IDCARE is currently assisting members of the community that are experiencing one of eight types of fraudulent SMS text messages (known as Smishing). Australia experienced a similar wave of activities in October and November 2018. These messages enter the legitimate historical text message stream people have received from the organisation that is being impersonated. This adds to the feeling of legitimacy the fraudulent text message has. Content of these text messages require recipients to perform an action, either to open a link or call a number. Links can also contain what looks to be similar website particulars of the brand impersonated – another legitimising strategy of the scammers. It's likely to present as either a threat to financial security or something enticing like winning a prize.
When links are followed it is common that recipients are asked to complete their personal particulars, including:
Date of Birth
Debit / Credit Card Details
Bank Account Details
Tax File Number
Photo of Driver Licence
Photo of Passport
Medicare and/or Centrelink Reference Numbers
Account Passwords (such as telecommunications carrier customer account)
Around one in five clients that reported to IDCARE said that they completed the details and experienced further crimes. The most common misuse risks relating to the provision of this information captured by these clients involved:
Unauthorised transactions on debit / credit cards
Establishment of new transaction account
Unauthorised Individual Tax Return submission
Establishment of new email account
Unauthorised Mobile Phone Porting/SIM Swap
Unauthorised Access of Email Account
Mobile Number Spoofed
New Credit Card Application
New Personal Loan Application
Fraudulent Access of Superannuation Account
IDCARE advises that if you have not opened the link or followed any other instructions received on the SMS text message then the risks in relation to identity theft and misuse are very low. If you are using an Android device it is recommended that you install anti-virus. Apple products rely upon operating system updates to maintain their security.
If you have clicked a link and completed the required fields we recommend you take the following immediate actions (where appropriate to your situation):
Contact your financial institution immediately and explore what additional controls you can place on your accounts and cards;
If a Tax File Number was provided, contact the ATO and ask for additional security measures to be placed on your account (call 1800 467 033 M-F 8am to 6pm AEDT);
Update your passwords to your online accounts that has used the same email address (if provided) as their username;
Contact the Department of Human Services if you believe your Medicare or Centrelink Reference Number has been exposed (call 1800 941 126 M-F 8am-5pm AEST);
Contact your Superannuation Fund and explore what additional controls they can put in place, such as updating passwords, implementing second-factor authentication, or implementing additional “account change” authorisation procedures (such as confirming using alternate communication channels that requests to roll-over or access funds are legitimate);
Contact your telecommunications and email provider about implementing second-factor authentication on your accounts or other security setting upgrades.
Brands impacted include major financial institutions,Commonwealth government agencies, social media, large retailers and telecommunication carriers.
If you require further assistance or have had other identity or account information compromised please complete an IDCARE Get Help Form. We will endeavour to respond to your requirements within two-business days but this will be influenced by demand. Note that we are a charity and not all organisations who refer their customers to IDCARE to address their needs support our charity financially. We appreciate your patience.
IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.
IDCARE as a registered charity does not ask individuals to donate or pay for our front line services. We are not a charity that can receive tax deductible donations. We rely on organisations that care enough about you to care about us to keep our charitable service going. Proudly these organisations are displayed above and on our Subscriber Organisations page. If you are asked for payment from someone claiming to be from IDCARE, please report this to us using our Report Phishing email.
IDCARE has access to the Department of Social Services’ Free Interpreting Service, delivered by the Translating and Interpreting Service (TIS National). Access to the Free Interpreting Service is provided to assist you to communicate with non-English speaking people who hold a Medicare card. Please note that the service does not extend to New Zealand citizens or residents who do not hold an Australian Medicare card, or to tourists, overseas students or people on temporary work visas.
New Zealand Relay provides services to help Deaf, hearing impaired, speech impaired, Deafblind and standard phone users communicate with their peers. A TTY user connects to New Zealand Relay via a toll-free number and types their conversation to a Relay Assistant (RA) who then reads out the typed message to a standard phone user (hearing person).
The RA relays the hearing person's spoken words by typing them back to the Textphone (TTY) User.
The National Relay Service (NRS) is an Australian government initiative that allows people who are deaf, hard of hearing and/or have a speech impairment to make and receive phone calls.
The NRS is available 24 hours a day, every day and relays more than a million calls each year throughout Australia.