What Optus hackers could do with your very private information

Millions of Optus customers whose personal details were stolen in a cyber attack should be on high alert for ‘highly targeted’ scam text messages and emails in the coming days and weeks, a cyber security expert has warned.

Cyber security consultancy Gridware told Daily Mail Australia that the type of data stolen by hackers will be sold on the dark web to criminals who are likely to use it to create authentic-looking fraudulent phishing scams.

Nearly 10 million Optus customers had personal details taken in a new cyber attack.

Cyber security consultancy Gridware told Daily Mail Australia that the type of data stolen by hackers will be sold on the dark web to criminals who are likely to use it to create authentic-looking fraudulent phishing scams 

Millions of Optus customers whose personal details were stolen in a cyber attack should be on high alert for ‘highly targeted’ scam text messages and emails in coming days

The personal data included names, passport and drivers’ licence numbers, addresses, email addresses, dates of birth and phone numbers.

Ahmed Khanji, Gridware’s CEO and a professor of cybersecurity said the criminals who buy novelty documents online the data will be able to create convincing-looking SMS messages and emails because they already have so much personal information.

RELATED ARTICLES

Previous

1

Next

Personal details of nearly 10 million Optus customers are… Optus CEO breaks down as she issues grovelling apology to 10…

Share this article

Share

‘These messages will be advanced, targeted phishing attempts trying to get you click a link to pay a fee or a fraudulent invoice, or fill out more details,’ Prof. Khanji said.

‘They are far more believable than random messages saying “I’m from the ATO, you owe money.’

These messages will be advanced, targeted phishing attempts trying to get you click a link to pay a fee or a fraudulent invoice, or fill out more details,’ Prof. Khanji said

The messages could most obviously try to pressure existing Optus customers for money.

People unaware their details had been stolen could easily fall for the scams because any messages would quote their personal details back to them – including residential address and date of birth.

He said the Australian criminal networks including bikie gangs have previously been involved in similar scams.

READ ALSO  Answers about Car Buying

‘Whoever did this, they’re going to be interested in selling this data off and because the details are Australian, we’d suspect Australian crime gangs could use that information for fraud gaining financial advantage by deception.’

The telco’s boss Kelly Rosmarin confirmed payment details and account passwords had not been compromised but admitted she felt ‘terrible’ the breach had happened under her watch

He said the data would be sold on the dark web, either by auction or a flat fee.

Alastair MacGibbon, who is chief strategy officer at cyber-security firm CyberCX, said Optus hack victims also need to watch out for criminals impersonating them.

They should be looking for whether criminals are mimicking them, or stealing their identity, trying to obtain credit in their name … etc,’ he said. 

Earlier the Optus CEO issued an emotional apology after the cyber attack.

The company’s boss Kelly Bayer Rosmarin confirmed payment details and account passwords had not been compromised but admitted she felt ‘terrible’ the breach had happened under her watch.

‘I think it’s a mix of a lot of different emotions,’ she said looking downcast.

‘Obviously I am angry that there are people out there that want to do this to our customers, I’m disappointed we couldn’t have prevented it.

‘I’m very sorry and apologetic. It should not have happened.’

Ms Bayer Rosmarin also revealed that the IP addresses linked to the hackers had moved around various European countries, and that it was a ‘sophisticated’ breach.

She added it was too soon to tell if it was a criminal organisation or another state was responsible for the attack.

The data that was potentially stolen has been dated back to 2017.

Optus revealed the breakdown of the types of personal information stolen. 

Optus has been called out for waiting nearly 24 hours to tell close to 10 million customers their personal details had potentially been stolen by hackers

Hackers stole 2.8 million customers’ passport and drivers licence numbers, email and home addresses, dates of birth and telephone numbers after reportedly exploiting a weakness in the company’s firewall.

The remaining seven million had their dates of birth, email addresses and phone numbers stolen.

Optus knew about breach on Wednesday but didn’t alert customers until Thursday.