Identifying and Preventing Online Scams

Australians are embracing more online services everyday which is fantastic and has caused a significant increase in the number of services available. 

However, the downside to this is that we are now seeing a new wave of online scams. One of the most dangerous scams at the moment is mobile number porting & sim swapping. The way the scam works is that the hacker contacts your mobile provider and asks them to transfer your number to another provider or sim card. Once complete, they control your phone number and can use it to login or reset the passwords on every account where the number is used as either a backup or as two factor authentication.

In April 2018, Stefan Trueck was driving home from the supermarket when he got a strange message on his phone.

“At 5:55pm, I got a text message from my telco. It said, ‘Hi, received your port out request for this service.’ By the time I tried to call them, my phone already went to SOS only. Before I could even react, my number was gone.”

Within an hour, criminals had reset his banking password and accessed his accounts.

“It was really professional. I had a daily limit of $10,000, so they sent $10,000. They bypassed that limit by opening another account inside my account, which you can do online, and then they transferred another $10,000.”

Thankfully, Stefan was able to notify his bank and have the transactions reversed.

Even though security measures have been increased since 2018, there has been a recent surge in porting scams as hackers have found new methods of gathering information from their victims.

How to protect yourself

• Enable two factor authentication (2FA) on your accounts. However, instead of using your mobile number for verification use Google Authenticator. Google Authenticator provides a single use code each time you log in, meaning hackers can’t use your mobile number to access your account. Most accounts will support this – if not try switching to a pop-up notification or single use codes.

• Create secure passwords for your accounts (especially your mobile provider, banking and email) and use different passwords for different accounts. If you have lots of online accounts, we recommend using a password manager as they provide a secure way to store and manage your passwords. Browsers like Google Chrome have built in password management and will notify you if your password has appeared in a security breach.
  
  
• Check your social media profiles on Facebook, Twitter and Instagram to ensure your mobile number is hidden from the public. Also, find out if your mobile number is listed online anywhere and have it taken down. You can do this by Googling your mobile number.
  
  
• Be security conscious on Facebook and online in general. Be cautious of the personal information you share. Hide your birthdate & your friends list from public view. If a scammer can see your friends list, they could impersonate you and approach them to gain information. Never accept random or duplicate friend requests.
  
  
• Ensure you have access to your accounts and that your data is up to date – You may find that your account may not be setup correctly and have missing or out of date information which may make it less secure or difficult to access if there was an issue.

How to tell if your number has been ported

Your mobile will display SOS only when you should have service and you won’t be able to make calls. You may also receive an email or text message notification from your provider saying that your number has been ported.

What to do if you have been scammed

• Contact your mobile provider. If your number has been ported by a scammer, ask them to port it back.

• Contact your bank to see if scammers have accessed your accounts. Let your bank know of any fraudulent or suspicious transactions straight away – even if nothing has happened yet it’s good to give them the heads up. (Always call out to your bank to ensure you are speaking directly with them. Never trust an incoming call)

• Change your passwords, specifically for your mobile provider, banking, social media and email.
  
  
• Report the scam to Scamwatch and the Australian Cybercrime Online Reporting Network (ACORN).

We hope this has given you some useful tips on how to protect yourself against this new generation of scams. Over the next couple of weeks we will be taking more of a deep dive into security and the steps you can take to protect yourself online.

Sign up to our newsletter to stay up to date with the latest articles.