Lost in the Shadows: Unmasking the Perils of Social Engineering-Driven Identity Theft

Data breaches like the Optus and Medibank attacks have become common, leading to a rise in identity theft. It’s one of Australia's fastest growing crimes, with over 900,000 people reporting identity theft resulting in financial loss.  

But not all cases of identity theft are the result of a data breach. In many cases, our data and our identities can be compromised through social engineering attacks. For Melbourne-based IT professional Mark, the impact of one of these attacks changed his life forever.  

Day 1

After a long day at the office, Mark got around to checking his phone and saw a message from Telstra indicating that his request to replace his SIM card had been received and if the SIM replacement request was not legitimate, to call Telstra immediately. 

After a few moments, Mark noticed his SIM card had already been disconnected. As Mark hadn’t requested the new SIM, he assumed it was a clerical error. When Mark got home, he contacted Telstra. Telstra explained that earlier in the week, Mark placed an order to transfer his number to a new SIM and there was nothing Telstra could do to reverse the action.  

Mark then checked his bank account and found that $15,000 had been transferred from his long-term savings account to his everyday account, and there were random withdrawals of $1,000. Frantic, Mark called his bank and was told that the withdrawals were made using a new debit card delivered to his home. Someone had apparently ordered the new cards, then stolen them from Mark’s mailbox.

"I felt sick seeing the money coming out of my account. I'd been attacked and there was nothing I could do about it,” said Mark. Mark immediately closed his bank account, cancelled his cards, called Telstra again, and this time they agreed to suspend the new SIM. 

Day 2 & 3

Mark spent the weekend changing his passwords and setting-up two-factor authentication (MFA).  Somehow, despite changing all his passwords, the attacker still had access to his PayPal account and purchased $30 of Telstra credit. 

Day 4

Mark took the day off to sort out the issues. Mark visited Telstra and was told that his phone was reported stolen. Then Mark visited Apple to unblock his phone.

Apple checked his phone ID using the Australian Mobile Telecommunications Association website and found that Telstra had blocked it. After three days of no phone service, Telstra finally unblocked his phone and reimbursed him for the $30 charge.  

Day 5

Mark was alarmed by how easily hackers stole his information.

Mark contacted Australia’s three credit reporting bodies, Equifax, Experian and Illion; placing a ban on his credit file, so new credit card applications couldn’t be made in his name.  

A week later

Mark’s fears were well founded. While on holiday with his family, Mark’s bank notified him that someone else had accessed his account and ordered a new debit card to arrive at his home while he was away, forcing Mark to cancel his cards again. 

“I always thought I was careful. Didn’t share any information with anyone online. I had no idea how that information was taken,” said Mark.  

But Mark did share that he was excited about his upcoming trip on social media, so his attacker knew he was out of town.  

“Thankfully, the bank refunded the stolen cash, but I haven’t been able to shake that feeling when I watched that first thousand disappear,” said Mark. 

How Insurers can Capture the Connected Generation

How Insurers can Capture the Connected Generation

Insurance is an industry built around relationships. It’s an industry that sells advice, guidance and protection rather than tangible products. We connect with our clients, care about their homes, their livelihoods and do what we can to ensure they’re able to get back on their feet when things go bad. But with technology driving the world into an uncertain future, that connection doesn’t seem to be happening with the younger generation. The question is why? 

Read More

Are our greatest accomplishments meaningful and does it matter?

What is your greatest accomplishment?

It’s a question that gets asked a lot but how do we really answer it? Our careers are littered with facts and figures, accomplishments all, but what makes one stand out against another. Recruiters are constantly telling us to list our accomplishments. ‘That’s what they want to see,’ they say. But when you’re sitting in an interview for a new role or talking to your manager at review time or simply reflecting on your career, how do you rank one accomplishment against another?

Read More

Doing unto others

Doing unto others

Trust. It’s described as difficult to earn but easy to lose. But what makes us trust people, companies, ourselves? Greek philosopher Epicurus said “It is not so much our friends’ help that helps us, as the confidence of their help.”  Epicurus believed that people were most content when they felt a sense of security that should things go wrong, their friends would be there to help. They trust them. Have confidence in them.  

Read More

7 ways to deal with difficult conversations

7 ways to deal with difficult conversations

We all have an inner voice (mine sounds like Kelsey Grammer) that tells us, urges us to have a difficult conversation with someone – the type of conversation that would improve life at the office for ourselves and for everyone else in our team immeasurably. But either fear of confrontation, apprehension or anxiety drowns out that inner voice and the conversation never happens.

Read More

Catastrophe modelling in a post Katrina world

Catastrophe modelling in a post Katrina world

Ten years on from Hurricane Katrina, we can confidently say that quality of exposure data has improved dramatically. Companies across the world are taking a far more rational approach to model-based business decisions and many multinational reinsurance companies and intermediaries, have and continue to invest heavily in model research and evaluation.

Read More