Last night at 10:30pm I received a text message:
OPTUSMSG: Hi, just confirming we've received your order update for 04xxxxxxxxx. Your order reference is xxxxxxxc. Need help? Chat to us online at http://yesopt.us/chat2us
Immediately afterwords, my phone said "SIM not provisioned for voice" and now I can't make or receive calls or text messages and I have no internet access.
Had my SIM been illegally ported?
I tried messaging Optus immediately, but they told me various things, such as 'the network is fluctuating', or it's because I've been provisioned for VoLTE and I should reboot my phone after 4 hours.
10 hours later and still no phone. Anyone have any idea what I should do?
Hopefully not, although the lack of a dial tine is concerning.
Optus have a (frankly stupid) insistence of sending customers "Order Confirmations" when you change the settings in MY ACCOUNT. This might be the nickname for your phone or call diversion or something. Have you changed something in MyAccount lately?
Optus also seem to have a very poor responce to what is a pretty significant security and financial concern these days. Can I suggest trying Facebook (as they do better service apparently). You have an order no and surely there should be a simple description of what that relates to on their system.
I'll flag a mod @Ray_YC and perhaps they can tell you something when they get your details (You can PM then with your name, dob and mobile phone number and the order number and he may get back to you)
So... turns out someone did port my number to a new SIM, and smashed my creit card for over $11,000.
- $3000 at JB Hi-Fi
- $3,500 at Kogan
- $4,700 money transfer via Western Union to China (already picked up)
All transactions confirmed by SMS.
Optus repesentatives assured me that my SIM was correct in an online chat, AND over the phone. If they had given me the correct information they could have cancelled the SIM and I could have cancelled all my cards.
If the bank doesn't return all my money to me, I will be seeking recompense from Optus for their total incompetence.
They really did a number
What bank are you with? I'm surprised the fraud detection didn't kick in at some point. I was going to suggest you might reduce limits / lock accounts etc. but I believe once thieves have your phone they can usually get through most efforts to shut them out.
The good news is this does sound exactly what the no fault credit card coverage is designed to cover. I suspect the bank will reverse all charges in due course. Its a massive pain though.
There are technical reasons why Optus can't necessarily prevent this sort of theft and fraud but when a concerned customer contacts them (and there is no dedicated fraud line available) there really is no excuse for Optus not to be able to confirm what has happened in a timely manner. Unfortunately they don't seem to be liable for these sorts of costs (probably because the banks cover them) which is why they probably don't try that hard to prevent them.
Good Luck getting it sorted.
People have assured me the bank will return all my money, but it's going to be a big pain. Fingers crossed.
I'm most angry with Optus customer support. TWO people assured me there was nothing wrong with my SIM. Complete incompetence.
Hopefully it shouldn't have to be all that bad (you didn't say what bank?)
The Bank will presumably cancel the cards and reissue some. They should freeze the amounts so you'll have access to funds. A police report and perhaps a stat dec and you'll just have to wait for them to say its all good.
Moving forward there are a few options you can do to improve security. You might already have some of them and they don't guarantee you're safe but they can trip up people trying to steal your ID.
I'm with Commbank that has good online / mobile app options. You can easily set low limits or block various transfer types. They let you put a complete stop on your credit card temporarily (so you don't have to cancel it just because you're not sure if you've been compromised. One new area is that they track your general phone location (with permission). So if a transaction is made in perth while your phone is in Sydney it raises flags. They also seem to have a pretty good monitoring department for catching strange transactions.
Most of all though the app does the 2FA (which bank and email security should all have activated). 2FA via SMS is not very useful (as you've possibly found out) but in Commbanks App (and others) the App is needed (with you logged in) to get the code. Something the thieves likely can't do with your stolen account.
PS Make sure you change all email passwords etc. and confirm no addtional accounts have been added for security etc. if that's an option (e.g. GMail)
I'm with Westpac, so hopefully they will return me my transactions. However, their security protections seem to be very poor. Everything about these transations would have screamed fraud.
I'm still upset with Optus. I have a full transcript from their support staff telling me the phone had not been cloned or ported. Clearly they should have seen it had been. They should also be aware that when someone contacts them with information like this, it should be escalated.
Perhaps Optus could call the phone number before porting just to confirm that this has been requested, rather than just blindly doing it. Clearly not enough safeguards are in place.
I have changed all my passwords, although the staff in-store seems to think the password used was my Optus password. None of my online email accounts were comprimised.
"Perhaps Optus could call the phone number before porting just to confirm that this has been requested, rather than just blindly doing it."
This should definitely be the first thing done when a port request comes in. Instead the first you hear about it is usually once it is complete.
Unfortunately Optus are legally obligated to "blindly do it" and must ensure a port request is acted on with no delay (the law was written back when the Telcos were all dragging their heels to stop people porting and making people leaving as hard as possible).
The the leaglese also mentions they must be ensure the port request comes from you (something all Telcos seem to give lip service to) and there is nothing stopping them providing the heads up while they process the application as per requirement anyway.
Optus has shown that it is not really interested in fixing issues that cost its customers unless they stand to cost Optus. The long running Premium SMS scam that has netted Optus $50+ billion over the years was allowed to continue despite millions of complaints and the ACCC taking them to court. Until recently the max fine Optus faced was $10 million (and that was what they eventually got fined leaving them with $40 million + in profits). This year the potential fine has gone up to around $1 billion for Optus and amazingly the entire scam was shut down almost overnight.
Good luck with getting it sorted with the bank
Well, hopefully it shouldn't go to court, but if it did it is pretty obvious Optus was at fault. They ported my number without proper security checks, and then they denied doing this in a chat message AND over the phone.
I did eveything I could.
Except Optus followed the correct checks set out in the Number Portability code.
The new provider was provided your personal information that they obtained and the port was actioned as it matched the personal information on the Optus side.