Man on mobile phone and working on his laptop computer
Consumer | Cyber Security | Tech and Innovation | Telstra News |

We’re now blocking over 13 million scam calls a month

By Narelle Devine June 15, 2021

We are now blocking around 13 million suspected scam calls on average per month from reaching end customers, which is a two-fold increase on the 6.5 million suspected scams calls we were blocking just four months ago.

Over the past few months, we’ve implemented a few new upgrades to our platform to catch even more suspicious calls, making our blocking strategy more aggressive with the ability to detect more types of scam calls than before.

Protecting customers from potential scams is a big deal – Scamwatch says that scam calls have cost Australians nearly $25 million already this year, on track to surpass last year’s $48.2 million that was lost to scam calls. So you can see why we’re working hard to try and stop these calls.

How we are detecting more calls than ever

We have made improvements to the way we block Wangiri scam calls. This is a type of call I think most of us might be familiar with – do you ever get a call from a random international number, it rings once and then stops? This is a type of call that scammers use to try and get you to call them back, which if you do, is where the scam begins. The international number is typically an expensive premium number and the scammers try to keep you on the line for as long as possible to milk money out of you.

We are also improving methods to detect and block scam calls with numbers that appear to be from a known source, but are not. This is called spoofing, and it’s when a scammer disguises the number they are calling from by changing the caller ID to look like a local number, which we all tend to trust more than international numbers, or a trusted brand name, like Telstra or the ATO (Australian Tax Office). This is a popular technique, as scammers from overseas know that the appearance of a local or trusted number increases the chance someone will answer the call.

We are also very careful not to block legitimate calls that could prevent customers connecting. That, combined with the fact that scammers are always finding new tactics means that no technology platform will ever stop scam calls entirely and we’re working hard to continue evolving our algorithms and detection methods to block existing and future scamming tactics.

The work we’re doing to target scam calls is part of our Cleaner Pipes initiative, where we are working to reduce the harm of phishing, malware, ransomware and other scams across our networks both online and through voice and SMS. We recently rolled out a new capability to make SMS safer too, with the first impact being to block illegitimate messages pretending to be from Services Australia from reaching Telstra customers’ phones.

We are doing all of this to protect our customers and their livelihoods because we know that we can have a significant impact by taking proactive action at a network level.

Working together to stop scams

Cyber security is a team effort and relies on industry working together to keep Australians safe. We are also working with other carriers and our regulators to trace back the origin of scam calls, so that we as an industry can stop the people bringing these calls into Australia in the first place.

This team effort is another big reason we’ve been able to block so many more scam attempts, with industry’s new Reducing Scam Calls Code coming into effect.

Telstra was a key contributor to the Code, which has given us and other telcos the regulatory foundation to block numbers that are non-telco compliant. It also sets out the expectation for telcos to collaborate more to block illegitimate calls more aggressively and this is a big win for the industry and customers.

Keeping our customers safe from scammers is something very important to us, and we’ve come a long way in a short time to reduce the amount of calls and risk of this activity to customers. This is just the beginning though, and we’ll continue to implement new ways to stop as many different types of scam calls as possible.

5 things to watch out for to protect yourself

1. Don’t be convinced if it looks like an incoming call is from a legitimate business or government organisation.

2. Is the caller pressuring you and making it seem like the matter is urgent? Be very suspicious of calls of this nature. Hang up and search online for the official number of the organisation they are calling from and use that number to call back.

3. Take note of the time of day – is it a reasonable time for a trusted organisation to be calling you? Be suspicious of calls late at night or on weekends.

4. Is an unknown number or trusted brand trying to call you repeatedly? This is a hallmark of a scam call.

5. The golden rule: if it sounds too good to be true, it probably is. If someone is calling you about an opportunity or about winning a prize (especially one you don’t remember entering!), it’s probably a scam.

Remember, if you think you’re receiving a scam call, just hang up. If you’re not sure about whether you’re speaking to a real business or a scammer, take their details and say you’ll call them back.

Whatever you do, don’t provide personal information or bank account information to anyone who you weren’t expecting a call from or don’t know – regardless of who they say they are. A healthy dose of skepticism might just save you from a scam!

