Someone who dishonestly gains a personal benefit by pretending they are another person or entity.
This might involve using false or stolen identities, attributes or credentials for personal gain.
Recent case studies
- An individual lodged 302 false tax returns with the Australian Taxation Office (ATO) using overseas students' names. All the details lodged with the ATO—those relating to the taxpayer, employer, income earned and the amount withheld by the employer—were false. The tax refunds were paid into accounts controlled by the individual. In total he embezzled $1,069,556.62. He was found guilty of 302 counts of fraud under the Criminal Code 1995 (Cth).
- A US Department of Defense employee used a coworker's credentials, unbeknownst to them, to log into the payroll system and retroactively update her own overtime and leave records. Investigators found that over a 17 year period, the employee fraudulently added 42,000 hours of unauthorized overtime. The employee pleaded guilty to scamming the federal government out of $1.4 million.
The methods of the impersonator are countered by measures that support identity security and authentication.
Key countermeasures include:
- Collaboration with strategic partners
- Staff are trained to apply correct processes and decisions
- A specific form, process or system must be used
- System or physical access controls
- Evidence must be provided to confirm identity
- Identity is authenticated for each interaction
- Mandatory information is required to complete the request or claim
- Information is verified
- Data matching
- Staff are trained and supported to identify and report fraud and corruption
- Automatic notification of high-risk activities and transactions
- Complaints about poor or anomalous outcomes
- Tip-offs and Public Interest Disclosures
- Fraud detection programs.
Other countermeasures include:
- Integrity checks and suitability reviews
- User permissions
- Sensitive information controls
- Requests, claims or processes are limited by parameters
- Prompts and alerts
- Duplicates are prevented, identified and corrected
- Quality assurance checks.
Download an A3 printable summary of the fraudster personas. If you require these documents in a different accessible format please contact firstname.lastname@example.org.