Esther Yam, 32, knew something was very wrong after she saw a “creepy” message pop up on her phone in late August.

“I got a text that literally said, ‘Hi,’” Ms Yam recounted to news.com.au.

There was just one major problem. “It was a text from myself,” she explained.

“Then it happened again. I thought, ‘This isn’t random.’

“Alarm bells started going off, but before I could do anything, the nightmare began.”

She stopped receiving a signal on her phone, with it resorting to SOS only mode, and could no longer send or receive text messages.

It turned out her phone was the victim of a SIM swap. A Ukrainian hacker stole her mobile number and got into all her accounts by sending a password reset to the phone.

The ACT accountant had to scramble to secure her bank details, social media and financial apps, as otherwise she could have been financially ruined.

Ms Yam remembers being snowed in with work deadlines and almost dismissing the weird text message until she realised it was coming from her own number.

Luckily she immediately realised she had been SIM jacked, where a scammer had remotely gained control of her SIM card by applying for an eSIM card through Optus.

She suspects the reason she received a text message from her own number was because the hacker was trying to test whether they had gained control of her phone.

“I think I got lucky, obviously this person had my number but the eSIM hadn’t fully ported over,” she explained.

“I managed to stop whatever havoc this person was trying to do within the next 24 hours by rotating passwords and email addresses and removing every two factor authentication linked to the phone number, but it was a very hectic 24 hours,” she said.

Have a similar story? Continue the conversation | alex.turner-cohen@news.com.au

A total of $200 was taken out of her Google account and the hacker tried to get into her financial apps, including those of her banking institution, cryptocurrency exchanges and micro-investing platforms where Ms Yam kept a substantial portion of her money.

Using the IP address that showed up when the hacker logged into her cryptocurrency apps, she was able to see they were located in Melbourne and Ukraine.

“I have an offset account, for savings and travel funds. Literally I only have one account, if they had gotten into that I don’t have any fallbacks or anything,” she said.

Although it’s been months since the hack, she never received any apology or compensation from Optus for granting the hacker access to her phone.

Every day Ms Yam also receives scam messages from different phone numbers, making her suspect her details have been shared by the hacker onto the dark web.

Ms Yam says she is “furious” that Optus allowed a hacker to get access to her phone number in the first place.

All it takes for a rogue agent to take over your phone’s SIM card is your name, mobile number and your date of birth.

Ms Yam said she was shocked to learn that was all it took to hijack someone’s life.

“Apparently, that’s all that Optus needed to issue this fraudster an eSIM card that allowed them to steal my identity. My name, and birth date. Over the phone,” she said.

Her name and birthday are easy to find on social media and she can only assume the hacker got hold of her number another way.

Of more concern, one of the last texts Esther received was a reference number for Optus, as the hacker was getting help from Optus to transfer her phone number over to theirs.

“There was also a support ticket lodged by this person with Optus claiming they ‘can’t receive SMS’,” Ms Yam continued.

“It hit me then, this person clearly wasn’t able to receive the text messages themselves as I was still getting them. So they contacted Optus and lodged a support ticket saying they weren’t receiving text messages – and then Optus decided to fix this issue for them, which sent my phone into SOS mode.

“Optus literally enabled this person in their attempts to steal my identity.”

Ironically, Ms Yam had to physically go into an Optus store to prove her identity at the height of Canberra’s Delta lockdown.

She said an Optus employee played her a recording of the conversation with the hacker and it was obvious from his voice he was a man even though he was claiming his name was Esther.

“He requested an eSIM card because his phone broke and he wanted the confirmation sent to another telephone number rather than the email address listed on the account,” Ms Yam continued.

“How did this not raise any red flags to Optus? It’s so obvious something suspicious is happening.”

Optus responds to allegations

When news.com.au contacted Optus for comment, it did not issue an apology to Ms Lam or offer any compensation.

“Unfortunately, identity theft continues to be an economy wide issue which opens the doors for fraudsters to access innocent Australian’s services in ways that can have real harm to them,” the spokesperson said.

“Optus, along with the wider telco industry is working to enhance existing protocols and controls to reduce unauthorised access to customers’ accounts and services.

“Optus takes customer security and data very seriously, we encourage customers to regularly change their passwords, not re-use passwords and aim to keep their personal information secure.”

alex.turner-cohen@news.com.au

More Coverage

‘Screwed’: Family ‘devastated’ by phone hack

Alex Turner-Cohen

$400 bill that uncovered epic betrayal

Alex Turner-Cohen

Originally published as ‘Creepy’ text signalled Canberra woman had lost all her passwords in phone spoofing scam