WHEN Katie Fletcher had her mobile number stolen she knew it was bad news, but she didn’t know her friends would lose up to $40,000.
WHEN Katie Fletcher had her mobile number stolen and ported to a different carrier she knew it was bad news, but she didn’t necessarily expect it would lead to her friends having thousands of dollars drained from their bank accounts.
Ms Fletcher, 30, who works in Sydney and lives on the central coast has had her Telstra number illegally ported an astonishing four times in the past 18 months.
After stealing her number, hackers were able to gain access to her e-mails and from there collect personal details of her contacts and begin hacking their accounts. She believes a huge number of her friend’s personal accounts were hacked stemming from her number being ported.
“I stopped counting when I got to 33,” she told news.com.au.
Each time her own bank account was compromised, Commonwealth Bank stopped the offender from withdrawing money but some of her friends weren’t so lucky and had up to “thirty or forty thousand dollars drained from their accounts” which took months to get back, she said.
With telcos failing to adequately defend against unauthorised porting, cyber criminals are using the simple trick to steal people’s mobile numbers and use it to burrow into their digital lives. Given that most important accounts rely on two-factor authentication, which involves receiving a text message code to log into the account, the momentary access they need to cause harm.
In most instances, fraudsters simply need an account number for your mobile provider and your date of birth to move the number across and begin wreaking havoc.
Dr Terry Goldsworthy is a former detective inspector for the Queensland police who now works as an assistant professor at Bond University. He began researching the prevenance of illegal porting earlier this year but says reliable data is almost non existent.
“No one seems to be collecting the data,” he told news.com.au. At least no one who is willing to share.
Last month he delivered a talk on the topic at the International Conference on Cybercrime and Computer Forensics in which he made the suggestion that there has been a regulatory failure in Australia when it comes to dealing with the issue.
At the conference “I ran into a police source and he said they’re getting hundreds of them (porting complaints), mostly referred to them by the banks,” he said.
In April the NSW police created a phone porting category for complaints however if they do get reported to police or consumer bodies, most cases typically get filed as instances of generic fraud.
“The actual offence numbers are getting diluted,” Dr Goldworthy said. “The problem is: who are we reporting to?
“I’m sure it’s happening more than we know.”
The issue made headlines earlier in the year when ABC journalist Tracey Holmes was the victim of unauthorised porting. She believed someone likely got hold of her mail after she moved house to get access to her Telstra account number and then managed to find her date of birth online to carry out the attack.
In June Telstra told news.com.au that it was “working to strengthen our identification and verification procedures even further” because it recognised the increased threat level because of the growing “availability of individual’s personal information on social media and other open platforms.”
At the time of publication, Telstra was unable to provide further details on exactly what it had done to combat illegal porting since then.
The first time it happened to Ms Fletcher was in March last year. Usually, it takes about a week for victims to get their number back. It happened to her again a year later and the third time her number was stolen, the hacker simply ported the number to a new SIM card on a Telstra account.
At one point, a Telstra employee called the number and someone else picked up, Ms Fletcher said.
“By the fourth time they just wouldn’t help me, they (Telstra) were useless.”
Contrary to what many disgruntled customers claim about the reality on the ground, Telstra says its porting processes are identical for pre-paid and post-paid services and comply with industry regulations.
But a number of affected customers who spoke to news.com.au have called on the telcos to ensure staff actually carry out the proper checks when porting numbers to make sure the correct procedure is followed and the number belongs to the person porting it.
“They all talk in generics, but what are they actually gonna do?” Dr Goldworthy said of industry assertions that it is addressing the problem.
In the case of Ms Fletcher, not much.
“Telstra’s advice was to just go somewhere else because we can’t stop it from happening,” she said.