If you think you might have been scammed, contact us – especially if the scam involved impersonating Telstra – and we can help secure your account.

For more tips and advice on how to spot a scam phone call, visit our website.

Consumer | Cyber Security |

We’re now blocking around 1.5 million scam calls a week

By Andrew Penn February 16, 2021

Growth and the overall success of the digital economy is inextricably linked to connectivity. Equally important is having a secure network that keeps those connections safe.

Cyber criminals and scammers have not failed to notice that millions of Australians are now much more dependent on being able to live, work and learn online because of COVID-19 and cyber-crime is on the rise again. Scam calls are not only annoying, they also have a real financial impact on Australians and are estimated to have cost ordinary Australians nearly $48 million last year.

This is why we’re announcing today that we are doubling down on efforts to address scam calls and are now blocking around 6.5 million suspected scam calls a month on average from reaching end customers. Scam volumes fluctuate day-to-day but on an active day for scammers, we’re sometimes blocking up to 500,000 calls a day before they can potentially defraud our customers, which is a huge increase from the 1 million plus scam calls we were blocking on average per month previously.


We are doing this to protect our customers and their livelihoods because we know that we can have a significant impact by taking proactive action at a network level.

This activity is part of our Cleaner Pipes initiative, where we are working to reduce the harm of phishing, malware, ransomware and other scams across our networks both online and through voice and SMS. We recently introduced a new pilot program to make SMS safer too, with the first impact being to block illegitimate messages pretending to be from Services Australia from reaching Telstra customers’ phones.

A lot goes into operating national and global telecommunications networks, from the physical assets of the fibre, exchanges and data centres humming away in the background of our cities and towns, to the operations that happen in the digital layer that keep this infrastructure and the people that use it safe.

Blocking scam calls is no mean feat. Our Networks team has built a smart platform that enables us to monitor inbound calls on our network that have suspicious characteristics, and block them before they can ever reach our customers.

We were already blocking around 1 million calls per month using a manual process, so the automation is a huge boon to our capabilities. Scammers use a range of methods and some of the more popular types at the moment include ‘wangiri’ or one-ring scams, and spoofed number calls either pretending to be a legitimate service (like the ATO) or a random number entirely.

We built this technology in-house and we are proud of the scale and expertise of our cyber security and networks teams as leading Australia’s telecommunications industry, but we also know that this is a team sport. The telecommunications industry and the Australian Communications and Media Authority (ACMA) recently introduced the Reducing Scam Calls Code is an important step towards a collaborative industry approach, creating the framework to work together on protecting Australians from scam calls.

Our efforts will always need to evolve to target new, creative tactics that scammers will use so no technology platform will ever stop scam calls entirely. Customers should always remain vigilant.

Related: Five ways to spot a scam call

If you think you are receiving a scam call, our simple advice is: hang up. Scammers operate on confidence and often victims are influenced to act quickly; if you buy yourself some time to think critically then your chances of avoiding a scam are far better. As a reminder, if Telstra is legitimately calling you, we will only call between 9am–8pm Monday to Friday, and 10am–3pm Saturday wherever you are based, and not on a Sunday. The exception to this is if you have an unpaid account or a customer-initiated inquiry with respect to an order, fault or complaint, someone from Telstra may call you outside of these hours. We’ll respect your wishes and terminate the call if you say no thanks and we won’t call repeatedly if you don’t answer – these are all hallmarks of scam calls. If you think you have been scammed, contact us.

The security of our activities online and on our smartphones is more important than ever, and it is critical that we take action to help our customers trust in the connectivity we provide. We see a future where scam calls of this type are effectively ring-fenced and eliminated from our network. It will take more investment and innovation, and continued support from Government but we have an ambition to make these kinds of changes to continue to improve the level of trust that Australians have in their phones, their emails and the websites they visit, and to encourage the rapid expansion of our country’s digital economy however we can.

For tips and advice on how to spot a scam phone call, visit our website.

Consumer | Cyber Security |

Getting cyber smart heading into 2021

By Matthew O'Brien February 8, 2021

Tomorrow is Safer Internet Day, a day when the world comes together to #startthechat about how we can make online experiences better for everyone. With more devices connected to the internet than ever, it’s important to make sure yourself and your family are safe online.

