I'm flabbergasted that this could happen Paul! Hope there are no further repercussions from this invasion. Thanks for all the advice which I've copied just in case. I'm glad I'm not with Telstra!

Reply to article

For original story, Click Here.

Really a painful experience Paul. Thank you for sharing your bitter experience with us so that all readers will be very careful.

Reply to article

For original story, Click Here.

Just reading your story made me stressed. I hope like crazy that nothing further happens and also, that I don't become a victim. Not sure that I would cope as well as you did.

Reply to article

For original story, Click Here.

I agree with you Kate. I feel Paul's stress! Paul, would you consider a follow up story explaining any improvements committed to by Telstra? Real time access (in a non-queued way) directly to a Telstra Fraud representative must be considered. As you have indicated, without this, stress dramatically escalates, along with potential financial and reputational loss.

Reply to article

For original story, Click Here.

A small side note - as an ex-Optus call centre worker, one thing that was *insisted* upon was that if you request to speak to a supervisor, it *must* be done. The Call Centre worker can reasonably ask for your ID so that they can have the account up ready for the supervisor, and also for a reason (again, so that they can brief the supervisor, but also they honestly might be able to fix the issue), but the option to escalate is always there. If the Team Leader doesn't satisfy, the Centre Manager is the next step. (And the Ombudsman will not accept a complain, if I remember correctly, unless you *have* tried to escalate the issue).

Reply to article

For original story, Click Here.

I don't understand how someone can access your emails just by having access to your phone.

Reply to article

For original story, Click Here.

Sad to hear of this scam and thank you for sharing.

My wife was a victim of ID fraud after her handbag was stolen during the 2019-20 fires when I took one day off from fighting fires to spend a day with my wife at the beach.

My experience of equifax was very different with them being totally unhelpful and even failing to report new false credit applications due to there system failings, they just want to encourage fraud so that you pay them more to monitor it.

We had multiple phone and credit card applications and it is all left for you to contact the credit providers yourself. Equifax refuse to give you any contact info on credit providers that you have never heard of so the scammers get away with it.

One other thing I learnt was that when you get a new licence the card number changes but never the licence number and when people apply for credit they are only asked the licence number never the card number ensuring an easy ride for the scammers.

Reply to article

For original story, Click Here.

I'm glad I am not a Telstra customer !

Reply to article

For original story, Click Here.

I too has experience this with our phones being PORTED or simply put put into SOS mode. After several phone calls and visits to the Telstra shop Saturday-Monday for them finally taking some responsibility. But the major banks where even harder to get through to even when we went into branch they would phone and we would be on hold 25mins in branch. It took 5 weeks to get our funds returned. They took access to all out bank accounts, Afterpay PayPal zip pay email . We have security on our phones and emails !!!! It was stressful and we felt like the criminals the way we were treated by the banks . While they let the criminal change our details contacts without identification

Reply to article

For original story, Click Here.

The email issue Paul had is quite easy to implement. I used to use Bigpond email and in the online portal, you could select to forward emails to another email address and not save a copy to the inbox of the account.

This would mean Paul can send emails from his account but all replies would automatically be forwarded to the scammers email address.

Bit of a worry how easy it was for the scammers to take over everything and how hard it is to stop it.

Reply to article

For original story, Click Here.

In my experience the only prompt response you get from any Telco is when you threaten them with the Ombudsman. Appalling service.

Reply to article

For original story, Click Here.

Telstra used date of birth as a method to verify customer identity for many, many years, and completely disregarded for a very long time how public that information was - let alone how stupid it was to use it for customer identification. Whatever Telstra implements by way of two factor authentication comes exceptionally late. It's horrendous it has come to this for this organisation to start listening.

Reply to article

For original story, Click Here.

The fact that you could see their messages to Telstra when you got back into your app means they had your username and password before they messaged Telstra. How did that happen? Had you already been hacked by malware on a device or was a site that you use the same username and password on compromised and your account info also because you used the same password? Also, the Telstra site has had 2FA for quite some time. If you had enabled it, none could have done anything without you being notified first.

Reply to article

For original story, Click Here.

Welcome to the finance world Paul. Hackers have been using this method for a number of years now and the telcos should be held accountable.

Reply to article

For original story, Click Here.

My telco doesn't have a store like telstra l can go too. That would make troubles like this even harder.

Reply to article

For original story, Click Here.

The problem is you used Big Pond email. You need to segregate your online life, so security failure in one place (Telstra) doesn't give keys to the kingdom. Your main email is your most valuable possession, don't trust a telco with its password.

One email for work. One for Netflix, Qantas, Facebook, and other low quality interactions. One for personal email and banking that you guard with your life.

Reply to article

For original story, Click Here.

G'day Paul

First off, I like to say I have no empathy for your plight, however I have no ill will against you as well. In your article you never once acknowledge your part in the whole drama of been defrauded, but simply blaming Telstra for the whole debacle, and their lack of interest, is Telstra fully to blame ? No.

Telstra can do better, however facial recognition is not the answer, Apple quietly drop facial recognition when hacker proved Apple wrong in it been secure in less than 12hrs. 2FA is the way to go without using SMS as the sender, as SMS is easily hackable as well.

