Scams following Optus Data Breach of 2022

So far there are 4 recognised scams in progress targetting Optus customers and former customers. There are screen shots of what they look like in the linked article.


For anyone who is caught up in the Optus hack/ data spill the following advice was provided to me by by someone with extensive cyber security credentials.

  1. contact optus to confirm what data they had on you
  2. Change your banking password
    1b) ask your bank to enable 2 factor authentication on your account
    1c) tell your bank to look for fraudulent transactions
  3. change the password to your optus account if you used one, including any optus email accounts you had
  4. change the password to the email that received the notification
    3a) add MFA and other security settings on that account
  5. file a police report
  6. contact your issuing drivers licesnse body and find out the requirements for getting a new ID numbers
  7. consider getting a new passport, if will be issued with a new ID number
  8. repeat for any ID that is suspected leaked in the breach

This won’t work. Optus will contact you to tell you what data they had on you.


I very much doubt that the cops want 10,000,000 police reports.

1 Like

Or being told what they already know.

1 Like

Sometimes a police report is necessary if a fraud occurs and it becomes a civil as well as/or a criminal matter. That being written all one needs is proof a report was made. It begins a timeline/window for cause-effect-fraudulent activity if nothing else. In this case? I suspect the email from Optus might be sufficient, but I am not a legal expert.


How would one report a crime to the police in your local juristiction that hasn’t occured?

No personal information has been ‘stolen’, just read, and so far there have been no attempts reported to use this information in a criminal manner against Optus customers.

There was a short-lived attempt at extortion by some unknown in another country, but that was against Optus, not any customer.

Importantly, scams breed other scams. Not all of the statements made on the dark web are necessarily being made by the person who actually copied the data. Anecdotally, some of them are opportunistic attempts by completely unrelated parties to get you to visit dodgy web sites that will attempt to exploit known weaknesses in your web browser.

Even the release of 10,000 records to prove authenticity could be posted by someone completely unrelated to the person who actually copied the data - and hence paying the extorter will most certainly not achieve anything and cannot achieve anything.

Yes, if a fraud actually occurs i.e. you detect that someone has used or is attempting to use your government document numbers, then file a police report.

True although even when a fraud occurs with a loss, or is caught in progress, police may not be receptive to spending the time to take a report. Times may have changed but a decade ago we discovered an ID fraud on our details within minutes after it was done. It was dumb luck of the moment – a preauthorisation appeared while I was checking the account.

We had evidence of the financial event as well as the perps address. Some well placed phone calls shut it down timely without financial loss.

The police were all of

  • disinterested
  • did not know what to do if anything
  • considered it a civil not criminal matter because there was no actual monetary loss since we caught it in progress, eg no loss, no worries, no crime.

These days I would hope a similar report would go differently. There was no second go by the perps - lucky us.


Sorry I do not place any value or authenticity on Chanel 9 news.
Haven’t heard this on ABC which is far more reliable.

From the 9News article: The almost 10 million Optus customers impacted by a major cyberhack are warned to stay on alert for a slew of new scams, with Scamwatch posting photos of four current hoaxes doing the rounds.

Sometimes they get it right. The original.


A 19-year-old Sydney man has been charged after allegedly using information obtained during last month’s Optus data breach to blackmail people
Sydney teenager charged after allegedly blackmailing 93 Optus customers affected by data breach - ABC News

I think this is a secondary scam i.e. this 19yo random had nothing to do with the original data breach, and this is just “opportunistic” (and a fairly weak attempt at that).

1 Like