A Telstra customer, 28-year-old Jeremy Rose, feared something dodgy was going on when, after a series of spam messages were sent to his personal phone number, his mobile went into SOS mode only and couldn’t be reactivated.

Upon calling Telstra, a customer service representative informed Mr Rose that someone pretending to be him had fraudulently accessed all of his personal data.

The next morning, $19,200 had been taken from his bank account.

How did this happen? Here’s the scariest part. A scammer, armed with Mr Rose’s account information, called Telstra and attempted to port his number to another network. Given the scammer was able to answer all security questions correctly, Telstra went ahead and started the transfer to international carrier Lebara Mobile, as well as giving away more of Mr Rose’s personal information. Mr Rose promptly instructed them to cancel this transfer.

“They [the scammer] somehow had access to my home address, date of birth, full name and phone number. They didn’t need any secret questions, nothing,” Mr Rose, who has been a Telstra customer for over eight years, told news.com.au.

“[Telstra] gave them all of my details, as well as my account number, which meant they were able to go to another provider and switch over my phone to another carrier.”

After spending more than four hours on the phone without actually being put in contact with someone who could assist him, a Telstra representative informed Mr Rose that, as no one owns the account at Telstra any longer, they could not tell him who the transfer was made to. He was then told to come into his nearest store to obtain a new simcard and that he would be back online within 24 hours.

“I woke up the next morning, still didn’t have any access to my phone and someone had stolen 20 grand out of my account,” Mr Rose said.

The fraud detection team at Mr Rose’s bank confirmed that someone was able to access his account through his mobile number, but assured him that he would be reimbursed any money that had gone missing.

Mr Rose was told scammers are able to access their target’s private information relatively easily. A phone book provides the basic information, then theoretically, having just a couple of personal details allows them to track down the rest.

“All I wanted was my phone back to make the privacy changes [to my account] with my phone,” Mr Rose said, adding that, in total, he spoke to eight different Telstra reps and made 11 separate phone calls and was “passed up” each time.

“All in all, this was crazy, I know how online security works, I work for an online company, and I am one of the more aware people.

“This could literally happen to anyone. I was speaking to the bank and basically, they can’t hack into my computer, there’s no way they can even touch my computer, but it’s such an old school way to get information and they [scammers] get enough information to hack into a bank account.

“If they are able to get into an email address and identify who you are, then all they need to do is call up the phone company and, by having access to your phone they can access pretty much anything.”

“So many security measures involve them sending you a message via your email ... they don’t even have to know anything because you will be messaged the password or a new password to your phone.”

A spokesperson for Telstra told news.com.au of the incident: “We are very sorry for what has happened to this customer. We are treating this incident very seriously and investigated it as a matter of priority.

“We’ll continue to work with our customer to make sure the incident is resolved.

“We encourage anyone who has been the victim of fraud to report it to the Police.”

Mr Rose said perhaps the most concerning part of the whole saga was that, during his second phone call with a Telstra representative, he put a password on his account. Each time he called Telstra following that, he was only asked for this new password once.

“I would encourage anyone to put a password on their account because this can literally happen to anyone,” he said.

Mr Rose’s phone number was eventually reactivated five days later. He has since moved to Optus.

How can I protect myself from becoming a victim of identity theft?

News.com.au technology editor Matthew Dunn recommends these simple steps to reduce the risks of having your personal information stolen or misused:

• Keep your mailbox locked and remove mail regularly

• If you are not planning on keeping your financial papers, be sure to shred them before throwing them away.

• When using an ATM or EFTPOS terminal, ensured you covering the keypad when entering your pin

• Keep the virus and security software on your computers and mobile devices up-to-date

• When connected to unsecured wireless ‘hotspots’, avoid doing internet banking or payments

• Never make payments outside of trusted systems when shopping online

• Keep a close eye on your bank statements for any unauthorised transactions

• Be wary of scam emails or letters that seem too good to be true

• Before you install an app, read in the settings what information is being stored

• If a website asks you to enter personal details such as your birthdate, it is better to provide false information when possible

• Create strong passwords by avoiding those that are common or easy-to-guess

• Be cautious who you accept friend requests from on social media