A 19-year-old Sydney man was arrested by the Australian Federal Police (AFP) this morning and charged with an alleged attempt to extort victims of the Optus data breach. The AFP actioned a search warrant at the Rockdale home following a text message scam and seized the linked mobile phone at the scene.
The man attempted to blackmail Optus customers whose data had been published as part of the initial Optus data breach in which the unidentified hacker released the sensitive information of 10,000 Aussies. Taking the leaked mobile phone numbers, the man texted at least 93 customers claiming he had their personal information from the Optus breach and threatened this information would be sold for fraudulent activity if the recipient did not pay $2,000 to a specified bank account.
The scammer behind this message is not believed to be the hacker behind the Optus breach. This scam is an example of one cybercriminal piggybacking off another. The original hack left an opportunity for other malicious actors to impersonate the hacker, impersonate Optus, or simply use the details that were leaked to create panic-inducing phishing and blackmail scams.
We can expect to see more scams around the Optus breach as this event has caused anxiety across a large group of Australians making millions vulnerable to believing these kinds of messages under the circumstances. For this reason, Optus has confirmed they will not be including any links in their communications.
The AFP believes no one has paid the blackmail from this scam attempt.