The Australian Competition and Consumer Commission's Scamwatch unit is warning people to be avoid clicking on links contained in the scam messages that could come through phone calls, and SMS or social media messages.
Associate Professor for Cybersecurity at Monash University Carsten Rudolph says that ploy by a hacker is worrying because it presents further security risks arising from the multi-factor authentication process.
"Changing from just using a password to a multi-factor authorisation is definitely a good thing to do - because it makes it more difficult to hack into your email, or your bank account, etc. Because the person trying to hack into it - or misuse it - would need the second factor as well. In many cases, the second factor is just a text message to your mobile phone. And at the moment where someone is able to transfer that mobile phone number - owned by the attacker - they would be able to get that second factor (identity verification) as well."
He recommends people use additional layers of protection, such as an authenticator app.
The Scamwatch website advises people affected to take steps including: to secure your bank accounts and to contact your superannuation fund.
Home affairs minister, Clare O’Neil, says she is looking at new cybersecurity laws, including increasing the penalties under the Privacy Act that are currently capped at $2.2 million.
