We’ve not yet begun to see what the fallout will be for the Optus attack, but we can guess what scammers are planning, and it won’t be friendly.
A few days after Optus let everyone know its database was attacked and leaked, the situation for customers is still frustrating, but we’re beginning to know more. Optus is working both with the government and the Australian Federal Police, and the telco says all customers that saw ID document numbers leaked as part of the attack will have been contacted by now, with everyone else to come.
Adding to this, Optus notes that any current and former customers that are seeing those document leaks can have a 12-month subscription to Equifax’s “Protect” service free of charge, providing a credit monitoring and identity protection service.
While that may provide some sense of monitoring for people who have been affected, it doesn’t account for the influx of scams likely to result from the attach and breach.
Much like how scammers are calling pretending to be from the NBN, and how more scammers are calling pretending to be from Amazon, we’re largely expecting scammers calling pretending to be from Optus, too, and with millions at risk, that’s a huge problem, so what can we expect.
Optus call centre call scams
The obvious one is a reworking of the NBN tech support scam, only you need to replace “NBN” with “Optus”, and you’ll have how it will work.
Expect scammers to embrace this pretty quickly, and calls to go out across Australian numbers with scammers purporting to be from the Optus call centre. No doubt, they’ll talk up how information has been leaked, and how if you provide them with your document information and credit details, they can resolve this.
However Optus is not calling people to fix this breach, and any calls made purporting to be from an Optus call centre regarding this attack are very likely to be fake.
If you get one, consider asking them for their tech support phone number, and then try to match it up with the phone number on the Optus website. Chances are that they’ll hang up before they give it to you.
Optus SMS and email phishing scams
Next up is the typical phishing scam, the likes of which we see in other incarnations, often going after credit and bank details in the guise of actual websites you might want to use, such as Australia Post and myGov.
Scammers are known to send links designed to look real with “phishing”, essentially going after your account details with a webpage that looks legitimate enough on the surface, but doesn’t connect to the real website. It’s a fake site designed to capture your very real details, and they’ll often arrive in a text message or email.
This is one area Optus has been pretty clear about, noting to journalists:
Optus wishes to reiterate to customers that our email and SMS notifications will not have hyperlinks. If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any such links.
If you’ve suffered a loss, call Optus
While that’s just two examples of how we suspect scammers will capitalise on the Optus cyberattack, they won’t likely be alone, so please be careful when the name “Optus” pops up in emails, text messages, and phone calls from places purporting to be the real deal.
The Australian government has also provided a resource for former and current Optus customers affected by the attack, with links to what you can do provided by the Australian Cyber Security Centre.
These steps may include changing passport details and possibly applying for a new driver’s licence if you’re very concerned, and using the Optus freebie of Equifax credit monitoring. Alternatively, you can always call Optus directly, rather than wait for scammers pretending to be Optus to call you.