It’s a staggering figure and one the telco should be applauded for, particularly as it came days before it was a legal requirement.

The Australian Communications and Media Authority introduced a new code on 12 July that now requires mobile service providers like Telstra to take action to block scam texts.

But here is the worrying reality. I have just had a quick look through IDCARE’s National Case Management Centre’s daily engagements, and cybercriminals are still getting through at alarming rates.

And they will continue to do this because here is the annoying reality about cybercriminals: they have a remarkable ability to adapt and diverge far quicker than we can introduce legislation to block them.

Take the latest scam that is trending through our National Case Management Centre. It is a two-pronged scam that begins with a text message and is followed up with a phone call.

I spoke to a Melbourne psychologist on Wednesday who explained how this scam worked and how he ended up sending a scammer $13,000, even though the red flags were in front of his eyes. I also spoke to a Melbourne driver who lost $38,000 in exactly the same scam type.

It started with a text that appeared to be from Medicare advising the person had been a close COVID-19 contact.

According to the Australian Health official website, there were 316,574 active cases in Australia at the time of writing this column. This makes it extremely likely that when cybercriminals send these texts en masse, someone will relate to them.

For the Melbourne psychologist, his son-in-law had recently been diagnosed with COVID-19 so when he received the text, it just made sense.

The psychologist clicked on the link in the text which took him to a site that looked “almost exactly like it was from Medicare”.

He was required to fill in his name, address and then his credit card details to pay the “$1.40 postage fee” for the PCR test.

An hour later he received another text from his “credit card provider”, advising unusual activity had been noted and someone would be calling him from the number associated with his card.

When he received the call, he had already checked the number for his card provider, and it matched. This made him convinced the person on the phone was genuine.

Spoofing, where the scammer uses legal apps to disguise their number to appear like someone else’s (including financial institutions) is a very effective tool the cybercriminal has in his toolkit.

The scammer told the psychologist he needed to transfer $13,000 to a safe, encrypted account. The encrypted account was the account of the scammer.

That was one of this week’s scams. Next week there will be something different.

My boss, Dr David Lacey, summed it up well.

“Scammers are more agile than government and business will ever be,” he said.

While the new code is a welcome change, we cannot afford to be complacent and this is the end of scam SMS texts.

More Coverage

Expert’s tip to save potential victims from ‘relentless’ cybercrime

Kathy Sundstrom

The new Instagram scam targeting small businesses revealed

Kathy Sundstrom