Optus data breach scams

Advertisement

Scamwatch is urgently warning Australians to be on the lookout for increased scam activity following the recent Optus data breach and to take steps to protect themselves.

About the Optus data breach

Australian Government agencies have developed a fact sheet about the Optus data breach:

 Optus data breach – Australian Government fact sheet

The information that has been released in the data breach includes:

  • your name
  • date of birth
  • phone numbers
  • email addresses,
  • residential addresses, and
  • identity document numbers. For example, driver’s licence, Medicare or passport numbers are all information that are used to identify you.

Serious damage can occur when your information winds up in the wrong hands, but there are steps we can take to protect ourselves. Scamwatch urges everyone to be cautious and remain alert to potential scams.

IDCARE has a dedicated support page to assist Optus customers impacted by the data breach.  While there are real and serious risks, there are ways to protect ourselves.

All consumers and businesses should look out for scams

  • Scammers will use the data breach and target people in any way that they can. This means you will likely notice an increased number of phishing emails, phone calls, and SMS or social media messages.
  • Be wary of new communications and don’t just accept what you’re being told. Take your time, do your research, and independently contact the purported business or agency communicating with you, using contact details you have sourced yourself, for example through searching for the business or agency online.
  • Do not click any links or open any attachments.
  • never provide anyone with your personal or banking information or grant remote access to your device.
  • Check the login activity for your accounts and sign out of unrecognised devices (Microsoft, Gmail, Yahoo, AppleID, Facebook)
  • Check your social media accounts, update passwords and do privacy and security checks

Current scams to look out for

Optus is not contacting people about issuing new sim cards. Delete these messages.

Example of a scam text message claiming to be from Optus regarding issuing new sim cards

If you receive demands to pay money with a threat that your information will be released, delete the message. Scammers are pretending to be hackers to make you give them money.

Example scam message claiming to be a hacker seeking payment in relation to Optus data breach

Optus is not threatening email account closure if you do not update your password or verify your personal information.

Example of a scam email claiming to be from Optus about account verification
Example of a scam email claiming to be from Optus about email account verification

Optus is not contacting people about their bills and asking you to update your information.

Example of a scam message claiming to be from Optus regarding bill payment

There is no financial restitution being sent to individuals caught in the data breach at this time.

Example scam message claiming to be financial restitution for the Optus data breach

Remote access scams

Scammers are using the Optus data breach in remote access scams.

Remote access scams involve getting victims to download a piece of software to their phone or computer that hackers can use to access the device.

Scammers will claim to be from an organisation and provide a reason they need access to your device, including reasons related to the Optus data breach.

Scammers may claim they need access to your device to secure it, fix it, investigate what the problem is, or even catch hackers on the device.

Remote access software includes programs like TeamViewer QuickSupport, AnyDesk, and Zoho Assist.

Phone scams

Scamwatch is receiving reports of scammers calling individuals by phone and offering to assist them with identity rectification.

Scammers are offering to resolve compromised information documents if the recipient tells them which sort of document of theirs was impacted. Instead, follow the advice provided here and on IDCARE’s dedicated support page.

Advertisement

 

What to do if your information was exposed in the data breach

Secure your bank accounts

  • Tell all of the banks or credit providers that you use that you are a victim of the Optus data breach and ask about how you can protect your money. This may include:
    • setting transaction limits on your accounts
    • enabling multi-factor authentication for online and telephone banking
    • additional security questions
    • special security words
  • If your passport or driver’s licence has been compromised, tell your bank so that they do not rely on these documents to verify your identity.

Stop people taking out loans in your name by getting a credit ban

  • You can apply to Credit Reporting Agencies for a credit ban to stop people getting credit or loans in your name. This is a free service. This will last for 21 days and can be renewed. See the IDCARE credit ban factsheet or contact the three Credit Reporting Agencies directly:
    • Equifax
    • illion
    • Experian.
  • When a bank or credit provider is checking your suitability for credit, they check with Credit Reporting Agencies. If someone tries to take out a loan in your name, the check will fail if you have put a ban on your credit report.
  • Remember to renew the ban to continue the protection.
  • Credit Reporting Agencies also provide paid subscription for credit monitoring.

