In this day and age many of us forget just how much of our lives are controlled by an online account. Our laptops and phones have become our first point of contact for banking, managing our superannuation, our insurances, registration, phone accounts and more. But have you ever stopped to think just how devastating the effects of being hacked could be?
Your identity can be stolen in 10 minutes or less, and it isn’t a scam that naive Aussie’s are falling victim to. It’s a clever, calculated and terrifyingly easy scam to carry out, and it’s affected more than 200,000 Australians who have a mobile phone account. It’s even affected Australian ABC News Radio presenter and journalist, Tracey Holmes, who documented her ordeal online.
Cyber scammers are using a simple trick to steal people’s mobile phone numbers, move them to a different carrier, and use the stolen number to gain access to the victim’s personal info, bank accounts, government accounts and social media.
As many people who have moved the same phone number from one provider to another will know, it’s easy to have an old SIM card copied to a new SIM card. It’s called porting. And if a thief successfully has a SIM card copied of your phone number, they can quickly and effectively assume your identity in minutes.
Most accounts require two-factor authentication, which involves receiving a text message code to log in to an account. What happens in the thief calls your bank and accesses your email and online accounts, resetting passwords using the ‘verify by text’ two-factor authentication method. The thief can then ‘verify’ themselves as you and start draining your funds, hacking your email accounts and more, in minutes.
More than 200,000 scam reports have been submitted to the Australian Competition and Consumer Commission in 2017, and latest data reveals that Aussies lost $340 million to scammers last year, a $40 million increase since 2016.
The relative ease of carrying out the scam raises questions around how secure our private and personal data is with telco giants like Telstra, Optus and Vodaphone, particularly when all a determined hacker or thief needs is your name, phone number and date of birth.
How to know if you’ve been hacked
- You’ve received suspicious text messages with verification codes you didn’t request, or text messages confirming phone calls or conversations you haven’t had.
- Your phone abruptly stops sending or receiving text messages and phone calls
- Your carrier is no longer displayed as active on your phone, instead showing something like ‘SOS’ or ‘Emergency calls only’
- You’ve been locked out of online accounts, or there have been suspicious attempted purchases or log ins on your bank accounts
- You’ve recently had mail go missing, or been redirected, or you’ve moved house.
What to do if your SIM card is hacked
- Notify your telco provider immediately, and inform them of the issue
- ASIC Money Smart suggests Notify your financial institutions immediately, and pre-warn them that your details have been hacked. Freeze your accounts for a period of time if necessary
- Notify the police and file a report via the Australian Cybercrime Online Reporting Network
- Check all other relevant accounts, such as email, MyGov, your superannuation, drivers’ licences, etc for signs of hacking, and notify all relevant businesses and financial institutions.
- Change all of your bank and online passwords and security questions immediately
- Get a copy of your credit report and check if there have been any credit checks made on you by businesses that you haven’t had any contact with
- Consider changing your phone number, closing your accounts and reopening new one for a fresh start.
How to prevent being hacked
- Do not click on links that look suspicious or are from people who don’t know or trust
- Never share passwords under any circumstances
- Memorise your PINS and never keep them with cards or on your person
- Regularly check your bank accounts and other online accounts, such as email and social media, for fraudulent activity
- Always follow up on strange verification codes being sent to you, any stranger confirmation text messages and other similar interactions
- Never give anyone you don’t know access to your computer.
- If you are contacted by anyone via phone who asks for your personal details, hang up and contact the business they claim to be calling from.
- Avoid having bills and account information sent to you via snail mail. Have it sent electronically to a secure account, instead.
- Always keep your phone somewhere safe, and use strong PIN codes and passwords
You might also like: