I am a customer of both Optus and Medibank, so for sure, I reckon my date of birth, phone number and possibly my address (although I’m lazy, so I may not have updated the latter) is being bounced around by shonks and scumbags all over the world, plotting cunning plans for how they might use this valuable new information.
Am I naïve to not really care? After all, I provide this information without giving it a second thought when I subscribe to all sorts of (legal!) websites.
I know that for some people, the thought of having their medical history exposed for all to see chills them to the bone. My medical history includes such highlights as having my appendix wrongfully removed and gallstones. Do with that information what you must, hackers!
What I’m finding more annoying right now is the increasing number of text messages and phone calls from people trying to trick me. There’s a mobile number that calls me almost daily, plays some music and then talks to me in Chinese. I speak not a word of Mandarin, so I have no idea what they are after, but I’m pretty certain they’re up to no good.
Then there are the text messages that are too clever by half.
“Hi mumm/dad this is my new phone number Can u text me right back if U have seen this message?”
“TOLLINKT-AUST-: You have an toll trip UNPAID. Pay via (insert dodgy link here).”
“ApplePay has been suspended on your device. Please visit (insert another dodgy link here).”
These are just three text messages that have turned up in the past 48 hours. All are nonsense, but not obviously so. I have children, but none of them has a new phone. I have travelled on toll roads recently, but I never use Apple Pay.
I’m happy to say I’ve never fallen for these texts (touchwood), but a lot of people do. The messages are getting more sophisticated and more believable, and just replying to these messages can cause all sorts of issues.
If Australian Cyber Security Minister Clare O’Neil thinks the people responsible for the Medibank hack are scumbags, those who try to trick people online surely deserve equal condemnation.
Maybe there’s a connection between the recent theft of all my personal information and the bombardment of dodgy text messages and phone calls. Except these texts pre-date the latest identity theft cases.
Let’s be honest, there’s no end of ways people can get our phone numbers. Subscribe to a magazine, an online game, a gym or library membership, we usually have to hand over a phone number. Often we’ll also give our address as well, maybe even more.
The government has set up a “taskforce of specialist officials” featuring the Australian Federal Police and the Australian Signals Directorate to investigate cybercriminals and “disrupt their activities before they launch an attack”.
AFP Commissioner Reece Kershaw went even further, claiming “we know who you are” and promising all hell will rain down on the perpetrators.
Good luck with that. Cybercriminals are usually several steps, at least, ahead of even the best-funded law agencies. If the AFP had managed to identify exactly who is behind the Medibank hack, rather than just pinning it on the Russians, they would have managed to pull off a breakthrough that leading investigators worldwide have rarely achieved.
Making it illegal for companies to pay ransoms will have more impact because if the crooks can’t make money from stealing our stuff, what’s the point?
And let’s try to crack down on those sending fake texts. In the UK on the weekend, a House of Lords committee ruled that telephone firms that allow customers to be inundated with texts and calls from scammers should be prosecuted.
There can be no doubt Australian telcos should be doing much better as well. We, the customer, need to demand better.