Telstra would not be in this predicament if you had practise what you preach, Telstra is not alone in how best to secure user data and identity but so is the end user. It's the user's responsibility to be proactive in their own security when sharing personal info across the net.

Don't be lazy in handing off responsibility to others, since others have a minimumless view of your security. What is the bet the crooks got into your account because been human that you are, like million of other people, have taken the shortcut to problem-solving.

For example, same password and email across 2 or more accounts across the internet, giving personal info on social media sites that you wouldn't tell your neighbour etc. I could go on and on, but the takeaway should be, never ever use the same password for any account you have or will create in the future.

Create multiply email accounts for different things, one for money matters, for families and for personal friends etc. Use complex password, the long the better, nothing less than 20-25 characters, use when possible paraphrase, 6-7 words at minimum. Use a good password manager would be best. You're never too old to learn, educate yourself with the likes of YouTube and others on personal security.

All the Best.

Reply to article

For original story, Click Here.

Great info from Paul. Credit cards are the biggest issue with all of this, so do not give any credit card info via the internet. There will always be a new and novel way hackers will find the info they are after.

I have on occasions turned away from the screen for 2 seconds to grab some paperwork. Then turned back to to see that the screen had changed slightly but still look very much the same afterwards. So the link I was using had changed by itself. Do not know what that trick is called that the hackers use ??

Reply to article

For original story, Click Here.

Omfg I had exactly this happen to me on 27/06/22 that went on for a couple days. The scammers went thru everything, it started by them disconnecting my mobile phones & called Telstra & made out they were my husband as they sourced his name from My Telstra app & got 2 new mobiles activated. My husband has never been a contact on my account but Telstra changed it anyway. From there the hackers went into everything & reset all my passwords with a one time activation code that gets text to my mobile number & they easily changed my passwords. They took over my phones, email, Facebook, PayPal all in a matter of a mornings work!!

I live 180km from the closest bank or Telstra store, so I had to do all this over the phone, with lots of panic & stress. I had no idea how far these people were going to go & if they were going to be able to hack others in my contacts. I was told to freeze all my bank accounts & super, as well as my husbands.

I spent 2 sleepless nights not knowing if I was going to have any savings or how far they were going to delve into my email account - do you realise how much personal information gets sent to your email address? Not only my work info but passwords to everything, identification copies, absolutely everything.

I was seriously shitting bricks - J have never been so worried about losing my identity in one foul swoop.

These scammers are bloody arseholes - I have never felt so victimised!

Reply to article

For original story, Click Here.

Has it crossed your mind that the 'crooks' are actually working in Telstra. I have had several staff ask for more and more ID. They also refuse to send a verification code instead. As a result of refusing to provide any more ID, I was cyber punished with hacks to my computer for near to a month.

Staff can collect all points of your ID and add it to what they already have on the screen.

They can ask for your name and one more point of ID and then have to send you a verification code. Don't give them anymore.

Someone changed the password to my modem and wifi password. That has to be staff inside Telstra. No one else can do it.

Time for a big change.

Reply to article

For original story, Click Here.

I have had on 3 occasions over the last 5 years had a random persons mobile account added to my Telstra app.

I can see all of their details. Massive breach of privacy. Telstra say it's impossible until I show them. Because it's apparently impossible it's hard to get them to remove the strangers account.

Makes you wonder how many peoples information is shared with strangers through this app. It's just happened again and I'm thinking that it's not enough to just tell Telstra.

Reply to article

For original story, Click Here.

Paul, empathise with you. But here are some tips that you don't mention above.

(1) Never, ever, ever use your ISP's free email service. And never, ever keep emails stored online. You either get another email address (gmail, fastmail, protonmail) or download your emails to an old-style Email Client on your PC (Thunderbird, Outlook). If all your emails are online, it's a very tasty honeypot for ISP scammers, who not only get your ISP and Telstra accounts, but every other account in your life (bank, brokers, etc). Do you really trust Telstra to manage your emails?

(2) Try to never ever use mobile banking apps, because your Android or iPhone are full of high risk entry points for hackers. They don't have firewalls, so everyone on your wifi network can access your phone. Every "fun" app you download has potential to monitor all your keystrokes, stealing your passwords. Mobile devices are the main culprit of breaches.

(3) At home, dump your Microsoft Windows PC in the bin, and get a Linux PC/Laptop instead. You can ask a tech shop to install Linux OVER your existing Windows computer. Many people suffer from Windows Viruses, Malware and Spyware. There are so many points of entry for hackers, you would be lucky not to have been hacked in some way. And Macafee and Norton are no use either. Linux has a much more secure design and is almost impervious to Viruses.

Reply to article

For original story, Click Here.

Unfortunately with call centre operators being based in the Phillipines or some other SE Asian country they simply either don't know or care about customer privacy. I make it a point to never use the email that comes with my Telco account and use gmail or hotmail etc. Of course these can also be hacked - but the security is very high - with lots of checks and balances.

Reply to article

For original story, Click Here.