Obviously I could write a story a day about what new scam is out there and what to look out for. But let’s just take this week’s example of a text message I received yesterday from “OPTUS TECH” and understand just what’s going on here.
Now, I’m not masking any website links here, so please, do not access these websites, or attempt this yourself, I am doing this to help educate people to the very visible risks and dangers, as well as how to avoid them and protect yourself.
You might read though this thinking “well that’s obvious, who would fall for that” – the answer is, LOTS of people, and some of them might be your friends or your family, which is why we should talk about this often among those groups.
Firstly, the text comes in.
Optus has 10 million mobile customers, as well as their extensive home-broadband network, so it’s a decent strike rate when sending this message to random numbers that you might easily come across an Optus customer.
The tell-tale signs here it’s a scam are the urgency around something security related.
And secondly, the push to get you to “action” that urgency via a link.
Thirdly, while it looks like the Optus website, the dot after the “au” instead of a “/” means you’re actually going to a scammer’s website wr-e.co – and here’s where the deception really kicks in.
Looks very much like the Optus My Account page.
On mobile (above) and on a desktop (Below)
A webpage is just a text file and some images, so it can be copied and re-used with great ease, thus, this is an easy scam to pull off.
In an attempt to send a message to these scammers I “logged in” to my “account” using an aggressive email address and password.
Amazingly, this system was so advanced, it didn’t allow that. It rejected anything that was not an Optus or Optusnet email address.
Once you did put one of those in though (made up, it isn’t actually checking the validity of what you put in), it took you to the next step.
Now it should be clearly noted that in the case of a real victim, at this point, the scammers do now actually have access to Your Optus Account.
You’ve just given them your email address and password.
The Scam expands when you think about how many other places you’ve used that same email and password combination. Scammers will try that combo on every single site.
But they don’t stop there. Next is updating your contact information.
You enter your full name, and then – so much more
If you really did fill all that out, guess what – the scammers now have your Identity.
They can ring your bank, try get in there, and certainly plenty of other places where your mums maiden name and data of birth might be all the info they need.
This is the scam. Not asking for cash, but asking for your most personally identifiable information, and owning your identity from then on. Applying for credit cards in your name – who knows.
How can I stop myself from being scammed?
Honestly, it’s hard! No one should feel bad as the victim of these scams, it’s not a source of shame, it’s a tough learning experience.
Firstly, look for tell-tale signs, question everything.
If Optus had an issue, wouldn’t they call you? Would they ask you to click a link, or more likely just tell you to use their App to update such info.
Secondly, asking for so much information is a dead giveaway here.
Importantly though, Internet Security software does work, and will prevent the vast majority of these scams.
I have Trend Micro on my Phones and computers, and here’s what my browser did when I clicked the link:
That security subscription, just like insurance on your car or home, offers you a strong level of peace of mind. It can and will block things you may not have noticed even with the best trained eye.
Be it Trend Micro or one of the many other major internet security providers on the market, these scams can be stopped before you fall victim.
Most importantly, be alert and question everything – especially text messages.