ON MONDAY morning at 11.02am Sydney woman Lisa Johnston answered the phone with the same greeting she always does.

"Hello, Lisa speaking," she said. But the caller immediately hung up. It was a bit strange, but she got on with her busy day.

At 6.59pm that night she got a text message from Optus, telling her that her mobile number had been ported across to a different carrier, or more accurately stolen by someone wanting to ransack her bank account.

The message urged her to call the company if she didn't request for the number to be ported out.

"I couldn't even contact them through my mobile because I'd lost service," she told news.com.au. "I called literally two minutes (later), as soon as it happened."

But the damage was done and she quickly received notifications from her Netbank app confirming transactions she didn't make.

"Pretty much immediately I had $1000 taken out of my Netbank account and another $180 through BPay to buy a Telstra prepaid card or something," she said.

If you get this message out of the blue, it’s bad news.
If you get this message out of the blue, it’s bad news.

Ms Johnston, 34, owns a marketing agency in Drummoyne, Sydney, called Chatter Brand Experience and has a number of business accounts used for clients and staff. She had to freeze all of them, as well as her own personal bank accounts to prevent further theft.

"I have 120 staff I have to pay. This week is our main pay run and I've frozen all my bank accounts," she lamented.

She spent all Monday night on the phone trying to stem the damage done to her business and get her mobile number back, which had been moved across to Vodafone.

It can take surprisingly little information to port-out a mobile number to a different carrier. Ms Johnston was told by an Optus staff member that it only requires someone's name, address and date of birth to move a number across.

Many victims report having had their mail stolen, an easy way for fraudsters to get the details they need like names and account numbers.

Given that important personal accounts like email and banking apps often rely on two-factor authentication for security, which involves receiving a text message code to log into the account, pinching someone's mobile phone number can give criminals serious access to your digital life.

It's a typical tactic for fraudsters to port-out the number at the close of business hours, particularly on a Friday afternoon making it more difficult for victims to contact the necessary customer services and halt the process, giving the fraudster time to exploit their window of opportunity.

"These people are professionals," Ms Johnston said, remarking on what felt like a clinical takeover of her accounts by criminals.

"I am furious with Optus and Vodafone for not doing more thorough security checks, as the money that was taken is to pay my mortgage for the month."

Ms Johnston said she just doesn’t want it to keep happening to others.
Ms Johnston said she just doesn’t want it to keep happening to others.

On Tuesday morning she went into the Optus store and was told it would take four days to get her number back. She then went across the road to a Vodafone store and a staff member told her that a woman had stolen her identity, but they couldn't tell her who.

"Everyone just blames everyone," Ms Johnston said. "Optus blames Vodafone. CommBank blames Optus. At the end of the day it is just a massive inconvenience and I don't want anyone else to have to go through this."


Despite it being somewhat of a blind spot for telcos, they've been slow to act and introduce tougher default measures to mitigate against the threat of illegal porting.

Dr Terry Goldsworthy is a former detective inspector for the Queensland police who now works as an assistant professor at Bond University. He began researching the prevalence of illegal porting early last year but says reliable data is almost non existent.

"No one seems to be collecting the data," he told news.com.au in August. At least no one who is willing to share."

Last year he delivered a talk on the topic of unauthorised mobile porting at the International Conference on Cybercrime and Computer Forensics in which he made the suggestion that there has been a regulatory failure in Australia when it comes to dealing with the issue.

At the conference "I ran into a police source and he said they're getting hundreds of them (porting complaints), mostly referred to them by the banks," he said.

He believes the problem is much greater than telcos are willing to admit.

In April last year the NSW police created a phone porting category for complaints, however if they do get reported to police or consumer bodies most cases typically get filed as instances of generic fraud.

"The actual offence numbers are getting diluted," Dr Goldworthy said, because the complaints aren't going to a single body.

"I'm sure it's happening more than we know."

Dr Terry Goldsworthy has been looking into the issue of illegal mobile porting. Picture: Richard Gosling
Dr Terry Goldsworthy has been looking into the issue of illegal mobile porting. Picture: Richard Gosling


Ms Johnston's story certainly isn't unique.

The same thing happened to Sydney woman Deborah Brodie and ABC journalist Tracey Holmes last year.

Last year, 30-year-old Sydney woman Katie Fletcher had her Telstra number illegally ported for an astonishing fourth time. After stealing her number, hackers were able to gain access to her e-mails and from there collect personal details of her contacts and begin hacking their accounts.

Judging by online discussions, fraudulent porting of mobile numbers is a criminal tactic that's been going on for some time. But the telcos say their security measures are up to regulatory standard.

When contacted by news.com.au about Ms Johnston's case, Optus said "it follows industry agreed processes to validate the porting of numbers."

"The protection of customers' information is a critical priority for Optus and we apologise for our customer's experience," a spokesperson said, adding "this type of fraud is usually precipitated by identity theft."

Optus called the issue "complex" and said it was "working directly with the customer to have them ported back to Optus as soon as possible."

Most consumers opt for electronic mail these days, limiting the chance for thieves to pinch their mail and get the information they need to then steal someone's mobile number, but often the necessary details can be found on social media.

Speaking to news.com.au in June about the prevalence of unauthorised porting, a Telstra spokesperson said: "We recognise the threat level is changing given the increased availability of individual's personal information (eg, date of birth) on social media and other open platforms. In order to meet this challenge, we are working to strengthen our identification and verification procedures even further."

Telstra said it was implementing a new process to notify customers about requests to port their number and establish a dedicated support team to manage customers who become victims of suspected fraud.

However nearly 11 months on it could not provide any concrete examples of changes it had made.

We passed your test QLD, now open up

Premium Content We passed your test QLD, now open up

NSW Health Minister says Qld Premier’s approach was “lacking logic”

Out-of-control bushfire closes Pacific Highway

Premium Content Out-of-control bushfire closes Pacific Highway

Smoke from a bushfire currently burning out of control has closed the Pacific...