Scammers attempt to ‘cash in on the recent Optus data breach’ with latest scheme

Sep 28, 2022
Scammers are playing on the fears of those caught up in the Optus data breach in an effort to maliciously illicit funds and personal details. Source: Getty Images.

Following a large-scale data breach that saw millions of Australians across the country have their private information compromised, Optus customers are now being targeted by scammers preying on their concerns regarding the recent hack.

The initial data breach is thought to have compromised information such as customers’ names, dates of birth, phone numbers, email addresses, and in some instances address details and ID document numbers such as driver’s licence or passport numbers.

Optus stressed that payment details and account passwords have not been compromised as the telco scrambles to secure the information of millions of its customers.

In response to the breach, Optus CEO Kelly Bayer Rosmarin said “we are devastated to discover that we have been subject to a cyberattack that has resulted in the disclosure of our customer’s personal information to someone who shouldn’t see it”.

“As soon as we knew, we took action to block the attack and began an immediate investigation. While not everyone maybe affected and our investigation is not yet complete, we want all of our customers to be aware of what has happened as soon as possible so that they can increase their vigilance,” Rosmarin said.

“We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organisations, to help safeguard our customers as much as possible.

“Optus has also notified key financial institutions about this matter. While we are not aware of customers having suffered any harm, we encourage customers to have heightened awareness across their accounts, including looking out for unusual or fraudulent activity and any notifications which seem odd or suspicious.”

As Optus seeks to alleviate fears held by their customers that their personal information has been exposed, scammers are playing on such fears in an effort to maliciously illicit funds and personal details.

Scamwatch was quick to alert the public about the scams doing the rounds, warning those caught up in the data breach “to be on the look out for scams and take steps to secure their personal information following a cyber-attack”.

“Scammers may use your personal information to contact you by phone, text or email. Never click on links or provide personal or financial information to someone who contacts you out of the blue,” Scamwatch said.

One such scam, attempting to take advantage of unsuspecting Australians, threatens recipients with the release of their personal information unless a payment is made to the scammer.

Another method that Scamwatch is aware of that “will try to cash in on the recent Optus data breach” is a scam email sent to potential victims that offers compensation for those impacted by the data breach.

“We regret to inform you that you have been a victim of identify theft,” the scam email reads.

“Your identity and consumer credit files were compromised during a data breach where millions of user profiles were exposed to hackers and used in an identity theft scheme now uncovered by federal authorities and Interpol.

“Steps have since been taken to mitigate the issue.

“You are eligible for reimbursements of false acquisitions, compensation for potential impact on your credit, and any additional claims you may make.”

Following the breach, Scamwatch alerted customers as to what to be on the lookout for when it comes to unusual activity and what can be done if personal information has been compromised.

Scamwatch advised Optus customers to “take immediate steps to secure all of their accounts, particularly their bank and financial accounts” and “monitor for unusual activity on your accounts and watch out for contact by scammers”.

In order to protect personal information, Scamwatch suggests changing online account passwords and enabling multi-factor authentication (particularly for online banking), checking accounts for unusual purchases, and placing spending limits on bank accounts.

Those who are concerned that their personal information has been stolen are urged to contact their bank immediately and call IDCARE on 1800 595 160.