IDCARE has received many reports about phishing text messages appearing to come from Australia Post. These messages are likely to appear in the same message stream as your legitimate Australia Post messages as scammers can ‘spoof’ phone numbers. If you have responded to the message, please follow the relevant steps below. Australia Post has also posted the following details in relation to the issue: Scam Alert.
IDCARE measures risk of future identity misuse based on the nature of the credentials compromised. Items such as name, address, date of birth and email address are credentials that alone would be considered low risk of direct future misuse. In most cases what is of real value to identity thieves are passports, driver licences, credit cards and banking username and login details.
This type of technology allows a caller to masquerade as someone else by falsifying the number that appears on the recipient’s caller ID display or in text messages. Caller ID Spoofing does not utilise the real phone number of the service provider, it is technology that disguises the number to make it look as though it comes from a trusted source.
Financial Institution: If you have entered any of your debit/credit card details into the linked website, IDCARE recommends you contact your financial institution/s to let them know that your card and account information may be at risk. Talk to your institution(s) about what additional controls can be put in place (such as security questions, two-factor authentication, and new PINs). It is also recommended to change your passwords,ensuring they are strong and individual using a different device to the one used to respond to the text message or doing so by calling your bank or visiting a branch and doing it in person.
Apple device: You may wish to speak with Apple on 1300-321-456 and please change your apple ID password.
Android device: Run anti-virus software then update Google Play/Gmail password.
If you still have concerns after following the device recommendations above, please consider completing a factory reset on your device. Ensure you remove/save or update any photos or data you do not want to lose before completing the reset.
Scammers can easily convince their prospective victims of working for Government or big business when they have just a little bit of information about each of us. You may receive more phone calls and text messages. Be on the lookout for more phishing messages that appears to come from well-known organisations such as myGov, ATO or your bank that appear on the same message stream. Or calls designed to heighten you into providing more information.
Scammers love to share contact information once a person’s identity is confirmed as linking to a number. They do this because it increases their chance of success to get your high risk credentials the next time they call (passport, driver licence, remote access to your computer, tax file number, banking / credit card details etc.).
Knowing a little about someone can make the difference for a scammer in pursuing follow-on engagement (even pretending to be another organisation).
If you think a caller may be legitimate, the best way to manage this would be to ask for the organisation name and end the call. Then do your own research and find and confirm their legitimate contact details and make the contact yourself to confirm if needed.
Going forward it is recommended:
Credit Reporting Agencies (CRAs):
As a general precautionary measure, you may contact the three credit reporting agencies in Australia and order free credit reports. A credit report contains your credit history, and includes information such as existing loans, outstanding debt, enquiries from credit providers, telcos and utility companies, etc. A credit report will enable you to see whether there have been any fraudulent applications for lines of credit in your name. This is unlikely if the scammer has not had access to high risk documents such as driver licence etc. However, we recommend consumers order a free report every 12 months to ensure their details are accurate. For more information, please see our Fact Sheets on : Credit Reports.
If you feel concerned you can also apply for credit bans(freezes) if you feel you want to have more safeguards in place. It means that the CRAs are not able to disclose any personal information from your consumer credit report to any credit providers where fraudulent applications may have been submitted. A ban does not impact your current credit line or credit payments. For a step-by-step guide on how to apply, please go our Fact Sheet on Credit Bans.
Tips for Keeping your Mobile Phone Number Secure: Occasionally criminals will attempt to gain access to a person’s mobile phone number. The reason a mobile number is so attractive to scammers is the two-step verification codes (also know as two-factor verification) most people have setup for online accounts that are used when resetting a password or making a bank transfer. For more details about the risks around a mobile number please go to our Fact Sheet on Mobile Phone Porting.
For more information on how to protect yourself from identity theft, scams and cyber crime, visit IDCARE’s Learning Centre.