10 Oct 2012
By Larissa Telley

Are you at risk of identity theft?


We remember to lock our house and car before leaving them, but how security conscious are we when it comes to locking our mobile phones?

Take a minute to stop and think about what’s on your phone and what you use it for… SMS, emails, photos, personal memos, internet browsing, social networking, storing passwords. Now imagine if overnight all of that information disappeared, your bank balance vanished, and suddenly you were left with a bad credit rating and mountains of paperwork to re-establish your identity. This is a real threat – and actually happened to “Steve” (not his real name) a couple of months ago.

Don’t respond to text messages or missed calls that come from numbers you don’t recognise.Steve was using his mobile phone to access Facebook on the train when his news feed stopped loading.  He checked his internet settings and looked at his coverage, but everything looked fine, so dismissing it as an intermittent fault he didn’t think anything more of it… until his wife called him on his desk phone asking him why he wasn’t responding to an urgent SMS. Steve called his service provider for help and was told that their records showed he’d switched his phone number to another carrier that very morning – which explained why his phone’s SIM would no longer work.

Later that day, when Steve checked his internet banking, he discovered that the cash he had saved for his overseas holiday had been withdrawn from his account. When he contacted his bank, he was told that their records indicated he had authorised the transaction via a security code sent via SMS to his mobile.

This was when alarm bells started ringing in Steve’s head!

Steve immediately contacted his local police and an investigation was launched. It was determined that Steve had been the victim of identity fraud using unauthorised SIM porting. The crooks had obtained pieces of Steve’s identity information over time, and the last piece of the puzzle they needed was his mobile number. Once the crooks had this, they were able to set up their scam with precision timing: firstly porting his SIM card to another telco provider, applying to transfer funds from Steve’s account to their bank account, and then using the security ‘two factor authentication code’ sent via SMS by his bank to deceptively authorise the money transfer… all done without ever tipping off Steve because the crime was committed during the time  his mobile service was ported and before he had time to raise any concerns.

As fraud victim stories go, Steve’s tale isn’t unusual. Steve thought he was doing all the right things to protect himself from scammers. But it just goes to show, although most people don’t fall victim, ID fraud can happen to anyone.

10 Tips To Keep Your Identity Secure & Avoid SIM Porting:

  1. Be suspicious of anyone who asks for your personal information – including your mobile number. Scammers are willing to collect pieces of your personal information over time.
  2. If you receive an unsolicited phone call out of the blue, always ask for the name of the caller and who they represent; and try to record their telephone number.
  3. Don’t share your personal information, credit card or online account details over the phone, unless you made the call and trust the phone number dialled is legitimate.
  4. If you’re not sure that the person on the other end of the phone is legitimate, just hang up and call the organisation back using their official contact details.
  5. Don’t respond to text messages or missed calls that come from numbers you don’t recognise.
  6. Regularly check your credit card and bank statements for any unauthorised transactions – this may be the first sign someone has stolen your identity.
  7. Choose a strong password, change it regularly, and don’t share it with anyone! Consider installing a (trusted) app to keep your passwords and PINs secure.
  8. Report a lost or stolen wallet to your local police, and put a notification service on your credit file.
  9. Before you dispose of your old phone or computer, make sure you’ve wiped your personal information. Second-hand devices can be lucrative sources of information for cyber criminals.
  10. Shred old paper documents that contain your personal information and secure letterboxes. Even cyber criminals will rifle through bins in order to steal your identity.

Read more information about how to protect your ID, visit: Telstra’s scam tips, Australian Federal Police, Stay Smart Online, and SCAMWATCH

What To Do If You Have Been Scammed:

  • Contact your bank or credit union immediately so they can investigate the suspect transaction, suspend your account and take appropriate action.
  • If you have been scammed of money, report the crime to the local police.
  • Report ID fraud scams to SCAMwatch or call 1300 795 995.

If You Think You Have Received A Telstra / Bigpond-branded Scam, You Can:

  1. Check our registry of known Telstra and BigPond scams.
  1. Report incidents of ‘Telstra Impersonation’ scams to Telstra via our Report Misuse of Service webform.


Posts: 1


  1. Nick says:

    So does Telstra plan to do anything to stop unauthorised SIM porting?

    This is clearly an issue that Telstra is aware of so I think most people would agree that Telstra (and all other carriers) now has a responsibility to ensure that their customers are safe from this scam.

    I believe that porting is mostly automated however it would be very easy for Telstra to implement something where the customer is called to confirm their port request before the port proceeds.

    If such a system was implemented then this would have never happened to “Steve” and this scam would be impossible to carry out.

  2. Larissa Telley says:

    Unfortunately there is not a silver bullet to stop identity theft or unauthorised SIM porting from occurring.

    We work closely with regulatory groups, the banking industry, the other telecommunication carriers, and law enforcement to ensure we are doing all we can to protect our customers’ privacy and information.

    We treat any attempt or fraud threat very seriously. We have robust systems, reporting and fraud mitigation strategies in place to deal with new and emerging threats, as well as a team of investigators who manage fraud incidents as they occur.

    The most important things we can do are to help our employees and our customers be aware of the online risks and know how to avoid becoming a victim of fraud.

  3. joshy's Nan says:

    So it would seem very simple for the telcos to adopt the precautionary measure of sending a text to a phone number if a port request was made, would it not? Sure, it would be a minor annoyance for those who genuinely had requested to have their own number ported, but might save this sort of thing happening.

  4. Gregory Opera says:

    Someone was thrown in prison – yes, actual prison and not just the local police station – in my name and it took me nearly four months to convince a long list of people that it wasn’t me!

    Then the same person took out a student loan (“HECS” loan or whatever they call it…) in mine name and for the past twelve years I have been fighting it!

    Of course all of the relevant parties are quick to point the finger at everyone else, though no one wants to take responsibility for it and it’s an ongoing battle…

    Anyway, these days I am very, VERY careful with my identity, EVERYTHING that comes into my house is archived electronically and then HEAVILY encrypted, right before being destroyed!

    Every scrap of paper leaving our house is examined by me personally prior to it going into the bin, and I have a long list of computer/electronic policies in my house that are strictly enforced.

  5. Simon Harvey says:

    Whilst Telstra (and the other telcos) are correct in that they are not responsible for what criminals do with your identity, their lack of background or authentication checks when providing Mobile Number Porting services sounds to me like a broken business process on the Telco’s part.

    At the moment there is NOTHING stopping me calling a telco, giving them YOUR mobile phone number, and asking them to port your number to the pre-paid SIM card I’ve just bought. Telstra used to offer a service where I could register additional Questions and Answers that they would ask when faced with such requests – but seems to have quietly dropped that because it was too complex to manage.

    The Telco’s lobbyists are correct in saying its not their responsiblity for how SMSs are used (see,telcos-declare-sms-unsafe-for-bank-transactions.aspx) … but I would argue that, under the generally accepted principles of Customer Privacy and Excellent Customer Service, you would not just port someone’s mobile number without validating the request in the first place.

    Poor form Telstra. Interested in your own profits and sales targets, and not of the impact of your industry’s laziness has upon the lives of your customers.

  6. Telstra customer says:

    I am the latest victim, My number has been ported out without me knowing.
    I immediately contacted Telstra to reverse it, they said they are working on it but unsure if it is successful. :(

Leave a Comment