Contact your Superannuation Fund

  • Tell your Superannuation fund that you have been impacted by the Optus data breach and ask for an alert to be placed on your file.
  • Discuss what additional security features they can implement for you such as multi-factor authentication or a further security question.
  • Place a hold on any activity to roll over your fund.

Apply for a replacement drivers licence

  • Most states and territories will allow you to replace either or both your driver licence number and card number.
    • A driver licence number is a unique number which stays with you for life and does not normally change when a new card is issued.
    • A driver licence card number is a unique card number on the card which changes each time a card is produced.
  • By changing either of these you will have more protection because it will make it harder for criminals to use your old one to take out loans or credit in your name. It will make it harder for them to use your licence number for verification.
  • For more information about how you can replace your driver licence please visit your state or territory road transport authority:
    • QLD – attend customer service centre to get a new licence. See: Queensland Government – Change your customer reference number
    • NSW – Contact ID Support NSW by phone on 1800 001 040 or via their online form. The team is available Monday to Friday from 9am to 5pm. See: Service NSW – Optus breach
    • SA – you can change your driver licence by attending a service centre. See: Service SA – Optus Data Breach
    • TAS – you can change your driver licence by attending a service centre. See: Tasmanian Government – Replacing your licence
    • NT – See: Northern Territory Government – Replace your driver licence card if lost, stolen or damaged
    • WA – See: Government of Western Australia – Replace my licence
    • ACT – Dedicated phone line for ACT residents – Resolution and Support Team can be contacted on 13 22 81 and selecting option one. The team is available Monday to Friday from 9am to 4.30pm. See: Access Canberra – Optus cyberattack
    • VIC – you can fill out an online form to flag your licence and request a replacement. See: Vic Roads – Information regarding Optus breach

How a new driver licence will help you

  • By obtaining a new driver licence you should receive a new unique card number.
  • From 1 September 2022 the card number on a driver licence is a mandatory verification field for NSW, ACT, SA, TAS, NT and WA issued licences.
  • When your licence is re-issued the card number is updated. Including this in data matching criteria minimises the risk of identity theft using a stolen or lost driver licence.
  • A document verification that doesn’t capture the card number will fail.
  • Note – Queensland and Victoria do not have card number data in the document system but may have other arrangements in place to support verification.

Apply for a passport renewal

  • You can change your passport by applying for a passport renewal
  • Visit https://www.passports.gov.au/getting-passport-how-it-works/passport-renewal
  • IDCARE provides extensive additional details in their fact sheet under the heading ‘Passport number’.

Medicare Card

  • You can change a Medicare card
  • Visit Services Australia page https://www.servicesaustralia.gov.au/ms011
  • IDCARE provides extensive additional details in their fact sheet under the heading ‘Medicare number’

Contact telecommunications, technology and other online services

  • Contact your telco and internet providers, tell them about the breach and request additional security on your account
  • Contact Buy Now Pay Later services where you have accounts and request additional security

 

What else you can do

Change your passwords

  • Change your online banking and email account passwords.
  • Use different passwords for every account, and remember, the stronger the password, the better. create passwords that are long and use a combination of letters, numbers, and symbols.
  • Consider using a random password generator or password manager to strengthen the security of your accounts.
  • For more information, visit the Australian Cyber Security Centre.

Change the email address you use for important accounts

  • The email address that you provided to Optus may now end up in the hands of a criminal.
  • If it is possible you may want to stop using that email account for important services
  • Review all the accounts that you use that email address for. Consider using a different email account for your important accounts. You should check:
    • other telecommunications or internet accounts
    • energy accounts (gas and electricity)
    • you Apple ID or Google recovery email
    • your MyGov account or any government service
    • your account with road traffic authority

 

What to do if you think scammers have actually used your information

  • If you have been a victim of cybercrime or identity fraud you can report to the police via Reportcyber.
  • Contact your bank or financial institution immediately
  • You can contact IDCARE a free service which can help people recover from a cybercrime or stolen identity.
  • IDCARE is Australia and New Zealand’s national identity and cyber support service, they provide a free and confidential support service for those impacted by scams and identity crimes. you can contact IDCARE on 1800 595 160.
  • Report scams to https://www.scamwatch.gov.au
Advertisement

Leave a Reply

Your email address will not be published.