Protect yourself against the latest phone scam from fake ‘Telstra technicians’
With the world becoming more ‘digitised’, we now find ourselves exposed to sharp increases in online fraud, phone scams and data breach hacks. We’re also seeing more creative techniques attempted by scammers to targeting individuals that are are not tech savvy.
Gone are the days of the dodgy-but-obvious Nigerian emails wanting to give you $12 million for nothing. These types of emails were easy to single out, however today’s scammers are more ruthless, intrusive, and have no limits. With some calling you on your home phone (even if listed as private), disguising themselves as specialists from a well-known business, and attempting to access your computer and network to steal money and personal information.
This blog covers a recent attempt by a group of scammers who got very close to getting bank details and personal files from one of our readers. With her permission, we felt it important to share her story, to remind our readers and the community of the type of scams being attempted today, and to reinforce the importance of not giving your information away, over the phone, or on the internet.
This particular story involves scammers disguised as representatives from Telstra, offering assistance with NBN connection.
The ACCC says its scamwatch website has recorded a significant spike in these types of scams, known as remote access scams, with more than 8,000 reports recorded in 2018 so far, and losses of $4.4 million. The data shows that people aged between 55 to 64 were most often the victims reporting such scams.
Quick profile: Judy lives on the Gold Coast, retired, and is 62 years of age.
So the story goes, told by Judy…
My husband and I were recommended by friends to upgrade our internet network the new NBN service. So we called and ordered the new modem.
When the new modem arrived, I received a phone call within 15 minutes of it being delivered. The phone call was from a ‘Telstra’ representative, asking if I needed assistance in setting up the modem.
I remember being surprised, yet impressed, of the swift process of receiving the modem and Telstra calling to help. And of course, I gladly accepted their assistance, as configuring these types of new connections is always frustrating, even with instructions.
The caller asked for the modem details, including the password and other bits of information [! warning sign 1 !]. Once I provided him with this information, he then transferred me to a ‘Telstra Technician’ named John.
Warning sign 1, Comments:
This is the first hack that allowed the scammers to remotely access Judy’s internet connection. What seems like a non-intrusive question, accessing the modem information is a pivotal point where the scammers can then remotely connect to Judy’s network. This means John could trawl through Judy’s computer, including all of her personal files, documents, saved images and anything else saved on the computer.
I worked through a number of instructions with John, even giving me advice on how to set it up and asking whether particular lights were flashing or static, and the colour of the lights etc. I felt like I was in good hands.
In hindsight, this was the scammers building trust with me early on so that they could later ask more detailed questions, taking advantage of my ignorance.
After John confirmed the modem was working and was enabled, he then instructed me to switch on my computer and attempt to connect to the new modem. Where he could remotely access the computer to ensure everything was working correctly [! warning sign 2 !].
Warning sign 2, Comments:
Under no circumstance should you ever let someone that you don’t know remotely access your computer. Never.
Once the computer was on, John access my computer remotely as he had the modem login and I allowed him access. John ran some ‘tests’ on my computer, and then became concerned about some strange files discovered. He showed me a bunch of lines of script with a few ‘warning colours’ and raised some alarm bells that he needed to dig deeper to resolve.
Soonafter he said my computer had been infected with malware which was very serious, but offered to help remove them for me on the spot. I gladly took John up on his offer to help remove the malware, and thankful for his assistance.
He then recommended that we log in to a number of external websites to check how severely infected the computer was [! warning sign 3 !]. Such websites included: eBay, Facebook and some others. At this point I was so concerned about my infected computer I didn’t even consider the websites I’d given John access to were of importance of valuable.
Warning sign 3, Comments:
This is the third hack that allowed the scammers to access more information about Judy. Any login information given to hackers can lead to theft of your personal information, which can later be sold or used for more serious attempts of theft, such as bank logins. It’s important to note that eBay holds your credit card information, and home address, and Facebook a lot of personal information. And because of the high percentage of people that will generally use the same password for all logins, scammers will try to break in to a range of other websites and emails using this same password, or variations of it, which can be run in minutes using script.
By this stage I was getting worried that my computer had been hacked and information stolen. Playing on my emotions, John then asked me for my bank login details to see if they had also gotten access. This is where I became suspicious. I hesitated and asked “Why do you need my bank login?”
John stated that it was standard protocol to check bank access for infected malware. But this just didn’t seem right, so I refused and suggested we skip to the next step. John continued to pressure me for bank login details as it may not help him find hidden malware. It was his persistence that rang alarm bells for me. So I said that I would have to call him back once I checked with my husband.
John provided me with a phone number to call back. Once I told my husband what had just happened he was also concerned. After deliberating, we thought we’d call back and ask someone else from Telstra if this was absolutely necessary. But when I called back and asked for John, the Telstra representative that answered was also named John, but wasn’t the same John I had been speaking with.
I told him that I was speaking with a Telstra Technician named John. After checking his system, he confirmed that there was no one else on the team that was named John, other than him, but he wasn’t a Telstra Technician. This wasn’t the same gentlemen. And this is when it hit me.
After explaining to the Telstra representative about the phone call I had received and the steps I had just been through with the fake caller named ‘John’, the Telstra representative suggested that I may have just been on the receiving end of a phone scam. And that this type of scenario was known to the business.
