendor to hijack payments intended for the vendor.
- A scammer uses stolen identities to receive fraudulent payments.
Case studies
A 65-year-old Perth man allegedly failed to declare income from a $7 million royalty payment that was paid to a company under his control.
A 62-year old man has been charged over phoenix activity that resulted in losses to the Australian Government of over $800,000.
Countermeasures
Counter the Impersonator using measures that support identity security and authentication:
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Make sure requests or claims use a specific form, process or system for consistency.
Limit access to systems, data, information, physical documents, offices and assets.
Make sure to confirm the identity (an attribute or set of attributes that uniquely describe a subject within a given context) of the person making the request or claim using evidence.
Authenticate client or third party identities during each interaction to confirm the person owns the record they are trying to access.
Make sure forms or system controls require mandatory information to support claims or requests.
Verify any requests or claim information you receive with an independent and credible source.
Automatically match data with another internal or external source to obtain or verify relevant details or supporting evidence. This countermeasure is supported by the Office of the Australian Information Commissioner's Guidelines on data matching in Australian government administration.
Create lists to quickly compare information to automate or require further actions.
Train and support staff to identify red flags to detect fraud, know what to do if they suspect fraud and know how to report it. Fraudsters can take advantage if staff and contractors are not aware of what constitutes fraud and corruption.
Automatically notify clients or staff about high-risk events or transactions. This can alert them to potential fraud and avoid delays in investigating and responding to fraud.
Allow clients, staff and third parties to lodge complaints about actions or decisions they disagree with. This may help identify fraud or corruption, such as failure to receive an expected payment.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Fraud detection software programs automatically analyse data to detect what is different from what is standard, normal or expected and may indicate fraud or corruption.