Optus Data Breach Phishing Email — What Australians Need to Watch For
Following the major Optus data breach, scammers are sending emails pretending to be from Optus asking you to verify your identity or update your account details. Optus will never ask you to provide personal information through an email link. These phishing emails exploit the breach to steal more data.
Think this email is a scam?
Forward it to us and get a free risk assessment in under 60 seconds.
How This Scam Works
Critical Risk — Exploiting a Real Data Breach
Following the Optus data breach, scammers are sending phishing emails pretending to be from Optus. These emails exploit the breach to steal even more personal information. Optus will never ask you to provide personal details through an email link.
After the major Optus data breach — which exposed the personal data of up to 9.8 million Australians including names, dates of birth, phone numbers, email addresses, driver's licences, and passport numbers — scammers began sending phishing emails impersonating Optus.
These emails claim to be official Optus communications about the breach and ask you to verify your identity, update your security settings, or claim compensation through a link. The link leads to a fake Optus website that captures your login credentials and additional personal information the scammers may not already have.
This is a double threat: the breach itself exposed personal data, and the phishing emails exploit the fear from the breach to steal even more. The ACCC and OAIC (Office of the Australian Information Commissioner) issued urgent warnings about this secondary wave of scams.
Red Flags
- Claims to be from Optus regarding the data breach
- Asks you to verify your identity or update details through an email link
- Offers 'compensation' for the breach that requires you to enter personal information
- Sender address is not from @optus.com.au
- Link does not point to optus.com.au
What You Should Do
What To Do
- Do not click any links in the email
- Go directly to optus.com.au for any official breach updates
- If you were affected by the breach, follow Optus's official guidance for credit monitoring
- Consider a credit ban through the three Australian credit bureaus if your identity was exposed
- Report the phishing email to Scamwatch
How to Verify Legitimately
For official information about the Optus data breach, go directly to optus.com.au. Optus set up a dedicated page for breach-related updates and affected customers. You can also call Optus at 133 937 or contact IDCARE (1800 595 160) for free identity theft support if your data was compromised.
Sources
- ACCC Scamwatch — Customers warned to watch out for scams following Optus data breach
- OAIC: Advice on Optus data breach
- Optus data breach: up to 9.8 million customers affected (September 2022)