It takes only a moment to click ‘send’, yet that single action may leave you—and your loved ones—wide open to identity fraud.
A new survey of more than 1,000 Australians has revealed that 40 per cent of us have emailed photographs of passports, driver’s licences or other identity documents from personal email accounts.
For retirees who value their hard-earned savings and good name, this should ring alarm bells.
Even more troubling, 56 per cent of those who hit ‘send’ never bothered to delete the email, and just one in four took the extra step of emptying it from the trash folder.
According to the Customer Owned Banking Association (COBA), this everyday habit is a leading gateway for scammers prowling the internet for personal data.
Why ordinary emails are a goldmine for crooks
Scammers thrive on two things: stolen details and our complacency.
‘When we investigate how fraudsters obtain someone’s personal information for impersonation crimes—such as applying for loans, credit cards or government benefits in their name—email breaches frequently sit at the heart of the problem,’ explains Martin Latimer, COBA’s Head of Financial Crimes and Cyber Resilience.
Many Australians, especially those who pride themselves on being helpful and organised, routinely send driver’s licences or passport scans to travel agents, real-estate offices or new employers.
Although these practices began long before the term ‘data breach’ became common, the digital landscape has shifted dramatically.
Unless you are using an email service with end-to-end encryption and encrypting each attachment, you may as well post your private data on a noticeboard.
Every message and attachment becomes fair game if a criminal obtains your email password—most often through a convincing ‘phishing’ link.
From there, thieves can either impersonate you outright or craft a ‘synthetic identity’, mixing genuine information with fabricated details to create a brand-new digital person.
That false identity can open bank accounts, apply for credit or claim government benefits, all in your name yet hidden from view.
The silent cost of complacency
Older Australians have long been advised to shred paper bills and guard Medicare cards. Yet, in the digital era, safeguarding your inbox is equally vital.
An identity fraud incident can drain retirement funds, tarnish credit ratings and embroil victims in months—sometimes years—of paperwork to repair the damage.
Mr Latimer’s warning is plain: ‘If you need to provide sensitive information, always double-delete the sent email and ensure your email account has two-factor authentication.’
He also cautions against storing scans of licences or passports on computers or smartphones, which themselves can be breached. His rule of thumb is simple: ‘If you wouldn’t put it on a postcard, don’t put it in an email.’
Five ways to fortify your personal information
- Think before you attach. Query whether the organisation truly needs a full copy of your identification. Sometimes a reference number or partial redaction suffices.
- Use secure channels whenever possible. Many institutions now offer dedicated portals for document uploads with bank-grade security.
- Enable two-factor authentication (2FA). A second verification step—such as a text message or authenticator app—significantly reduces the risk of email takeover.
- Double-delete sensitive emails. Once you have sent the document, remove the item from your ‘Sent Items’ and then empty the trash or deleted folder.
- Purge old files from devices. If scans of passports or licences are saved on your phone or computer, transfer them to a secure external drive—or delete them outright—once the transaction is complete.
Industry action and your role
Customer-owned banks, credit unions and building societies have pledged to work hand-in-hand with government agencies through the Scam-Safe Accord. Their aim is to tighten security standards and educate customers.
This message is being amplified during Privacy Awareness Week (16–22 June 2025), a national campaign urging all Australians to treat personal data as seriously as physical valuables.
COBA’s research underscores a simple lesson: the weakest link is often the unassuming email languishing in a neglected folder.
By adopting straightforward habits—double-deleting, using 2FA and insisting on secure document portals—you not only shield yourself but also set a prudent example for children and grandchildren navigating an increasingly complex digital world.
Have your say
Have you ever sent your licence or passport by email? Did you later clear it from your inbox? Share your experience below; your cautionary tale could spare another member of the YourLifeChoices community from costly heartache.
Also read: Google warns 1.8 billion users: Delete this urgent scam email now
