A new survey of more than 1,000 Australians reveals 40%[1] have emailed photos of their passports, driver’s licences or ID cards through their personal email accounts – significantly increasing their risk of falling victim to scammers.
Alarmingly, 56% of those who have emailed identification information, admitted they didn’t delete the email after sending it, and only 25% “double-deleted” the email (emptying it from their trash).
This Privacy Awareness Week, the Customer Owned Banking Association (COBA) is urging Australians to be more vigilant with email and prioritise protecting their personal information.
“When we investigate how scammers obtain someone’s personal information for impersonation frauds – such as applying for loans, credit cards, or government benefits in their name – email breaches are frequently identified as a primary cause,” COBA Head of Financial Crimes and Cyber Resilience Martin Latimer said.
Australians often share photos of their driver’s licenses or passports for legitimate reasons, including with travel agents or new employers. However, this significantly increases their risk of falling victim to scammers intercepting the sensitive information.
“Unless you’re using a secure, end-to-end encrypted email service and specific encryption for attachments, regular email is not a secure way to send sensitive documents. Once an email account is compromised, for example through a phishing attack that steals your email password, the scammer has immediate access to all emails,” he explained.
This stolen information can be used in several ways. Scammers can directly attempt to impersonate you, or they can combine your real identification information with fabricated details to create a “synthetic identity.” This new identity can then be used to open new bank accounts, apply for loans, credit cards, or government benefits in your name, making it incredibly difficult to trace.
“If you need to provide someone sensitive information for a legitimate reason, including date of birth, your Tax File Number, or other forms of identification, always double delete the sent email and ensure your email account has two-factor authentication. We also advise against storing sensitive information on your computer or smartphone in case of breaches,” Latimer advised.
“If you wouldn’t put it in a postcard, don’t put it in an email,” he added.
Customer-owned banks are committed to working with the government and other industries to combat scams and protect Australians from financial harm. To find out more about the banking industry’s Scam-Safe Accord, head here.
Privacy Awareness Week (PAW) is an annual event to raise awareness of privacy issues and the importance of protecting personal information. For PAW 2025 (16 to 22 June) we are asking people, organisations and government agencies to get serious about privacy by shouting from the rooftops about our campaign theme ‘Privacy – it’s everyone’s business’. For more information about PAW, head here.
For further information or to arrange interviews, please contact media@coba.asn.au.
[1] Survey commissioned by Customer Owned Banking Association and conducted of 1,004 Australians over the age of 18 in April 2025.
The Customer Owned Banking Association is the industry body for mutual banks and credit unions. For almost 180 years our sector has put customers first, returning profits to more than 5 million Australians who put their trust in customer-owned banks.