I received a call last night from a company called 24/7 who claimed to be managing an NBN order I placed on line with Optus.
The caller claimed to be from Optus and only when pushed hard did they admit they were 'working on their behalf.
They wanted my identity details for ‘privacy reasons’. I declined.
I asked for the address of their registered office. ‘It’s in Manila’
The address please. ‘It’s Manila. I can’t say more’
How did you get my number? ‘Because you placed an order with Optus’
There was more…
In January of this year I moved my home broadband to Optus and had to make multiple calls to get the direct debit sorted. Shortly after my bank blocked an attempt to fraudulently use my cc. - the attempt was made in Manila.
Does Optus have the right to pass on my details to a third party?
The call could be a scam or could also be legitimate.
Most contracts entered into allow information to be shared with other parties needed to fulfil the contract. For example, if you order goods online, the online company provides your contact details to the courier service to allow the item to be delivered.
Likewise with Optus. It is plausible that they shared your details as allowed under the contract terms and conditions, with another party to allow the contracted services to be delivered.
This many include subcontractors who make the connection to your residence on behalf of Optus. Subcontractors may also contact you directly in relation to any work that needs to be performed at your residence.
Now, the above assumes that the call is legitimate.
It is also possible that the call not legitimate and is a scam. Scammers will be able to work out where nbn connections are likely to be occurring and target these areas. If you beleive that it is a scam, I would be asking for their name, company they represent and call back details so that you can call them back. Then say that you will call them back when it is convenient to them. Having their details (if provided), will allow you to check with Optus their legitimacy and whether the call was a scam. If it was legitimate, you can then call them back and progress the works. It is likely a scammer won’t provide such details and may hang up.
I would never provide any personal details to them than they already have, such as banking, credit card, date of birth etc. Such automatically would raise flags as being a scam.
Also it is important to check the terms and conditions for any contract one enters, including for goods, services or even competitions. Many of these have conditions which allow information to be provided (or sold in case of competitions) to third parties. In some cases, passing of information on is needed to facilitate the efficient progress of the contract…in some cases such as competitions, it can result in ‘unsolicited’ contact and spam.
There are also questions you can ask them to verify they work for Optus, such as date contract was made, contract, accoint or order number, details of the service/goods to be supplied and the contract contact person in Optus.
Update.
So I have now learnt that 24/7 is the name of a company operating a call centre in Manila. They work for Optus.
I lodged a complaint with the Telecommunications Industry Office as I felt Optus had breached their own privacy policy.
In response to the complaint I received a telephone call from ‘Customer Service’ who announced themselves as 'Optus ’ but in fact turned out to a different call centre in Manila. This time a company called Convergys.
We had the same pantomime where I was asked to provide security details and the supervisor refused to give me the head office address.
A quick internet search revealed that Convergys is a multi national with headquarters in the USA. The supervisor then confirmed this as correct saying that she was allowed to confirm this information when provided by the customer but not allowed to give it out if asked! Why? You’ve guessed it ‘for privacy reasons!’
In the conversation that followed the supervisor tried to allay my fears by giving the following information
The call centre has access to all my details held on the Optus mainframe.
My details are safe because they covered by the same privacy rules that operate in Australia.
Call centre staff are not allowed to write down anything. Having a pen within sight of your desk is a sackable offence!
I was not reassured.
An article from 2014 that discusses the then (and now effective) changes to the Privacy Laws:
Also from the Office of the Australian Information Commissioner https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/chapter-8-app-8-cross-border-disclosure-of-personal-information:
8.2 APP 8.1 provides that before an APP entity discloses personal information about an individual to an overseas recipient, the entity must take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information. Where an entity discloses personal information to an overseas recipient, it is accountable for an act or practice of the overseas recipient that would breach the APPs (s 16C).
Anytime one is suspicious of an incoming call where the caller asks for your details, it is best practice to ask for their ID and extension and the purpose for the call, and a call back number to reach them.
Then go to the corporate web page for a number, or google the number to check its bona fides, and call back if it seems legitimate. If you can do this while they wait on the phone it saves you having to pay for a call. Not happy we have to endure this, but such is modern life.
Thank you. Your informed and educated reply is exactly why this forum is so valuable. I will study the links and pursue my quest for transparency in these matters.
