The embattled telco confirmed its customers were again the target of malicious online actors who were attempting to fleece its 10.2 million customers, after the national system outage on November 8.

Customers began receiving emails as early as Wednesday this week which appear to be sent from Optus. However, they include a number of spelling and grammatical errors.

The email, seen by The Australian, reads:

“Dear Customer Your Auto payment cannot process Your subscription period will end on Wed, November 22,2023 please update your payment methode to continue using your plan on Optus feature regards, Optus team.”

Optus has begun blocking the URL across all of its internet and mobile services in a bid to stop its customers from clicking that link, and preventing those who do from being able to reach the malicious website.

However, blocking the URL will not stop mobile customers of other networks clicking through to the website.

An Optus spokeswoman on Thursday told The Australian that it had requested the hosting site of the malicious link to take down the website.

Optus confirmed late on Thursday it had also contracted a consulting service to take down the website pretending to be a payment service for its customers. “We have engaged a website takedown service to remove the site,” a spokesman said.

“We’re aware of phishing messages claiming to be from Optus regarding the 8 November outage,” she said. “Optus has blocked the URL and has requested the company hosting the site take it down.”

Within two days of the national outage at Optus, malicious actors began sending phishing scams over text pretending to be the telco and offering to help with compensation claims.

Those initial text messages read: “Hi there, we apologise for yesterday’s network outage. We are offering compensation for all customers impacted. Apply now via: https://myoptus.notice-au.com.”

Optus responded by immediately by changing the way it communicates with customers, removing all hyperlinks from communication related to the outage.

On Thursday, a spokeswoman confirmed Optus was still abiding by that move in a bid to curb illegal activity. “As a reminder, any email or SMS communication sent to customers about this outage will not include links,” she told The Australian.

The new scam arrives less than a week after former chief executive Kelly Bayer Rosmarin confirmed to a Senate inquiry last Friday that Optus had paid out $36,000 in compensation and, at the time, faced a $430,000 total bill.

Customers seeking compensation have been advised to contact the telco directly and those who are dissatisfied with the outcome are able to contact the Telecommunications Industry Ombudsman who can pursue claims on their behalf.

Cybersecurity expert Jacqueline Jayne from KnowBe4 said it was increasingly difficult to distinguish phishing emails from company communications.

“Unfortunately, spotting the fake from the authentic is nearly impossible these days,” she said.

Ms Jayne said Optus customers should “ignore all Optus-related communications from email, texts and pop-ups on websites that ask you to share any of your details or click on a link”.

“Only engage with Optus by calling them directly or logging into your online account,” she said.

Optus on Thursday issued a similar message, asking customers to contact the telco directly via the My Optus app or by phoning on 133 937.

“Optus is at the forefront of scam blocking protections and we continue to invest in expanding our capability and technology to keep customers safe,” the spokeswoman said.

The scam arrived on the same day the federal government announced it was committing almost $600m to improve the nation’s cyber security.

Cyber Security Minister Clare O’Neil announced the new funding as part of the government’s 2023-2030 Australian Cyber Security Strategy.

Within that allocation – which totals $587m over the next seven years – was $291m for SMBS, public awareness campaigns, disrupting ransomware and strengthening ID security as well as $146.3m to strengthen the defence of critical infrastructure and $129.7m for cybersecurity initiatives.

More Coverage

Telstra defends its systems on Optus triple-0 fails

Joseph Lam

Optus overshadowed by rivals at spectrum auction

Jared Lynch

Optus customers targeted by compensation scams

Joseph Lam

Joseph LamReporter

Joseph Lam is a technology and property reporter at The Australian. He joined the national daily in 2019 after he cut his teeth as a freelancer across publications in Australia, Hong Kong and Thailand.

@editorialjoe

More related stories

Technology

Start-up seeks funds for sub-aqua cleaner that doubles as a spy

Meet the Aussie diver seeking $15m to scale the underwater cleaning drone business that’s proven to save ships fuel, can map reefs and double as a spy.

Read more

Technology

CBA leaps forward in banks’ AI race

The nation’s largest bank has just leapfrogged its big four competitors as it implemented some of the most powerful AI tools in the region.

Read more