Link to the daily mail: www.dailymail.co.uk/news/article-4126766/Thieves-hack-woman-s-phone-steal-identity.html
It seems that this thieves somehow got hold of this woman's phone number, phone company, name and presumably email address. From that they rang up the service provider - optus - were able to close down her sim card and transfer her number to their own sim card.
Then they got into her email by using the recovery sms function, from which they got bank account information. Got into her facebook account in the same way and got her date of birth. In other countries there is a separate security box/calculator thingy for internet banking, but in Australia security codes for transferring money are sent to your phone by text. So they could then hack into her internet bank and steal some money.
I am trying to figure out how this was done:
- Did they have additional id information about this woman, as presumably the phone company would have asked for it? Optus is refusing to comment apparently.
- Did having the sms recovery function on email and facebook allow this to happen? From which they got her date of birth and bank account details.
- Is then possible to change your internet banking password using information on bank statements? (I have done it, but can't remember.)
So much security information in Australia goes through your phone, internet banking, centrelink, medicare. Also it really can be that easy to change your sim card and keep the same number. I did in a shop going from a micro-sim to a nano-sim. But I did need to show id, but it took seconds.