Tag: Optus

Bookmarked Optus advises customers to change their password, name, date of birth, gender … after data breach by The ShovelThe Shovel (theshovel.com.au)

Australia’s second largest telco has responded to a massive data breach, advising customers to update their password, move house, change names and take on a new identity.

I am really concerned how the answer is to add a second set of numbers to the drivers license. What is going to happen if that number is somehow leaked? We really are in strange times.
Bookmarked DCB refund process purposely flawed (Whirlpool)

Optus was recently hit with a $10m fine plus must pay refunds to 240,000 customers for misleading them and charging them via their Direct Carrier Billing (DCB) charges for ringtones, games, tv show voting etc etc (here’s some more details: https://www.afr.com/business/telecommunications/optus-fined-10m-for-misleading-digital-bills-20190206-h1axbs).


As part of this Optus must refund customers. However, I believe the way they are doing so is deceptive.


The current process is this:
– Optus sends text message to customer with a code, saying they have a pending refund and to go to this link: http://dcbrefunds.optus.com.au to enter the code
– This site redirects to https://custface.azurewebsites.net
– Customer enters the code, then can fill in a form requesting home address.
– Customer is mailed a cheque.


Upon receiving the text, I assumed it was a scam. I investigated the link, and once redirected to the https://custface.azurewebsites.net link I was sure it was a scam. I then contacted Optus support separately to confirm it was a scam and to my surprise, found out it was in fact, legitimate.


Here are my concerns:
1. I believe Optus is intentionally playing on the fact the original text message looks like a scam to decrease the number of customers claiming their refunds.
2. I believe Optus is intentionally using an external URL so the process looks like a scam to decrease the number of customers claiming their refunds.
3. The fact Optus is informing a customer in this way and it is in fact legitimate will lead to many future situations where customers will click actual scam links in the future.


What are your thoughts Whirlpool? My concern is Optus is attempting to save money by not paying their customers back. I assume the ACCC ruling forced them to contact their customers. But I believe they are purposely making this sms to contact them look like a scam so not many customers will request the refund, saving Optus millions of dollars. What do you think

Another example of Optus’ suspect practices.
Bookmarked Catching a catfish (ABC News (Australian Broadcasting Corporation))

While questions remain about motive, it is clear Abdelmalek deployed a unique set of skills to infiltrate her victims’ lives. She uncovered the contact details of family members and repeatedly fooled Optus staff into revealing confidential information, even when a security pin was protecting the account.

James Oaten documents how Lydia Abdelmalek used the identity of Lincoln Lewis to invade the lives of two women, with one eventually committing suicide. Although many often talk about the part that Facebook plays in many of these cases (read posts by Alan Levine. Dean Shareski and Alec Couros), what was concerning about this case was the ease in which Abdelmalek was able to dupe Optus when the victims tried to escape the stalker. In a world of increasing optimisation, I imagine this will only get worse.