Consumer | Cyber Security |

Blocking scam text messages before they even reach you

By Andrew Penn April 7, 2022

We’ve turned on a brand-new SMS scam filter feature to better protect you from scam text messages by blocking them at the network level before they even reach your mobile device.

Scam text messages are not only annoying, they’re also malicious and have the potential to steal your money or install malware to steal personal information, hack your internet banking and infect your contacts. We know the number of scam text messages on our network is on the rise – in 2021 we had more than 11,000 reports of malicious texts to Android devices compared to 50 reports in 2020.

That’s why we’ve turned on a brand-new feature to find and block SMS scam messages with suspicious links as they travel across our network, to stop many of them before they reach your mobile device.

We know it’s working because our people have been on an internal pilot program for the last three months. Around two and a half thousand employees have taken part, and we’ve been successful in detecting and blocking hundreds of scam SMS messages every day. Our people on the pilot program told us they saw a reduction in the number of scam SMS messages they received.

Now we’ve fine-tuned this technology, we have rolled it out to every customer on Telstra’s network – so whether you’re on a consumer plan, a managed device through your company, or you’re signed up to another provider that uses the Telstra network like Belong – you’re now better protected from millions of scam text messages sent every day.

And the best thing is there’s nothing you need to do – it’s already switched on for you.

How the technology works

The capability under the bonnet is complex and evolving – it has to be to continue to help outsmart scammers – but in simple terms, we’re applying knowledge of what scam text messages look like to block them at the network level.

If a SMS message looks suspicious, we’ll block it before it reaches you. Automatic machine scanning picks out suspicious content such as malicious links and combines this with other patterns and characteristics like the time, sender, the number of messages sent and the recipient.

Telstra takes its privacy obligations seriously. We know there’s a fine balance between protecting our customers and ensuring their privacy. While the technology is learning, it might flag a potential suspicious message asking if it is a scam. To avoid blocking something legitimate, the new message format may be reviewed by our specialists to identify if the message is a scam, but the details of the recipients will remain masked.

There are also protections in place to ensure legitimate messages still get through, so we won’t block commercial messages from banks and other large businesses, government departments, Emergency Alerts and Telstra applications like MessageBank.

Another step forward in keeping networks safe

While we’re confident our SMS scam filter will block a significant amount of scam text messages, it isn’t fool-proof and criminals evolve and find new ways to scam us so we’ve all got to continue to be alert to suspicious messages – even the ones that might slip through. You can learn more about how to spot and protect yourself from scams at Scamwatch.

Now it’s on, Telstra’s SMS scam filter will block many of the millions of malicious text messages sent to our customers every day. Most customers will be seeing the benefit already. However, if you do not want any SMS messages sent to you being blocked, you can opt out by sending an SMS to 0438214682 with the words FILTER OFF. And if you change your mind you can turn it back on by sending a message to 0438214682 saying FILTER ON.

This is an exciting step in Telstra’s Cleaner Pipes initiative where we have already protected our customers by blocking over 100 million scam calls in the past year. We know you have probably all experienced a fake parcel delivery text message or badly punctuated message about a video or unexpected payment – now, with Telstra’s SMS scam filter switched on, you’ll be receiving fewer annoying and risky messages.

The good news is that there is no need for you to do anything, since we have turned it on across our network – and we won’t call you or send you an SMS or email asking you to click a link to access it.

Consumer | Cyber Security |

Getting strange ‘missed call’ SMS messages? Here’s how to avoid the Flubot

By Clive Reeves August 12, 2021

If you’ve been receiving some strange, garbled SMS messages mentioning a missed call or voicemail recently, you’re not alone. The messages are generated by malware called Flubot, which spreads via SMS and can infect insecure Android phones.

What is Flubot?

FluBot is malware – like a computer virus – that can be installed on your Android device if you click on a malicious link in a SMS message. This malware then sends many similar text messages to other people from your phone without your knowledge, potentially infecting them. Telstra has identified a number of handsets recently which we believe are potentially infected.

If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

The Flubot malware has started to appear in Australia after circulating around Europe for some time. We’ve documented this on our Recent Scams page, but it’s worth educating yourself to stay safe. Read on to find out more.

How do phones get infected?

You may receive an SMS from another mobile telephone number with a message like

“a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”

If you click on the link, you will be taken to a web page displaying a trusted brand (like Telstra) and prompted to install an app, for example to listen to the voicemail message. If you give permission to install, then the Flubot malware will be loaded on your handset.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list. Each time it does this it creates a new, unique link, making it difficult to block at a network level. These messages are also being sent from infected devices all across the world that have fallen victim to the malware.

To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive. It will only affect Android phones that have previously enabled the ‘side-loading’ of applications onto the device (which means the device is configured to permit the installation of software from less trustworthy locations than the Google Play Store) – so unless you’ve done this, you can rest easy.