To help with this, we’ve launched Telstra Cyber Security Device Protect with cyber security leaders Trend Micro to make it easier than ever to protect your household devices online. Whether it’s managing your kids’ screen time or helping to keep your devices safe against hackers or protecting your ID, we’ll have you covered.

To go with this, we’ve put together a few tips on how to stay safe online, as well as a few of the ways you can use Device Protect to manage it all in your sleep.

Managing the content your kids can access

They’ve just got back to school after a big break, and tests are already starting to come up that your kids need to study for, but all they want to do is chat to their friends online. Rather than stay on your kids’ backs the entire time, it can be much easier just to control what content they can access online and when they can access it.

With the Parental Controls feature in Device Protect, you can prevent specific categories of websites from being opened, and even set different rules for different computer accounts. You can also limit internet usage through time control on a shared PC at home, so your kids won’t be able to get online until they’re done with their study or homework.

Your Wi-Fi router may have settings that you can log in and set up, but Device Protect takes the concept further than just your Wi-Fi and helps keep your family’s devices safe individually wherever they are. Our Mobile Security for Android devices includes an App Lock for restricting app usage for even more in-depth control.

Did you know only 46% of Australian parents feel confident about dealing with the online risks their children face and 95% want more information about online safety? To mark Safer Internet Day eSafety is hosting a series of webinars for parents and carers this week on Cyberbullying and online drama. They also have a suite of resources available to help you start the chat about being safer online.

Protecting yourself on public WiFi

Free public WiFi can be a saving grace when you don’t have any mobile reception or want to pull out your laptop for some quick work, but you also need to make sure you’re careful around what things you do online. When you connect to a public network, you can never be too sure who runs it, or if anyone else on the network has managed to get in and snoop on other devices.

Because of this, a general rule of thumb is to never use a public WiFi network for any sensitive data – think online banking, making purchases online with your credit card or even signing up to things that reveal a lot of personal information. Try to always do these things on a private network, either on your mobile or on a WiFi network at home or at the place of someone you trust.

However, if you really need to make an emergency bank transfer or want to regularly pop down at your local cafe to work, having a Virtual Private Network (VPN) installed can help mitigate those risks by hiding from the network what you’re doing over the internet.

With Device Protect installed, your VPN will automatically turn on and encrypts your data communication when it detects you’re connected to an unsecured public network, giving you peace of mind without having to fuss around with securing your connection.

Keep safe against cyber threats

As we become more reliant on our devices for shopping, banking and connecting to others, it opens us up to more risks against cyber criminals.

It might be someone pretending to be from your bank or from a social network claiming you need to reset a password or have received a special message you need to log in to see, where they then try to take you to a fake page to steal your information. They could also make attempts to access your devices and information by sending you dodgy links that infect your device with a virus giving them access. Or they could try something even more advanced and sneaky!

But as long as you keep your eyes open and be vigilant with your device protection you should be able to keep yourself safe. Make sure to always pay attention to the URLs of links you click, and that they match the same place you’d usually login. Likewise, check the email address of who’s emailing you to make sure it’s correct and that they’re not using a fake name.

Or let Device Protect do the checking for you, such as automatic monitoring of anything you download to have confidence there are no viruses hiding in the file, getting alerts when a website you enter known to be a bit fishy or even add an extra layer of protection when entering your credit card or bank details.

Keeping your passwords and identity safe

Most of us are guilty of recycling passwords across most of our accounts online, but doing this is really risky – it means that a cyber- criminal only needs to get access to one of your accounts to get into all of them that share the same password. But on the flip side, it can also be quite hard to remember dozens of different passwords across all your accounts to be extra safe – which is the reason most of us don’t bother!

To make this easier, you can use a password manager like the one included in Device Protect to not only store all your passwords, but automatically generate super secure new passwords for you. You can then log into all of your accounts with one tap, so you’ll never need to think about passwords again!

While keeping your passwords protected is important to keep your data secure, it’s also important to make sure you haven’t already been hacked or had your personal information stolen.

Device Protect will also monitor sites on the internet and on the dark web for you to see if your personal information is posted or is for sale anywhere, then alert you if it’s found. That way you can contact the police, cancel your credit cards before anything is spent on them and get new ID documents to minimize the damage done.

