1. SingTel Optus offers landline and mobile communication services to consumers and businesses, including mobile phone, mobile internet, broadband internet.
2. If you have a question or need help with your Optus service, you can contact us via messaging or through one of our other available options.

Updated June 26, 2015 23:07:43

Mobile phone numbers are being passed on to third parties by Telstra and Optus in a 'commercial relationship' with owners of particular websites, with some customers being subscribed to services without their consent.

Certain situations require you to be able to identify your phone number at home or within your office, whether you’re with Telstra or Optus. Let's say, you have just moved into a new premises and you plug your handset into your telephone socket and you discover you've got dial-tone already!

It involves the phone number of mobile internet customers being made available to a website automatically, regardless of whether they choose to purchase a service or not.

Optus this week was forced to admit to the practice, known as HTTP header enrichment, after an Adelaide-based software developer found he had been involuntarily subscribed to a web games site at the cost of $15 a month.

'When consumers browse the internet, information about the devices they're using is passed onto website owners in order to optimise websites for those users,' an Optus spokesperson said.

'Optus adds our customer's mobile number to the information in select circumstances where we have a commercial relationship with owners of particular websites.'

A Telstra customer reported to the ABC that he found himself subscribed to a third party after browsing the internet via his mobile phone.

He was charged $10 for a monthly subscription and received a text message offering for him to opt out by replying with STOP.

It makes it slightly easier for this direct carrier billing to work, but I think it fundamentally breaches your privacy and security in the process.

Telstra confirmed the practice of header enrichment, saying they provided 'customers' mobile phone numbers to a small number of our content partners'.

A spokesperson said it enabled the customer to choose to receive the service and pay for it via the Telstra bill.

'We provide this information on the basis of legal terms in our partner contracts that help ensure the privacy of customers,' a spokesperson said.

The website developer, who did not want to be named, said he elected not to follow the text message on a Optus phone prompting him to respond by texting STOP if he wanted to unsubscribe.

'I'm not going to send STOP. That probably constitutes an acceptance or something,' he said.

He instead called the company directly to ask what had happened and they reversed the charges, explaining they had received his phone number from Optus though direct carrier billing.

The developer said he investigated further because he had an 'interest in IT security', calling Optus repeatedly over a two-and-a-half-month period.

'They kept saying they would put me through to someone technical who would check it all for me, but they didn't for months,' he said.

'Then I made a complaint to the Telecommunications Industry Ombudsman [TIO], and I got a call from an Optus techie a couple of days later who said, 'yes, basically we use header injection, and we only do it for select sites'.'

Phone numbers shared to 'identify customers'

Optus told the ABC there were a number of reasons why they shared mobile phone numbers with websites.

The spokesperson said it included 'direct carrier billing, which enables third-party websites to bill for premium content via the Optus bill'.

It also shared mobile phone numbers on Optus websites, 'to identify customers and show them specific customer information'.

Optus ignored a request by the ABC to see its list of sites with which it has a commercial relationship to share phone numbers.

'We take security allegations seriously and are investigating further,' the spokesperson said.

The Adelaide software developer explained the process of HTTP header enrichment.

'You, as a user, are on your phone and in this case, you're about to visit a gaming website. If you click on a banner ad that says take me there, you're saying, 'give that website', and that's between you and the website'.

'In between that is Optus, and they are injecting your phone number into that. So instead of saying, 'get me the website', you're effectively saying, 'get me the website and here's my phone number'.'

The software developer said by looking at a website's code while you were visiting, it was easy to see where your phone number was being 'injected into' the website.

If a consumer is concerned that their personal information has not been dealt with appropriately, they should make a complaint to their service provider.

He said carrier billing was used by telcos because it gave the customer less barriers to sign up to a service.

'Every step you make a customer do to sign up, is one where they might turn away,' the developer said.

'It makes it slightly easier for this direct carrier billing to work, but I think it fundamentally breaches your privacy and security in the process.'

A spokesperson for Vodafone said the company did not send customer information on to a third party in the same fashion.

She said the company only used carrier billing once a transaction had been agreed to by the customer along with the costs, at which point the encrypted mobile number was sent to the provider 'to assist with customer service'.

'When the encrypted mobile number is sent, no-one can see the mobile number,' the spokesperson said.

'Only the third party content provider can view the mobile number once it is received at their end and they unencrypt it.'

The TIO said telcos likely revealed their intent to share phone numbers in their terms and conditions that customers agreed to.

Community Relations manager Phillip Money said consumers worried their personal information had been dealt with inappropriately should make a complaint to their service.

'If the consumer is unable to resolve their complaint directly with the service provider, they are welcome to contact the TIO,' he said.

Topics:information-and-communication, community-and-society, sa, australia

First posted June 26, 2015 13:33:51

How to protect your smartphone from hackers

Is your mobile phone number as safe as you think?Source:AP

CYBER criminals are using a simple trick to steal people’s mobile phone numbers, move them to a different carrier and use the stolen number to gain access to the victim’s other personal information, including their bank and MyGov accounts.