How can I tell if I’m infected?

If your device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMSes to infect others. The following are warning signs:

  • In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You can not perform this action on a system service.”
  • You receive text messages or telephone calls from people complaining about messages you sent them but you did not know about the messages.
  • Telstra may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMS and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

What can I do?

Importantly, just because you’ve received this message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected.

If you have clicked on the link and downloaded the software, chances are your device is now infected.

Most popular anti-virus applications for Android phones will detect Flubot to prevent infection, as well as clean up a currently infected device. Some information on how to remove Flubot from an Android device is available from security researchers at ESET, F-Secure, and our own CrowdSupport help page.

However, the instructions can be very technical. If this sounds too techy for you, you can also do a factory reset on your phone, which erases the malware.

Remember, performing a “restore” of any recent backup may restore the malware if a backup was done while the malware was installed, so, it’s important that after a reset, you not do this, use an back up that is dated earlier.

After you’ve removed the malware/virus from your phone, we recommend changing your passwords as a precaution. Do not change your passwords before removing the malware.

We’re working with the security community to address this scam. For now, as always, our advice is to be especially cautious of phone calls, messages and emails from an unfamiliar source, and not to click on links that you don’t trust. If you think your Telstra account has been compromised, get in touch with us.

You can report a scam to Telstra using our website, or call us on 13 22 00. If you want to learn more, we also have more cyber safety advice on our website.

Man on mobile phone and working on his laptop computer
Consumer | Cyber Security | Tech and Innovation | Telstra News |

We’re now blocking over 13 million scam calls a month

By Narelle Devine June 15, 2021

We are now blocking around 13 million suspected scam calls on average per month from reaching end customers, which is a two-fold increase on the 6.5 million suspected scams calls we were blocking just four months ago.

Over the past few months, we’ve implemented a few new upgrades to our platform to catch even more suspicious calls, making our blocking strategy more aggressive with the ability to detect more types of scam calls than before.

Protecting customers from potential scams is a big deal – Scamwatch says that scam calls have cost Australians nearly $25 million already this year, on track to surpass last year’s $48.2 million that was lost to scam calls. So you can see why we’re working hard to try and stop these calls.

How we are detecting more calls than ever

We have made improvements to the way we block Wangiri scam calls. This is a type of call I think most of us might be familiar with – do you ever get a call from a random international number, it rings once and then stops? This is a type of call that scammers use to try and get you to call them back, which if you do, is where the scam begins. The international number is typically an expensive premium number and the scammers try to keep you on the line for as long as possible to milk money out of you.

We are also improving methods to detect and block scam calls with numbers that appear to be from a known source, but are not. This is called spoofing, and it’s when a scammer disguises the number they are calling from by changing the caller ID to look like a local number, which we all tend to trust more than international numbers, or a trusted brand name, like Telstra or the ATO (Australian Tax Office). This is a popular technique, as scammers from overseas know that the appearance of a local or trusted number increases the chance someone will answer the call.

We are also very careful not to block legitimate calls that could prevent customers connecting. That, combined with the fact that scammers are always finding new tactics means that no technology platform will ever stop scam calls entirely and we’re working hard to continue evolving our algorithms and detection methods to block existing and future scamming tactics.

The work we’re doing to target scam calls is part of our Cleaner Pipes initiative, where we are working to reduce the harm of phishing, malware, ransomware and other scams across our networks both online and through voice and SMS. We recently rolled out a new capability to make SMS safer too, with the first impact being to block illegitimate messages pretending to be from Services Australia from reaching Telstra customers’ phones.

We are doing all of this to protect our customers and their livelihoods because we know that we can have a significant impact by taking proactive action at a network level.

Working together to stop scams

Cyber security is a team effort and relies on industry working together to keep Australians safe. We are also working with other carriers and our regulators to trace back the origin of scam calls, so that we as an industry can stop the people bringing these calls into Australia in the first place.

This team effort is another big reason we’ve been able to block so many more scam attempts, with industry’s new Reducing Scam Calls Code coming into effect.

Telstra was a key contributor to the Code, which has given us and other telcos the regulatory foundation to block numbers that are non-telco compliant. It also sets out the expectation for telcos to collaborate more to block illegitimate calls more aggressively and this is a big win for the industry and customers.

Keeping our customers safe from scammers is something very important to us, and we’ve come a long way in a short time to reduce the amount of calls and risk of this activity to customers. This is just the beginning though, and we’ll continue to implement new ways to stop as many different types of scam calls as possible.

5 things to watch out for to protect yourself

1. Don’t be convinced if it looks like an incoming call is from a legitimate business or government organisation.

2. Is the caller pressuring you and making it seem like the matter is urgent? Be very suspicious of calls of this nature. Hang up and search online for the official number of the organisation they are calling from and use that number to call back.

