Stop Emailing Your ID: Why It’s a Scammer’s Goldmine

• Email Security
• Identity Theft
• Privacy Awareness

Emailing passports, driver’s licences or other personal documents puts Australians at serious risk of identity theft and scams, warns COBA.

Sharing ID Over Email? Here’s Why That’s Risky

Australians are being urged to stop emailing personal identification documents like driver’s licences or passports after new research revealed just how exposed they are to scams and fraud. The Customer Owned Banking Association (COBA) warns that emailing ID significantly increases the chances of identity theft.

What the Data Shows

According to a COBA survey of over 1,000 Australians, nearly 40% admitted to emailing photos of their identification documents through personal email accounts. Even more concerning, 56% didn’t delete the emails after sending, and only 25% removed them from their trash folders as well.

Why Email Is Unsafe

Most personal email services do not use end-to-end encryption, and attachments like scanned ID documents can be intercepted or accessed if your account is compromised. Scammers can use these stolen details to impersonate you, or worse, build a synthetic identity that can be used to open bank accounts, take out loans, or apply for government benefits in your name.

Common Risks

• Phishing attacks: If your email password is stolen, scammers instantly gain access to all your personal data and sent documents.
• Identity fraud: Using your documents, scammers can apply for loans and credit cards under your name.
• Synthetic identity fraud: Your details may be mixed with fake ones to create new, untraceable identities.

Protect Yourself

• Never email sensitive personal data unless you’re using an encrypted email platform.
• Always double-delete any sent emails containing personal information.
• Enable two-factor authentication (2FA) on your email account.
• Store sensitive files in secure cloud storage—not your inbox or smartphone photo library.
• If you must share ID, ask for a secure document upload platform from the recipient.

Brokerages and Business Concerns

Brokers are particularly vulnerable due to the high volume of personal documents they collect. COBA recommends all financial professionals review their privacy policies and implement proper governance and consent protocols. Cybersecurity best practices must be reviewed regularly, and brokers must have a response plan for data breaches.

The Bigger Picture

Australians lost over $2 billion to scams in 2024, with many attacks targeting identity data via email breaches. Financial bodies like AFCA are pushing for broader oversight into how banks handle scam-related complaints, and the upcoming Scams Prevention Framework is expected to enforce tougher standards.

Bottom line? If you wouldn’t write your passport number on a postcard, don’t email it either.