KEY POINTS:
The people tasked with keeping our online institutions safe say attacks on internet users are increasingly sophisticated as online bankers, Facebook members and Trade Me users come under attack from fraudsters, bullies and identity thieves.
In the last year, 900 reports of misuse of identity involving 400 identities were reported to the police, according to Detective Sergeant David Kennedy, at the National Bureau of Criminal Intelligence.
"It's a fraction of the activity in the New Zealand environment," he said, speaking at the Managing Identity in New Zealand conference held in Wellington this week.
Identity theft is a "breeder" crime, said Kennedy, because it is used to prepare the ground for more serious crime, usually involving financial fraud.
"Documents and transactions are used to breed further documents and transactions."
As people go online to bank and communicate with Government departments, the threat of identity theft is growing.
A counterfeit passport is the ultimate ticket for the identity thief, said Mimi Giaccherini, an investigator at the Department of Internal Affairs who is also completing a thesis on identity management at AUT's Institute of Public Policy.
Despite the introduction of anti-counterfeiting measures like biometrics, fake New Zealand passports can still be bought in some countries and they are intricately made.
"Just one spot of glue reacting under ultraviolet light could give the game away," she said.
"For terrorists, travel documents are as important as weapons."
A passport could be used to gain a driver's licence, open a bank account, apply for a loan and get an IRD number - all things which legitimise a person's existence in society.
Ron Watt, head of fraud at BNZ, said the bank's two-factor authentication system NetGuard had eliminated most online banking fraud as customers were required to enter a code from the back of a security card as well as their username and password to log on to their bank account.
But other fraud attempts were rife - the BNZ identified 504 suspect transactions last month alone and identity theft is a common trait. Over 50 per cent of fraud cases are related to unauthorised debit and credit card transactions.
"As a bank, our product is money and what do 95 per cent of the bad guys want? Money," said Watt.
While there were around 60 conventional ways to carry out bank fraud, online the options opened up.
Phishing scams, where bank account holders are duped into divulging their personal account details through websites and emails designed to look as though they have come from the bank are common, said Watt.
"What's really worrying is the sophistication of it," said Watt, a banker of 45 years experience.
"Take Kiwibank. They're being phished from Russia and Latvia. How do they even know about a little bank at the bottom of the world?"
"Phishing is still really difficult to do," said Dean Winter, a former policeman who now works as trust and safety manager at Trade Me. "It's hard to convince a Kiwi to send a sum of money to Nigeria,"
But the wariness of users hasn't stopped overseas fraudsters from trying and occasionally a Trade Me user falls victim.
Winter tells the story of a Trade Me member who was drawn in by a jet ski being offered at half its retail value. Despite Trade Me sending a warning to the user advising them not to send money to Britain as the seller requested, the buyer did so and fell victim to the scam.
"It's amazing the amount of people who will talk to these scammers and send money overseas," said Winter.
Attempts were increasingly being made to steal the identities of vehicles.
"They steal the identity of the car and person and start a fake auction," said Winter.
Photos of genuine cars were taken from web advertisements to lend authenticity to Trade Me listings.
Many of the fraud attempts and bogus auctions on Trade Me are automatically generated as part of botnets infecting thousands of compromised computers.
Winter said Trade Me was able to trace the source of botnet attacks by their IP (internet protocol) address, many of which identified them as coming from Asia, Eastern Europe and former Soviet states.
Hundreds of phishing and botnet attacks were identified each month, a small fraction of them originating in New Zealand. But Winter said acting on the information gained from analysis of web traffic through Trade Me to shut down fraudsters wasn't easy.
"Who in New Zealand do we go to and say we've identified a botnet? It's a difficult situation and one we are trying to move on with as much speed as possible."
Interaction with internet providers here and abroad was "more difficult than good, unfortunately," said Winter.
"We get a fantastic response from the hosts of some of these fraudulent networks. But it is still standing at the bottom of the cliff."
For John Fenaughty, research manager at NetSafe, horror stories of young social network users falling victim to bullies and more serious offenders are all too commonly reported to the body tasked with promoting safe web surfing.
"If you do a search on Bebo under 021, it's amazing how many phone numbers come up," Fenaughty said.
People are still giving too much information about themselves away online, which plays into the hands of identity thieves "scraping, crawling and parsing" information from profiles.
Fenaughty had come across cases of fake profiles being set up with the photos and personal details of real social network users.
The authentic-looking profiles were then used to gain access to the trusted networks of other people in the victim's wider online network of friends and contacts.
"We then get the social network of the target being attacked," he said.
Bullying and harassment is common and there have been threats of blackmail aimed at youths and adults alike - do what I want or I'll misrepresent you online and wreck your network. Social networks are "high in trust", said Fenaughty, as people tended to only add people to their online contacts list if they knew and trusted them.
But Kiwis have really taken to social networking, with around 8 per cent of visits to websites from New Zealand going to social networking websites like Facebook, Bebo and Myspace.
Facebook had seen a "massive spike" in usage since last May, said Fenaughty. It and Bebo accounted for around 33 per cent of local social network use.
Fenaughty said the real threat in social networking came through the convergence of technologies in social networking websites.
They now acted as instant messaging platforms, community forums, photo albums and sources of extensive information about their members.
And niche social networks, such as online gamer communities like World of Warcraft, are also being used by bullies, said Fenaughty.
"Significantly more information will be shared in the New Zealand cyberscape and with it comes a new risk landscape."
WEB CRIMES
* Phishing attacks: Users of online banking, auction or ecommerce services are duped into entering their personal details into legitimate looking websites which are in fact set up by fraudsters to steal passwords and login codes.
* Identity theft: Fake social networking profiles or online auction adverts are set up using details stolen from legitimate users in order to lure in unsuspecting members.
* Botnet attacks: Groups of infected computers are programmed to automatically attack networks and computers to install Trojan software that harvests passwords and log-in details from unsuspecting users.
* Bullying and blackmail: Social networking predators infiltrate trust networks online to turn the community against the victim with the aid of information gathered from the web.
