Optus adjusts communications to customers as hackers take aim
Optus customers are now the target of a major scam attempting to lure those seeking compensation to click on malicious links, forcing the telco to change its emails and texts to customers.
Optus has had to adjust the way it communicates with its 10.2 million customers after hackers have taken aim with a major phishing scam.
Optus has confirmed that its customers are now the target of a major scam in which bad threat actors are attempting to lure those seeking compensation to click on malicious links being sent around via text message.
The company on Friday afternoon said it would no longer use any links within communications between the telco and its customers to ensure its customers would not click on any malicious links or be tricked by scammers.
“We’re aware of phishing messages claiming to be from Optus regarding the outage,” a spokeswoman said.
“To help address this and for each customer’s peace of mind, we will not be sending communications (email or SMS) about this outage with links. If customers have received a communication claiming to be from Optus, do not click any links.”
The company has called on customers seeking to communicate with the telco to do via its mobile app or to use the direct line 133 937.
The move arrives as Optus has confirmed it has begun welfare checks on its customers who were unable to reach emergency services during a major outage on Wednesday.
The Australian Communication Media Authority announced on Thursday it was assessing Optus’ communication with customers to see whether its conduct was unlawful or did not meet telco industry standards.
Jacqueline Jayne, a security awareness advocate at security training company KnowBe4, said cybercriminals had jumped at the opportunity with the Optus outage.
“Scammers have wasted no time and we’re already seeing ‘Optus Compensation’ smishing (sms phishing) and phishing campaigns,” she said.
“This scam pretends to be from Optus (it’s not) and the message is talking about how you can get compensation by clicking a link. As with all the scams from the cybercriminal playbook, they are designed to entice you to engage with an email, text or website.”
Ms Jayne warned that as scams were evolving it had become increasingly difficult if not impossible to tell the difference from a real message from a company.
“Unfortunately, spotting the fake from the authentic is nearly impossible these days,” she said.
KnowBe4 advised that Optus customers “ignore all Optus-related communications from email, texts and pop-ups on websites that ask you to share any of your details or click on a link”.
The company said those who need to contact the telco should do so direct via calling or by logging into their account via the web or mobile app.