Keeping your devices and identity protected online can be a bit scary, but there are simple things you can do as mentioned here to ease your mind and help protect yourself and your family. If you’re looking for a solution to help protect your family’s devices for you, Device Protect will help keep your digital world safe and secure.

Woman working at home on laptop with mobile phone
Consumer | Cyber Security | Small Business |

Invisible security at your fingertips

By Darren Pauli August 21, 2020

Consumer cyber security has become much more user friendly and effective in recent years with technical complexity hidden behind seamless usability and easy-to-use apps. Yet a whole suite of largely invisible cyber security defences too numerous to list are available, often for free, by applying software updates.

This week we’ve covered some of the most important defences as part of Scams Awareness Week; password managers and the adoption of passphrases instead of jumbled codes; free and easy multifactor authentication; updated advice on spotting phishing attacks, and locking down your sensitive data.

Scams Awareness Week: five ways in five days to free and easy cyber security

Set your devices to automatically update. Search online for ‘end of life’ and your device make and model to see if it is still supported and secure.

An update is available

Many modern apps and devices are set by default to automatically update. Updating can apply new features, improve stability, increase security, and close dangerous flaws.

Security researchers continually find and report vulnerabilities in hardware and software. No product is immune. Good vendors will produce fixes, or patches, for these flaws and distribute them in software updates.

Many consumer products from phones to routers and gadgets will receive updates for a period of time before the manufacturer deems them end-of-life, stops fixing security flaws, and recommends customers buy a new product.

Routers

Your router, if it is relatively new and produced by a major vendor, is likely set to automatically check, download, and install updates on a regular basis.

To check if it is, load your router’s administration page. Connect your computer via an ethernet cable to your router, likely through the socket at the back labelled WAN, and type in the router’s IP address into a web browser window.

The IP address is likely underneath your router and should look like a sequence of numbers and full stops in a sequence like 192.168.1.1. The username and password required to access the admin page (not your Wi-Fi network) may also be on the underside. If not, search online for ‘default login’ followed by the make and model of your router.

Once inside, feel free to navigate around without saving any changes. You should find your software update status under general settings or admin.

Set your updates to automatic if possible and click a button to manually check for updates if it is available.

Look for a date of the last update – this might be next to or contained inside the update (firmware) file name such as tplink_abcxyz_20.03.2020.

Your router might be end of life if that date is more than a year old. You can verify by searching the internet for ‘end of life’ and the make and model of your router.

End of life routers should be replaced to ensure security. You may wish to consider replacing the router operating system instead with supported open source firmware like OpenWrt. These systems, while popular, generally have a highly technical interface and their application is a complex process that if done incorrectly could render your router inoperable.

Mobile

Modern mobile phone operating systems such as Android and iOS, along with their apps, are set by default to automatically update.

You can check by going to settings and searching for updates. Open your app store and apply any updates and check any boxes to activate automatic updates.

Apple supports its line of iPhones for much longer than other manufacturers but most provide updates for their phones for two years or more. Some updates may occasionally be issued beyond that for highly critical security issues.

Computer

Microsoft now only supplies updates for Windows 8 and Windows 10 in its regular consumer operating systems, although it too occasionally issues updates for older platforms to fix the most pressing rare security issues.

Windows 10 contains a suite of built-in security controls that make computers significantly harder to hack than older Windows versions. It also offers well-performing built-in antivirus eliminating the general security requirement to purchase third party antivirus.

Apple will as of November no longer support macOS 10.13 High Sierra and instead cater to newer versions including macOS 10.15 Catalina which sports Activation Lock that helps prevent unauthorised use and erasure of disks in devices that have the Apple T2 security chip.

Explore

Additional security settings can be often found by looking around your settings. You may find options such as backups that help in the event of data loss or ransomware, a type of malware, and others that increase your security at the expense of some convenience. Try them out; you may find the new barriers worth the additional piece of mind.

Microsoft Office has similar security settings. Most malware utilises document macros as an initial step in attacks. These can be turned off if not needed to significantly increase security.

