Rss

Archives for : TELCOS

ID theft in three steps: ‘Adequate’ Telstra and telco identity checks questioned

Sue King was holidaying in the US when she received an odd email from Uber on her Wi-Fi connected phone saying she had just taken a short ride to the Sydney suburb of Canterbury

That day in late May became stranger when her Facebook friends began asking her why she was requesting a reference for a loan. One pointed out her account may have been hacked.

Alarmed, she contacted her broadband provider Telstra, which told her an impersonator had passed all identity checks and gained access to her account, changing her Bigpond email password.

Sue King had her identity stolen image www.scamsfakes.com

Sue King had her identity stolen.  Photo: Katherine Griffiths

“All that person needed was my full name, date of birth and home address to get into my inbox and I’m concerned it’s just too easy,” said Ms King, a teacher from Lilyfield.

“I also have a feeling they stole my mail, because they gave Telstra my account billing number.”

The use of such simple identity verification processes is widespread, with information security experts saying big organisations are struggling to strike a balance between solid security and seamless customer experience.

Ms King managed to change her email password but the worst was yet to come. When she returned home, she couldn’t use her mobile phone because her Optus number had been transferred to another SIM.

telstra logo on cage image www.scamsfakes.com

A fraudster gained access to Sue King’s Telstra account. 

She found out the fraudster had tried to mess with her details at Teachers Mutual Bank and enter her PayPal account.

Her Commonwealth Bank card was swallowed by an ATM because of irregularities. And she discovered $3800 was transferred over 10 days to a Surry Hills-based online merchant using her St George credit card.

A Telstra spokesman confirmed that as a minimum it verified a customer’s identity using their full name, date of birth and home address.

He said the telco considered its identification process as “adequate” and similar to that used by other business across many industries. It was constantly under review.

“In this instance, it appears the customer’s identity was obtained fraudulently as the scammer provided the necessary verification information … also providing the account billing number,” he said.

Ms King has since swapped from paper bills to email and changed her passwords. She said the police were also investigating her case.

Mail theft and identity fraud has been on the rise, with organised crime syndicates taking advantage of Sydney’s apartment boom and targeting the clusters of letter boxes.

Identity crime costs governments, private industry and individuals upwards of $1.6 billion each year, according to Attorney-General’s Department.

James Turner, an advisor at Intelligent Business Research Services, which counts Telstra as a client, said security teams at companies were working hard to strengthen identity verification procedures, but this had to be balanced with customer experience.

He said while identity checks, such as that used by Telstra, were common, it was important to note signatures – “the weakest biometric ever” – were still being used.

“We’re dealing with the area of risk. It’s not a binary situation of ‘They must have done more’,” he said.

“I know the heads of security of all these large organisations and they are genuinely concerned and constantly trying to raise their capabilities so the easy way is the secure way. That’s the end game,” he said.

“It’s like turning an oil tanker, when you’ve got marketing people saying: ‘No, no, we need to make this as fast and friction-less as possible’.”

David Lacey, founder of Australia’s only free helpline for victims of identity fraud IDCARE, said companies should place greater focus on the way they help victims who in some cases feel like they’re treated as criminals.

“If you’re not harmed by the crime itself, you almost certainly will be by the response [of the telcos and other service providers],” he said.

He said the number of calls to the hotline has been doubling every three months. He said a criminal begins abusing a person’s identity within 48 hours of it being stolen.

“You don’t ever get your identity back once it’s stolen. They have a life sentence, because the problem can re-appear in the future,” he said.

An Optus spokesman said it verifies identity using security questions, including personal details and account information.

“Optus also provides customers the opportunity to add a PIN to their account which can be used to help verify identify,” he said.

A Vodafone spokeswoman said if a customer can’t provide account details and a PIN, they proceed to a set of questions.

“If we are not satisfied, we may ask the caller to provide further evidence to authenticate their identity and their claim to the account or direct them to a retail store with appropriate identification,” she said.

Protect your identity (credit: IDCARE)

  • Ensure all devices have the newest available security updates and run weekly anti-virus and malware protection software.
  • Never open or click on links from emails you don’t know.
  • Never provide your personal or security details in response to any email, even if it looks legitimate.
  • Where available use two-step authentication – such as SMS codes to your mobile.
  • Regularly change your passwords and PINs and be careful about selecting your passwords.
  • Never communicate personal details on social media sites.
  • Ensure you have a secure letterbox for postal deliveries.
  • www.crimefiles.net
  • www.intelagencies.com
  • www.ispysite.com

3r5g6yu

Henry Sapiecha

Telstra clients scammed with fake refund email

shady-hacker-on-keyboard image www.scamsfakes.com

More than just chasing your credit card details, scammers are looking to steal the identity of Telstra customers.

Saying to you that you’ve paid your bill twice, scammers are tricking Telstra customers into handing over their credit card details.

These days most of us are savvy enough not to fall for promises that look too good to be true, whether it’s a win in the British Lottery or an inheritance from a long-lost uncle in deepest, darkest Peru.

Scammers have moved with the times and their new promises are a lot more boring and realistic, such as a small tax refund, unexpected parcel delivery or billing error in your favour

fake letter emailed toTelstra customers image www.scamsfakes.com

A copy of the fake letter emailed toTelstra customers. Photo: MailGuard

The latest wave of convincing-looking scam emails, identified by MailGuard, claim you’ve somehow paid your Telstra bill twice so you’re entitled to a refund. Rather than take a shotgun approach the scammers have only sent it to Telstra customers – more than 20,000 of them – who probably won’t find it too hard to believe that the telco has managed to stuff up their bill.

This isn’t a cryptolocker attack like many fake emails that have probably arrived in your inbox lately – there isn’t an infected malware attachment or dodgy link designed to encrypt all your documents and demand a ransom. Instead the official-looking letter, supposedly signed by Telstra executive Gerd Schenkel, points you to Telstra’s My Account online portal where you can log into your Telstra account and claim your refund.

Of course the link doesn’t send you to Telstra’s real My Account page, just a very convincing-looking forgery as part of a “phishing” attack hoping to trick you into handing over sensitive information. Along with your Telstra login and password you’re asked to provide all your credit card and billing address details along with your date of birth.

Not only can scammers use these details to go on a shopping spree with your credit card, it’s also enough information for them to pretend to be you and start racking up other debts in your name.

The best defence against these attacks is a healthy sense of paranoia. Often they’ll be riddled with grammatical errors, come from a suspicious-looking email address or rely on a suspicious-looking website name. This latest Telstra attack does look very convincing, but if nothing else the fact that it asks for so much information should ring alarm bells.

Always assume that any unexpected email you received from a service provider is a fake. Never open attachments, click on links in the email or trust the supplied phone number. If in doubt, contact the provider directly to clarify.

If you’ve been caught by this scam the best thing to do is notify Telstra, change your My Account password and notify your bank so it can cancel your credit card.

Have you been caught out by these kinds of scams? How do you spot the fakes?

Tell us your story HERE

SDR

www.intelagencies.com

Henry Sapiecha