3. Take note of the time of day – is it a reasonable time for a trusted organisation to be calling you? Be suspicious of calls late at night or on weekends.

4. Is an unknown number or trusted brand trying to call you repeatedly? This is a hallmark of a scam call.

5. The golden rule: if it sounds too good to be true, it probably is. If someone is calling you about an opportunity or about winning a prize (especially one you don’t remember entering!), it’s probably a scam.

Remember, if you think you’re receiving a scam call, just hang up. If you’re not sure about whether you’re speaking to a real business or a scammer, take their details and say you’ll call them back.

Whatever you do, don’t provide personal information or bank account information to anyone who you weren’t expecting a call from or don’t know – regardless of who they say they are. A healthy dose of skepticism might just save you from a scam!

If you think you might have been scammed, contact us – especially if the scam involved impersonating Telstra – and we can help secure your account.

For more tips and advice on how to spot a scam phone call, visit our website.

Consumer | Cyber Security |

We’re now blocking around 1.5 million scam calls a week

By Andrew Penn February 16, 2021

Growth and the overall success of the digital economy is inextricably linked to connectivity. Equally important is having a secure network that keeps those connections safe.

Cyber criminals and scammers have not failed to notice that millions of Australians are now much more dependent on being able to live, work and learn online because of COVID-19 and cyber-crime is on the rise again. Scam calls are not only annoying, they also have a real financial impact on Australians and are estimated to have cost ordinary Australians nearly $48 million last year.

This is why we’re announcing today that we are doubling down on efforts to address scam calls and are now blocking around 6.5 million suspected scam calls a month on average from reaching end customers. Scam volumes fluctuate day-to-day but on an active day for scammers, we’re sometimes blocking up to 500,000 calls a day before they can potentially defraud our customers, which is a huge increase from the 1 million plus scam calls we were blocking on average per month previously.

We are doing this to protect our customers and their livelihoods because we know that we can have a significant impact by taking proactive action at a network level.

This activity is part of our Cleaner Pipes initiative, where we are working to reduce the harm of phishing, malware, ransomware and other scams across our networks both online and through voice and SMS. We recently introduced a new pilot program to make SMS safer too, with the first impact being to block illegitimate messages pretending to be from Services Australia from reaching Telstra customers’ phones.

A lot goes into operating national and global telecommunications networks, from the physical assets of the fibre, exchanges and data centres humming away in the background of our cities and towns, to the operations that happen in the digital layer that keep this infrastructure and the people that use it safe.

Blocking scam calls is no mean feat. Our Networks team has built a smart platform that enables us to monitor inbound calls on our network that have suspicious characteristics, and block them before they can ever reach our customers.

We were already blocking around 1 million calls per month using a manual process, so the automation is a huge boon to our capabilities. Scammers use a range of methods and some of the more popular types at the moment include ‘wangiri’ or one-ring scams, and spoofed number calls either pretending to be a legitimate service (like the ATO) or a random number entirely.

We built this technology in-house and we are proud of the scale and expertise of our cyber security and networks teams as leading Australia’s telecommunications industry, but we also know that this is a team sport. The telecommunications industry and the Australian Communications and Media Authority (ACMA) recently introduced the Reducing Scam Calls Code is an important step towards a collaborative industry approach, creating the framework to work together on protecting Australians from scam calls.

Our efforts will always need to evolve to target new, creative tactics that scammers will use so no technology platform will ever stop scam calls entirely. Customers should always remain vigilant.

Related: Five ways to spot a scam call

If you think you are receiving a scam call, our simple advice is: hang up. Scammers operate on confidence and often victims are influenced to act quickly; if you buy yourself some time to think critically then your chances of avoiding a scam are far better. As a reminder, if Telstra is legitimately calling you, we will only call between 9am–8pm Monday to Friday, and 10am–3pm Saturday wherever you are based, and not on a Sunday. The exception to this is if you have an unpaid account or a customer-initiated inquiry with respect to an order, fault or complaint, someone from Telstra may call you outside of these hours. We’ll respect your wishes and terminate the call if you say no thanks and we won’t call repeatedly if you don’t answer – these are all hallmarks of scam calls. If you think you have been scammed, contact us.

The security of our activities online and on our smartphones is more important than ever, and it is critical that we take action to help our customers trust in the connectivity we provide. We see a future where scam calls of this type are effectively ring-fenced and eliminated from our network. It will take more investment and innovation, and continued support from Government but we have an ambition to make these kinds of changes to continue to improve the level of trust that Australians have in their phones, their emails and the websites they visit, and to encourage the rapid expansion of our country’s digital economy however we can.

For tips and advice on how to spot a scam phone call, visit our website.