He then asked me to look at my computer screen, “can you see two mouse icons on your screen right now? With one mouse moving around the screen that isn’t your mouse?”
I moved my own mouse and confirmed, “Yes, I can.”
He then re-affirmed, “That is the scammers currently fishing through your computer.”
I was instructed to switch off my computer immediately. Restart. Change the computer password and all passwords that I had given the fake John. And to call my own local IT technician.
I also contacted my bank to notify them of the breach, and changed all of her passwords that had similar characters to the passwords they were aware of.
When the local IT technician inspected the computer, he found that a number of malicious malware had been installed on the computer by the scammers.
A week later at lunch, I was telling the story to my friends. One of my friends was amazed as they’d received the very same phone call but luckily they were running out the door and asked to call back. The phone scammer then hung up the phone, and they thought nothing much of it.
It still baffles me how efficient the entire process was, and how suspicious it was that the scammers called my house within 15 minutes of receiving the new modem. Our home phone line is listed as private, so I have no idea how they could have got it. It was almost as if they were tracking the parcel, or working with the delivery driver. But I can’t be sure. Something to be aware of in any case.
Luckily for me, nothing has been stolen (that I am aware of), or logins infiltrated. I’m hoping this is because I acted swiftly once I recognised the scam.
There was a similar incident that occurred to a lady named ‘Georgia’. It took only one phone call for Georgia to lose access to her emails, PayPal account, and $600. Someone claiming to be a ‘Telstra technician’ said her new NBN service was being used illegally without her knowledge, and required an urgent fix.
She agreed to let the caller remotely access her computer, but when he did her screen turned blank and she couldn’t see what he was doing. Before long she was $600 out of pocket and had lost control of her PayPal and email accounts.
With the ongoing rollout of the NBN across all parts of Australia, the percentage of any household that has received a new modem would be high. So, for scammers, this is a high probability target. And with creative phone scams like this, it makes it much easier for scammers to build trust and prey on households that aren’t technology savvy.
There would be thousands of these stories, many of which would be too embarrassed to notify regulators or friends.
If you receive a phone call from someone you don’t know, regardless of the company they may be calling from, do not provide them with any information whatsoever, especially personal information (or modem numbers). If they ask you for any information, just hang up.
Telstra is aware of the scammers – Here’s what they say
Telstra are aware of the increase in scammers pretending to be from Telstra and have released a number of articles and brochures of how to identify such scammers. We have included their notes below for easy reference and to help drive the message to our readers and fight back against scammers.
A message from Telstra:
These people may quote fake Telstra Employee (ID) Numbers or Customer Account Numbers; or describe themselves as ‘Telstra technicians’.
We realise that sometimes it’s not easy to tell a scam call from a real Telstra call. This leaflet provides some advice to help you know whether it’s really Telstra calling.
Below are some tips to help you identify if it’s really Telstra calling:
What to do if you’re suspicious about a call you’ve received
End the conversation immediately. If you would like to report details of a call or for more information, please contact Telstra’s Sales Watch Hotline 24/7 on 1800 260 270 or visit telstra.com/verify.
How to protect yourself from scammers
Here is a list of a few important facts provided by specialists, Telstra representatives and the ACCC:
- Scammers often pose as well-known and reputable businesses to try and convince you that they’re the real deal, with Telstra a popular target.
- Remember that you can still receive scam calls even if you have a private number or have listed your number on the Australian Government’s Do Not Call Register. Scammers can obtain your number fraudulently or from anywhere it has been publicly listed such as in a phone book.
- Never give your personal, credit card or online account details over the phone unless you made the call and the phone number came from a trusted source.
- Never give a stranger remote access to your computer, even if they claim to be from a reputable business.
- If you think your computer’s security has been compromised, use your security software to run a virus check. If you still have doubts, contact your anti-virus software provider or a computer specialist.
- If you think you have provided your account details to a scammer, contact your bank or financial institution immediately.
- If you receive a phone call from a person claiming to be Telstra employee stating there are errors on your computer or appealing for your help to catch hackers, hang up.
- If the person resists or questions the scammer, they up the ante. Scammers have reportedly threatened to sue people for putting Telstra’s infrastructure at risk. When the person has requested proof that they are a Telstra rep, scammers have given out a fake number for Telstra which, when the consumer calls, puts them back on the line with the scammer.
- These scammers are also well-versed at creating a sense of urgency to incite fear and anxiety that your device has been compromised and must be fixed immediately.
- ACCC deputy chairman Delia Rickard says, “If you receive a phone call out of the blue about your computer and remote access is requested, it’s a scam 100 per cent of the time. Just hang up.”
To see the top list of scams in 2018, visit our blog Investment, dating, crypto scams rip off millions.
Here are some more news articles on similar scenarios from scammers pretending to be from Telstra.
– Scammers pretend they’re from Telstra, ATO, Centrelink, to steal money – Read article
– Scammers pretending to be from Telstra Technical Support continue cold-calling Australians – Read article
– IS IT REALLY TELSTRA CALLING? What you need to know – Read brochure
– Police warn of latest ‘very convincing’ ‘Telstra’ scam – Read article
Subscribe to our newsletter