Customers and subscribers of Optus may want to watch their bank accounts a little more in the coming weeks, after hackers stole details from the telco.
You’re already likely on the lookout for scams of all kinds, and while they’re getting particularly nasty in their realism, and some are getting so complex they may as well be believable, the typical safety you might have is scanners usually come to you.
They’ll email or call, but they make the first move to get your details. They need those details to be able to do something, and without them, you’re just another email or phone number for them to chase, for them to try and take money from.
But when they have those details, scams can get mighty more complex, and customers need to be even more vigilant to make sure their details aren’t compromised.
For customers of Optus this week, that advice is pertinent, as the telco deals with a breach following a cyberattack that saw customer details leaked, or more specifically, hacked out.
Optus noted in its release on the matter that information “which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses”, and even possibly the numbers for customer passports and driver’s licenses. In short, it’s just about everything a hacker might want to construct some pretty impressive scams, or even to sell on the black market.
Reports from The Age note that “up to 9 million customers had been affected”, likely making this one of the biggest cyberattacks to occur to an Australian company, and the risks are severe.
So if you’re an Optus customer and you’re at all concerned, what can you do?
For those wondering about the scale of the #optus hack:
* Optus controls more than 30 per cent of the market — this will hit almost 1 in 3 Aussies with a phone.
* Optus had more than 10 million mobile customers in 2019 so this attack appears to affect all of them.
— Jen Dudley-Nicholson (@jendudley) September 22, 2022
What you can do
The fallout from this hack and breach is likely to be massive, and even though you could change your passwords, you’ll still need to be aware of the problems this hack could see.
Optus notes it took action to block the attack immediately, but customer details have still made it out into the open, and that’s a problem. The telco is working with the authorities on the matter, but there are still things you can do to help ensure damage is limited to your digital life.
Make sure any passwords don’t use dates of birth or phone numbers
While passwords aren’t part of the breach, common aspects of not-so-great passwords are, such as names, dates of birth, physical addresses, and phone numbers.
The best passwords are clearly ones that are complex and have no obviously discernible pattern in them, but most people aren’t going to do that, and so you can typically expect at least one password in your life to use something from that list. They may even use a number from your license, possibly because you’ve had the thought that this is random enough and no one will guess.
So if you know your passwords, make sure none of them use something from them like this, and if they do, change them immediately.
Ensure your services use multi-factor authentication (2FA)
Having better passwords is one way to help secure your account, but securing it with more than just one form of security is another. As such, ensuring your accounts have multi-factor authentication is incredibly important.
For folks not sure what this is, multi-factor is also known as two-factor authentication or “2FA”. You can also find other forms, such as three-factor (3FA), and it’s using more than one mechanism to log into a service. That’ll include your password as one factor, but may also include an SMS to your phone, an email to your account, an alert to a device you own, and so on and so on.
Every bank should provide a form of multi-factor, and many services do, as well. The idea is just one method of security doesn’t let you log in, and anyone trying to use a service associated with your name will need at least one other one, making it more difficult to break into any account.
Watch your emails and bank accounts
Speaking of accounts, watch those email and bank accounts very, very carefully.
Optus has said that “payment detail and account passwords have not been compromised”, but that doesn’t mean scammers won’t try more tactics to join the dots.
It wouldn’t surprise us to see more scams sent to people on the email list, in an attempt to draw bank and credit details out, and to fill in the remainder of the list of details.
Consider investing in security with a dark web monitoring service
If you’re still concerned that your details might escape to the black market, consider grabbing a security solution with dark web monitoring built in.
Dark web monitoring essentially runs checks for driver’s licenses numbers, mother’s maiden name, addresses, phone numbers, and credit card numbers, checking known places like discussion boards on whether those details have been shared and spread.
Norton offers dark web monitoring in some of its solutions, as well as LastPass and NordVPN, which may be able to assist in alleviating some of that concern, for at least however long this drama goes on.
Stay aware of updates from Optus and Scamwatch
Finally, it’ll be a good idea to stay aware of any updates from either the ACCC’s Scamwatch, as well as that of Optus.
Scamwatch has already come out with a warning that Optus customers should monitor their accounts for unusual activity, while we expect Optus will have plenty of updates in the coming days and weeks.