Consumer | Cyber Security |

Getting cyber smart heading into 2021

By Matthew O'Brien February 8, 2021

Tomorrow is Safer Internet Day, a day when the world comes together to #startthechat about how we can make online experiences better for everyone. With more devices connected to the internet than ever, it’s important to make sure yourself and your family are safe online.

To help with this, we’ve launched Telstra Cyber Security Device Protect with cyber security leaders Trend Micro to make it easier than ever to protect your household devices online. Whether it’s managing your kids’ screen time or helping to keep your devices safe against hackers or protecting your ID, we’ll have you covered.

To go with this, we’ve put together a few tips on how to stay safe online, as well as a few of the ways you can use Device Protect to manage it all in your sleep.

Managing the content your kids can access

They’ve just got back to school after a big break, and tests are already starting to come up that your kids need to study for, but all they want to do is chat to their friends online. Rather than stay on your kids’ backs the entire time, it can be much easier just to control what content they can access online and when they can access it.

With the Parental Controls feature in Device Protect, you can prevent specific categories of websites from being opened, and even set different rules for different computer accounts. You can also limit internet usage through time control on a shared PC at home, so your kids won’t be able to get online until they’re done with their study or homework.

Your Wi-Fi router may have settings that you can log in and set up, but Device Protect takes the concept further than just your Wi-Fi and helps keep your family’s devices safe individually wherever they are. Our Mobile Security for Android devices includes an App Lock for restricting app usage for even more in-depth control.

Did you know only 46% of Australian parents feel confident about dealing with the online risks their children face and 95% want more information about online safety? To mark Safer Internet Day eSafety is hosting a series of webinars for parents and carers this week on Cyberbullying and online drama. They also have a suite of resources available to help you start the chat about being safer online.

Protecting yourself on public WiFi

Free public WiFi can be a saving grace when you don’t have any mobile reception or want to pull out your laptop for some quick work, but you also need to make sure you’re careful around what things you do online. When you connect to a public network, you can never be too sure who runs it, or if anyone else on the network has managed to get in and snoop on other devices.

Because of this, a general rule of thumb is to never use a public WiFi network for any sensitive data – think online banking, making purchases online with your credit card or even signing up to things that reveal a lot of personal information. Try to always do these things on a private network, either on your mobile or on a WiFi network at home or at the place of someone you trust.

However, if you really need to make an emergency bank transfer or want to regularly pop down at your local cafe to work, having a Virtual Private Network (VPN) installed can help mitigate those risks by hiding from the network what you’re doing over the internet.

With Device Protect installed, your VPN will automatically turn on and encrypts your data communication when it detects you’re connected to an unsecured public network, giving you peace of mind without having to fuss around with securing your connection.

Keep safe against cyber threats

As we become more reliant on our devices for shopping, banking and connecting to others, it opens us up to more risks against cyber criminals.

It might be someone pretending to be from your bank or from a social network claiming you need to reset a password or have received a special message you need to log in to see, where they then try to take you to a fake page to steal your information. They could also make attempts to access your devices and information by sending you dodgy links that infect your device with a virus giving them access. Or they could try something even more advanced and sneaky!

But as long as you keep your eyes open and be vigilant with your device protection you should be able to keep yourself safe. Make sure to always pay attention to the URLs of links you click, and that they match the same place you’d usually login. Likewise, check the email address of who’s emailing you to make sure it’s correct and that they’re not using a fake name.

Or let Device Protect do the checking for you, such as automatic monitoring of anything you download to have confidence there are no viruses hiding in the file, getting alerts when a website you enter known to be a bit fishy or even add an extra layer of protection when entering your credit card or bank details.

Keeping your passwords and identity safe

Most of us are guilty of recycling passwords across most of our accounts online, but doing this is really risky – it means that a cyber- criminal only needs to get access to one of your accounts to get into all of them that share the same password. But on the flip side, it can also be quite hard to remember dozens of different passwords across all your accounts to be extra safe – which is the reason most of us don’t bother!

To make this easier, you can use a password manager like the one included in Device Protect to not only store all your passwords, but automatically generate super secure new passwords for you. You can then log into all of your accounts with one tap, so you’ll never need to think about passwords again!

While keeping your passwords protected is important to keep your data secure, it’s also important to make sure you haven’t already been hacked or had your personal information stolen.

Device Protect will also monitor sites on the internet and on the dark web for you to see if your personal information is posted or is for sale anywhere, then alert you if it’s found. That way you can contact the police, cancel your credit cards before anything is spent on them and get new ID documents to minimize the damage done.

Keeping your devices and identity protected online can be a bit scary, but there are simple things you can do as mentioned here to ease your mind and help protect yourself and your family. If you’re looking for a solution to help protect your family’s devices for you, Device Protect will help keep your digital world safe and secure.