Fake Qantas Telephone Scam currently active

[rechoboam]

Just an FYI

People are being sent texts asking them to call 1800 227 4500 due to a flight change, which is their US number, but from an Australian SIM/account you seem to connect to 1800 227 450 which is an Australian number, and routes to an Indian scam shop. They ask for your booking reference and surname, after which they log into “manage your booking” for various types of mischief, chiefly demanding a credit card payment because of the rebooking.

Because people calling the US number with an Australian phone are often doing so because of a flight change, it’s pretty effective.

Qantas have been informed but the scammers are still happily answering the phone.

 

[rechoboam]

I’ve been told Qantas have been directly contacted and all they said was “we are aware of scams going around, report it to Scamwatch”

 

[aikman]

What is the point of reporting it to Qantas? what can they do? Disable the Manage My Booking function indefinitely?

 

[henrus]

What is the point of reporting it to Qantas? what can they do? Disable the Manage My Booking function indefinitely?

Some carriers won't allow full manage booking capabilities until some form of login or SMS/Email verification is undertaken (with the SMS/email noting that the airline would never ask for that code).

 

[boblee]

Qantas should really step up their game here. "report to Scamwatch" isn't exactly helpful when people are actively being scammed. disappointing response from them.

 

[rechoboam]

What is the point of reporting it to Qantas? what can they do? Disable the Manage My Booking function indefinitely?

Speak to the domestic provider or get a court order to shut down the phone number that is identical to the US number and being used as we speak by international organized crime for fraud and identity theft. It’s not complicated. They should have had control of this phone number from the time they took the US one, without strong 2FA you could have guaranteed someone could do this.

 

[kamchatsky]

These kinds of scams unfortunately will continue to rise unless every corporation does its bit and increases its cyber security capability. It is time that all airlines increase their security in managing customer's tickets. Also, airlines should be educating the customers, maybe providing cyber security notices after they have booked their tickets in an email, website etc.

 

[Princess Fiona]

Speak to the domestic provider or get a court order to shut down the phone number that is identical to the US number and being used as we speak by international organized crime for fraud and identity theft. It’s not complicated. They should have had control of this phone number from the time they took the US one, without strong 2FA you could have guaranteed someone could do this.

The phone numbers are not the same. The Australian one is shorter.
This scam has been doing the rounds on various airlines.
SQ have also had their US assistance number plagiarized into an Aussie 1800 number at some point.

That being said it’s relatively easy to find out who owns the scam number impersonating QF. It has been active since 2021.
QF legal could and should get it taken down.

 

[aikman]

2FA is problematic for plane tickets where 1 person usually make bookings for multiple people. Then you have bookings made by travel agents and partner airlines. Will QF redesign their entire processes at the cost of millions because of a scam tricking people into handing over credit card numbers? Probably not.

 

[rechoboam]

The phone numbers are not the same. The Australian one is shorter.
This scam has been doing the rounds on various airlines.
SQ have also had their US assistance number plagiarized into an Aussie 1800 number at some point.

That being said it’s relatively easy to find out who owns the scam number impersonating QF. It has been active since 2021.
QF legal could and should get it taken down.

How can you tell who owns the number and for how long?

I agree the numbers are different but in practice not, as the extra digits are simply ignored.

 

[rechoboam]

2FA is problematic for plane tickets where 1 person usually make bookings for multiple people. Then you have bookings made by travel agents and partner airlines. Will QF redesign their entire processes at the cost of millions because of a scam tricking people into handing over credit card numbers? Probably not.

It won’t help here anyway. They will go to manage your booking, enter the reference and name. Then they tell the unsuspecting caller - “we just sent you a highly confidential text to ensure your security” and when you give it to them, they just enter it themselves.
You can manipulate 2FA a variety of ways very easily without needing to compromise SIMs, if you can redirect people to the wrong website. Easiest is to set up a similar looking website, send a link, and when they send credentials to your scam website you just enter those credentials into the real one. They enter their 2FA into your fake website, you take it and put it in the real one.

 

[Princess Fiona]

How can you tell who owns the number and for how long?

I agree the numbers are different but in practice not, as the extra digits are simply ignored.

Very easy
ACMA

 

[PaulST]

I was caught out by this and lost around $600. My bad, but it's a pretty sophisticated scam. I'm flying back ton QF12 tonight and will see if Westpac can do a charge back when I get home (they already said they can't on the phone but I'll try calling them again.)
I told (the real) QF on the phone and they've created a customer care number to which I've emailed all of the details but haven't heard back yet.

 

[rechoboam]

I was caught out by this and lost around $600. My bad, but it's a pretty sophisticated scam. I'm flying back ton QF12 tonight and will see if Westpac can do a charge back when I get home (they already said they can't on the phone but I'll try calling them again.)
I told (the real) QF on the phone and they've created a customer care number to which I've emailed all of the details but haven't heard back yet.

I have made Qantas aware via social media and they have replied and made it clear they have no interest in shutting it down, so I would think they are at least morally liable for the ongoing losses

 

[equus]

Very easy
ACMA

And tracing that through, lead to finding Symbio warned for not investigating alleged scam calls - so the number is associated with a Telco known to have issues with not following up on scam warnings.

 

[Forg]

Oh … I just assumed this thread was a reference to the FF program itself … nothing to see here, carry on!

 

[p--and--t]

Not sure how QF can be "morally liable" for customer that falls for a trick for every scammer that tries it on and can change the number at will. It's whack.a.mole from a third party with no control or ability to prevent.

My question would be who sold the 1800 number and what checks were made by the Telco before activating it and allowing it to be redirected to a dodgy call centre in India, Dubai or elsewhere that is more than likely running multiple scams in different industries simultaneously.

Additionally, what is the process/agency for the scam to be communicated to the Telco and what proactive action is being taken by the Telco to prevent, monitor, and kill the access.

 

[rechoboam]

Not sure how QF can be "morally liable" for customer that falls for a trick for every scammer that tries it on and can change the number at will. It's whack.a.mole from a third party with no control or ability to prevent.

My question would be who sold the 1800 number and what checks were made by the Telco before activating it and allowing it to be redirected to a dodgy call centre in India, Dubai or elsewhere that is more than likely running multiple scams in different industries simultaneously.

Additionally, what is the process/agency for the scam to be communicated to the Telco and what proactive action is being taken by the Telco to prevent, monitor, and kill the access.

The process would be Qantas instructing or getting a court order to have the number closed. Yes it is of course whack a mole but they can’t just refuse to whack when the mole is disrupting their business.

 

[p--and--t]

The process would be Qantas instructing or getting a court order to have the number closed. Yes it is of course whack a mole but they can’t just refuse to whack when the mole is disrupting their business.

And after spending 0,000's and many weeks on obtaining that court order and waiting for it maybe never to be actioned and if it is actioned the number changed to a new one within hours and the scam continue unabated.

 

[Princess Fiona]

And after spending 0,000's and many weeks on obtaining that court order and waiting for it maybe never to be actioned and if it is actioned the number changed to a new one within hours and the scam continue unabated.

The number when called from an Aussie sim is supposed to be +1 800 227 4500

Perhaps QF could change their auto text to reflect this?
I can see why people might just assume it’s a regular 1800 number in Australia and not bother adding the “+” prefix. Dialing the scam 1800 227 450(0)

Might be easier than getting the Australian scam 1800 number removed but likely would still catch some people out.