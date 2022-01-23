A Canberra girl quickly realised one thing was very unsuitable after receiving two textual content messages on her telephone – from her personal quantity.

A Canberra girl is demanding solutions from Optus after she fell sufferer to a complicated telephone rip-off the place $200 was stolen from her and she or he practically misplaced hundreds extra.

Esther Yam, 32, knew one thing was very unsuitable after she noticed a “creepy” message pop up on her telephone in late August.

“I got a text that literally said, ‘Hi,’” Ms Yam recounted to information.com.au.

There was only one main downside. “It was a text from myself,” she defined.

“Then it happened again. I thought, ‘This isn’t random.’

“Alarm bells started going off, but before I could do anything, the nightmare began.”

She stopped receiving a sign on her telephone, with it resorting to SOS solely mode, and will now not ship or obtain textual content messages.

It turned out her telephone was the sufferer of a SIM swap. A Ukrainian hacker stole her cellular quantity and received into all her accounts by sending a password reset to the telephone.

The ACT accountant needed to scramble to safe her financial institution particulars, social media and monetary apps, as in any other case she may have been financially ruined.

Ms Yam remembers being snowed in with work deadlines and virtually dismissing the bizarre textual content message till she realised it was coming from her personal quantity.

Luckily she instantly realised she had been SIM jacked, the place a scammer had remotely gained management of her SIM card by making use of for an eSIM card by Optus.

She suspects the explanation she obtained a textual content message from her personal quantity was as a result of the hacker was making an attempt to check whether or not they had gained management of her telephone.

“I think I got lucky, obviously this person had my number but the eSIM hadn’t fully ported over,” she defined.

“I managed to stop whatever havoc this person was trying to do within the next 24 hours by rotating passwords and email addresses and removing every two factor authentication linked to the phone number, but it was a very hectic 24 hours,” she mentioned.

A complete of $200 was taken out of her Google account and the hacker tried to get into her monetary apps, together with these of her banking establishment, cryptocurrency exchanges and micro-investing platforms the place Ms Yam saved a considerable portion of her cash.

Using the IP tackle that confirmed up when the hacker logged into her cryptocurrency apps, she was capable of see they have been positioned in Melbourne and Ukraine.

“I have an offset account, for savings and travel funds. Literally I only have one account, if they had gotten into that I don’t have any fallbacks or anything,” she mentioned.

Although it’s been months for the reason that hack, she by no means obtained any apology or compensation from Optus for granting the hacker entry to her telephone.

Every day Ms Yam additionally receives rip-off messages from totally different telephone numbers, making her suspect her particulars have been shared by the hacker onto the darkish internet.

Ms Yam says she is “furious” that Optus allowed a hacker to get entry to her telephone quantity within the first place.

All it takes for a rogue agent to take over your telephone’s SIM card is your title, cellular quantity and your date of start.

Ms Yam mentioned she was shocked to study that was all it took to hijack somebody’s life.

“Apparently, that’s all that Optus needed to issue this fraudster an eSIM card that allowed them to steal my identity. My name, and birth date. Over the phone,” she mentioned.

Her title and birthday are simple to search out on social media and she will solely assume the hacker received maintain of her quantity one other manner.

Of extra concern, one of many final texts Esther obtained was a reference quantity for Optus, because the hacker was getting assist from Optus to switch her telephone quantity over to theirs.

“There was also a support ticket lodged by this person with Optus claiming they ‘can’t receive SMS’,” Ms Yam continued.

“It hit me then, this person clearly wasn’t able to receive the text messages themselves as I was still getting them. So they contacted Optus and lodged a support ticket saying they weren’t receiving text messages – and then Optus decided to fix this issue for them, which sent my phone into SOS mode.

“Optus literally enabled this person in their attempts to steal my identity.”

Ironically, Ms Yam needed to bodily go into an Optus retailer to show her identification on the top of Canberra’s Delta lockdown.

She mentioned an Optus worker performed her a recording of the dialog with the hacker and it was apparent from his voice he was a person despite the fact that he was claiming his title was Esther.

“He requested an eSIM card because his phone broke and he wanted the confirmation sent to another telephone number rather than the email address listed on the account,” Ms Yam continued.

“How did this not raise any red flags to Optus? It’s so obvious something suspicious is happening.”

Optus responds to allegations

When information.com.au contacted Optus for remark, it didn’t difficulty an apology to Ms Lam or provide any compensation.

“Unfortunately, identity theft continues to be an economy wide issue which opens the doors for fraudsters to access innocent Australian’s services in ways that can have real harm to them,” the spokesperson mentioned.

“Optus, along with the wider telco industry is working to enhance existing protocols and controls to reduce unauthorised access to customers’ accounts and services.

“Optus takes customer security and data very seriously, we encourage customers to regularly change their passwords, not re-use passwords and aim to keep their personal information secure.”