Consumers may also consider using a suite of tools called HardenTools, produced by Claudio Guarnieri, a highly-respected cyber security expert with Amnesty International. This Windows suite turns off many legitimate default features that cybercriminals commonly abuse to launch attacks. The process is reversible with the click of a button.

Organisations meanwhile can consider the deployment of Application Guard for Office, which protects macro use. It is in preview mode and available to customers who apply for access from Microsoft.

Scams Awareness Week runs from August 17 – 21. Make sure to check out our Cyber Security Hub for the latest info on staying safe from threats. Also see the ACCC’s ScamWatch podcast series on identity theft by the team at the ABC’s The Chaser.

Woman on laptop
Consumer | Cyber Security | Small Business |

Secure your sensitive data for free

By Darren Pauli August 20, 2020

Open your email account and search for ‘driver licence’. Then search for ‘passport’, ‘Medicare’, and ‘payslip’. Now think about your email account password; do you use the same password for other accounts? When did you last change it? The sensitive personal information contained in your inbox is at risk if your password is used across other accounts.

That risk is higher still if you are like the 90 percent of Google users who in 2018 did not make use of a simple additional security check, known as multi-factor authentication, to protect their accounts.

Here’s how to take small steps for big security gains.

Scams Awareness Week: five ways in five days to free and easy cyber security

Start by making your email password unique, then switch on multi-factor authentication. After that, delete your attachments.

Lock shop

Your email password needs to be unique, so change it if you have reused the same one anywhere else.

The best way to do this is through a password manager. These can help you change all your passwords to long and unique combinations that you can set and forget. All you need to remember is your one master password which is the key to your password vault.

Another option is to use phrases for your passwords (also known as a passphrase). A sentence that means something to you, not taken from a book or movie, is a great choice. You’ll remember it since it is a phrase, rather than a random combination of letters and symbols, and it’ll be harder for an attacker to guess or crack. You still can’t reuse passphrases across accounts, though, so a password manager would again come in handy here.

Next, deadbolt your email account with multi-factor authentication. It is supported by most major email providers and can be usually found under your account settings within the security or privacy tab.

This security control, which requires an extra code usually when you first log in, is simple and makes hacking your email account extremely difficult. It also means an attacker will not be able to access your account if they steal your password.

Purge

Find and delete any attachments that contain your driver licence, passport, and other highly sensitive personal information you would most like to keep out of hackers’ hands.

Most email services allow you to check a box to return search results with attachments, or you may be able to search the phrase ‘hasattachment:yes’ along with any keywords like ‘driver licence’.

Your account is unlikely to be compromised when protected with both a unique password and multi-factor authentication, but there are phishing attacks that can steal both.

By deleting searchable records of your personal information in your email, you’re minimising the potential damage should it be breached.

Protect

You, like me, may choose to store a copy of your personal information (like your driver licence, passport, and Medicare info) in one easy to access location. You can do this whilst also ensuring it is secure.

I store mine within Google Drive inside of an encrypted archive file – most commonly known as a zip file – using an entirely unique password. I use the 7zip extension with powerful AES encryption, both which are set as default options within the free open source 7zip software.

This control means hackers who breach my Google account will be unable to find a copy of my sensitive documents within my thousands of emails. They will also be unable to open the archive containing my personal information because the password is different from any they have stolen.

If you need more regular digital access to things like your driver license, try an app.

Tap of an app

I have not carried a wallet since 2017. My phone is my wallet, allowing me to pay and provide proof of identity.

So making fast and easy access to my driver licence is essential. I store a second copy of my driver licence and Medicare card, two items I often need in a pinch, in the Sync.com cloud service.

This is a secure so-called ‘zero knowledge’ service which is protected with multi-factor authentication. This combination makes compromising my data very difficult, yet access convenient through an app on both Android and iOS.

Many identity providers are starting to offer identity services digitally. Apps like Australia Post’s Digital ID, Services Australia’s Express Plus Medicare mobile app, or if you’re in NSW or South Australia, your state government’s digital driver license apps, make it easy to access your identity documents quickly, backed by the government’s security chops.

Scams Awareness Week runs from August 17 – 21. Make sure to check out our Cyber Security Hub for the latest info on staying safe from threats. Also see the ACCC’s ScamWatch podcast series on identity theft by the team at the ABC’s The Chaser.