It’s a surprisingly easy thing to accomplish and can wreak havoc for those who unwittingly become a target. In most instances, fraudsters simply need an account number for your mobile provider and your date of birth.

Given that most important accounts rely on two-factor authentication, which involves receiving a text message code to log into the account, pinching someone’s mobile phone number can give criminals serious access to your digital life.

On late Friday afternoon, before the Queen’s birthday long weekend this month, Sydney woman Deborah Brodie, 37, received a text message form Optus confirming her number will be ported to Vodafone. She did not request to change providers but just six minutes later she had another text confirming it had been successful. Shortly after her phone switched to SOS mode.

Ms Brodie ended up having her iTunes account hacked as well as her bank account and someone used her credit card to go on a spending spree.

“It was really violating, it leaves you feeling really exposed,” Ms Brodie told news.com.au. “It was done in such a calculated manner.”

She believes the timing on the eve of the long weekend gave the hackers the maximum time to run amok before she could deal with Optus’ fraud team.

Despite being with the company for nearly two decades, the telco didn’t seek personal verification from Ms Brodie and seemingly had very little prevention in place to stop the fraudulent porting.

Ms Brodie runs a company called Bop Along Buddies, which provides inflatable animal-shaped bouncers to help children with disabilities develop their co-ordination, and says having her mobile number stolen was a huge headache for her business.

“For five days my customer and clients didn’t have access to me.” Given the nature of her work, it was a feeling that left her “physically ill”, she said.

Deborah Brodie's company Ladybug Imports run from her Baulkham Hills home has won a Business Award for most outstanding online business but has also been nominated for two AusMumpreneur Awards for her children's toys Bop Along BuddiesSource:News Corp Australia

For now, she has the same number back (although is worried about keeping it) and the matter is still pending investigation.

“This is a new scam that’s happening more and more,” Ms Brodie said. “Is it the phone companies that have to better? I think it is.”

Last week, Australian journalist Tracey Holmes chronicled her own ordeal trying to get her mobile number back after it was illegally ported and someone attempted to ransack her online world.

She had to change all her passwords to her online accounts and took an entire day off work to visit the Telstra store and her bank to resolve the matter. Like so many others, she waited five days to receive a new number.

“It appears that because I recently moved house someone may have gone and got some old mail from my mailbox ... They had access to my Telstra account number. From there they’ve gone on social media, they’ve worked out my date of birth,” she says in the video.

In her case, she believes that's how hackers turned her world upside down for a day.

The video attracted plenty of attention and was filled with comments from Facebook users all reporting very similar stories.

“Happened to someone I know, the fraudster used it to hack banking SMS codes and racked up $20k debt. Took him weeks to get his number back,” wrote Facebook user Melissa Plant.

“Exact same thing happened to my mother,” said another user Stanley Grayson from Newcastle. “Worst part was when it happened to her, because they then had her phone number, all of her security checks were sent to SMS.”

Astonishingly, one poor person claimed it happened to her four times.

“This happened to me four times over a twelve month period. They never had my Telstra account number, only my phone number and date of birth — a guy at the Telstra store admitted that on the form to request transfer of your number to another provider, if you select pre-paid rather than post-paid, you don’t need the account number and nobody will check this,” said Sydney Facebook user Katie Fletcher.

Tracey Holmes recounted her ordeal, and she's certainly not alone.Source:Supplied

News.com.au contacted Ms Fletcher but did not receive a response by time of publication.

However Telstra said its porting processes are identical for pre-paid and post-paid services and comply with industry regulation on mobile porting. The telco also admitted social media has made it easier for scammers to game the system.

“We recognise the threat level is changing given the increased availability of individual’s personal information (eg, date of birth) on social media and other open platforms. In order to meet this challenge, we are working to strengthen our identification and verification procedures even further,” Telstra media spokesperson Steve Carey said in a statement to news.com.au.

Due to an increase in cases, the telco is considering trialling additional measures later this year to prevent the unauthorised port-out of mobile numbers.

Meanwhile Optus told news.com.au: “To request a SIM swap, an existing Optus customer must complete an identity check which may include name, address, service number and date of birth.”

For long time Optus customer Deborah Brodie, there was little preventing someone from pinching her mobile number.Source:Supplied

Judging by online discussions, fraudulent porting of mobile numbers is a tactic that’s been going on for some time, so it’s no surprise that mobile service providers such as Telstra are keen to act to minimise further cases.

Optus Customer Help

In a Whirlpool post from March 2016, a user described a friend who was a FIFO worker and after emerging from a mine and turning his phone on, he was unable to text, call, or use the internet.

“He contacted Vodafone and they informed him his number had been ported to the Telstra network. He naturally expressed his disbelief to Vodafone. His bank account has been accessed, however Commonwealth Bank smelt a rat and quickly took the appropriate action, unlike Vodafone or Telstra,” the user recounted.

Has this happened to you?

Smartphone hacking demo with Nadav from Check Point Software Technologies

Optus Phone Number Contact

Nicholas.whigham@news.com.au