Rising Threat: Mobile Fraud Targets Phone Numbers in Australia
Australia’s communications regulator and Scamwatch have issued a warning about a surge in mobile fraud, where scammers hijack phone numbers to gain unauthorized access to accounts. This method exploits the growing reliance on phone numbers as a security layer, allowing attackers to bypass protections faster than traditional hacking.
How It Works
Mobile fraud often executed through SIM swapping or account takeovers involves scammers impersonating victims to transfer their phone numbers to a new SIM or modify account details. Once in control, they intercept verification codes, reset passwords, and lock users out of banking, government services (like myGov), email, and other linked accounts. A single breach can trigger a domino effect, compromising multiple services.
Who’s at Risk?
Anyone with a mobile phone is vulnerable, particularly those whose data has been exposed in breaches, reuse passwords, or have weak email security. Scammers leverage stolen personal information to convince mobile providers to authorize changes, making their requests appear legitimate.
Warning Signs
Early indicators of mobile fraud include:
- Unexpected alerts about account changes
- Unsolicited verification codes or password reset emails
- Login attempts from unknown devices
- Sudden loss of signal or "SOS only" mode (a red flag for number transfer)
Immediate Steps if Targeted
Victims should:
- Contact their bank to block unauthorized transactions.
- Notify their mobile provider via an official number to secure the account (e.g., placing a SIM lock or port freeze).
- Reset passwords, prioritizing email and banking accounts, and enable multi-factor authentication (preferably app-based, not SMS).
- Monitor accounts for unusual activity and seek assistance from services like IDCARE if personal data is compromised.
Prevention Measures
To reduce risk, users are advised to:
- Avoid clicking suspicious links or downloading unexpected attachments.
- Verify communications by contacting providers through official channels.
- Use strong, unique passwords and update them regularly.
- Minimize sharing sensitive documents and delete emails containing personal data.
- Consider security tools to block phishing attempts and malicious links.
Key Facts
- Scammers can access bank accounts by controlling a victim’s phone number.
- Fraud can occur without direct user interaction, often via data breaches or provider impersonation.
- SIM swapping involves transferring a number to a scammer-controlled SIM.
- App-based multi-factor authentication is more secure than SMS-based methods.
- Sudden signal loss may indicate a number takeover, requiring immediate action.
Source: https://www.bitdefender.com/en-us/blog/hotforsecurity/mobile-fraud-alert-in-australia
Scamwatch TPRM report: https://www.rankiteo.com/company/nascgovau
"id": "nas1777466815",
"linkid": "nascgovau",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Anyone with a mobile phone, '
'particularly those with exposed '
'personal data or weak security '
'practices',
'industry': 'Telecommunications, Banking, Government, '
'Email Services',
'location': 'Australia',
'type': 'Individuals, Mobile Service Providers, Banks, '
'Government Services (myGov)'}],
'attack_vector': 'Social Engineering, SIM Swapping, Account Takeover',
'customer_advisories': 'Immediate steps for victims: contact bank to block '
'transactions, notify mobile provider, reset '
'passwords, enable MFA, monitor accounts, seek '
'assistance from IDCARE if needed.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (financial, government, email '
'access)',
'type_of_data_compromised': 'Personal information, '
'verification codes, account '
'credentials, personally '
'identifiable information'},
'description': 'Australia’s communications regulator and Scamwatch have '
'issued a warning about a surge in mobile fraud, where '
'scammers hijack phone numbers to gain unauthorized access to '
'accounts. This method exploits the growing reliance on phone '
'numbers as a security layer, allowing attackers to bypass '
'protections faster than traditional hacking.',
'impact': {'data_compromised': 'Personal information, verification codes, '
'account credentials',
'financial_loss': 'Unauthorized transactions from banking accounts',
'identity_theft_risk': 'High',
'operational_impact': 'Locking users out of accounts, domino '
'effect compromising multiple services',
'payment_information_risk': 'High',
'systems_affected': 'Banking systems, government services (myGov), '
'email accounts, linked services'},
'initial_access_broker': {'entry_point': 'Stolen personal information, social '
'engineering of mobile providers',
'high_value_targets': 'Banking accounts, government '
'services (myGov), email '
'accounts'},
'lessons_learned': 'SMS-based multi-factor authentication is vulnerable to '
'SIM swapping; app-based MFA is more secure. Early '
'detection (e.g., signal loss, unexpected alerts) is '
'critical. Personal data exposure increases risk of fraud.',
'motivation': 'Financial gain, unauthorized access to '
'banking/government/email accounts',
'post_incident_analysis': {'corrective_actions': 'Transition to app-based '
'MFA, strengthen email '
'security, avoid password '
'reuse, minimize personal '
'data exposure, enhance '
'provider verification '
'processes',
'root_causes': 'Over-reliance on SMS-based MFA, '
'weak email security, reused '
'passwords, exposed personal data '
'from breaches, social engineering '
'of mobile providers'},
'recommendations': ['Avoid clicking suspicious links or downloading '
'unexpected attachments.',
'Verify communications by contacting providers through '
'official channels.',
'Use strong, unique passwords and update them regularly.',
'Minimize sharing sensitive documents and delete emails '
'containing personal data.',
'Use security tools to block phishing attempts and '
'malicious links.',
'Enable app-based multi-factor authentication instead of '
'SMS-based methods.',
'Monitor accounts for unusual activity and report '
'suspicious changes immediately.'],
'references': [{'source': 'Australia’s communications regulator and '
'Scamwatch'}],
'response': {'communication_strategy': 'Public warnings from Australia’s '
'communications regulator and '
'Scamwatch, advisories on immediate '
'steps for victims',
'containment_measures': 'Blocking unauthorized transactions, '
'securing mobile accounts (SIM lock/port '
'freeze), resetting passwords, enabling '
'multi-factor authentication',
'enhanced_monitoring': 'Monitoring accounts for unusual activity',
'remediation_measures': 'Resetting passwords, enabling app-based '
'multi-factor authentication, monitoring '
'accounts for unusual activity',
'third_party_assistance': 'IDCARE (for personal data compromise '
'assistance)'},
'stakeholder_advisories': 'Public warnings and prevention measures issued by '
'Australia’s communications regulator and '
'Scamwatch.',
'title': 'Surge in Mobile Fraud Targeting Phone Numbers in Australia',
'type': 'Mobile Fraud (SIM Swapping/Account Takeover)',
'vulnerability_exploited': 'Reliance on phone numbers for multi-factor '
'authentication (SMS-based), weak email security, '
'reused passwords, exposed personal data from '
'breaches'}