Telstra rolls out anti-phishing pilot for feds

Denham Sadler
National Affairs Editor

Telstra will roll out a program to block malicious text messages pretending to be from Services Australia agencies by the end of the year, with the federal government looking to apply this to all telcos.

Telstra chief Andy Penn said on Tuesday the company had completed a proof of concept for a new program that prevents illegitimate phishing text messages impersonating myGov and Centrelink from reaching Telstra customers.

“The level of activity that we’re experiencing in relation to cybercrime is very, very significant so this is going to be very, very important,” Mr Penn said in a media briefing on Tuesday.

Andy Penn
Andy Penn: Getting on top of a phishing spree in Australia

“It’s about working with key organisations, in this case the government, to identify the legitimate sources and then identify the illegitimate and malicious activity and block out the illegitimate stuff,” he said.

“Conceptually it doesn’t sound hard to do, but what makes it hard is the scale of traffic and activity that we are dealing with, and that the scammers and the perpetrators of this are very good at trying to look legitimate. They don’t make it easy to find, and every time you find the illegitimate source, they move it to a different source.”

Telstra has been working and sharing data with the Australian Cyber Security Centre on these cyber scams, Mr Penn said.

“It’s not so much that the ACSC has something we don’t have. We both look at the world through a different lens and we have access to information that the other party doesn’t have. By bringing that together and working together we have increased our chances at eliminating or mitigating the risk of being subject to attack,” he said.

According to government, the ACSC received 60,000 cybercrime reports from individuals and businesses in the last year, with malicious actors adapting their schemes to exploit the COVID-19 crisis.

In the last financial year, about 920 Australian citizens had a Centrelink payment defrauded, while over 27,000 individual pieces of information were stolen from citizens because of someone impersonating a government agency such as Centrelink or myGov, government services minister Stuart Robert said.

The new program will only block such text messages for customers on Telstra’s network, but defence minister Linda Reynolds said the government would look to launch similar programs with Australia’s other telcos if it is successful.

“While the pilot itself won’t stop all malicious messages, it is an important next step to broader industry-wide protections for our smart devices,” Senator Reynolds said.

Telstra will also be looking to roll out similar programs in partnership with other large organisations, such as the big banks. The technology has already been trailed, with Telstra looking to fully roll it out by the end of the year.

Telstra announced earlier this year that it would be investing significant funds into its new Cleaner Pipes program in an effort to identify and block malicious websites.

The expansion of cleaner pipes programs was also included in the industry advisory panel’s recommendations to government, calling for the industry to be “empowered” to automatically block known cyber threats. The panel was chaired by Mr Penn.

The federal government’s 2020 Cyber Security Strategy referenced Telstra’s Cleaner Pipes plan and outlined how the government will support businesses to implement automatic threat blocking technology.

The strategy said the government will consider potential legislative certainty for telcos when implementing this type of technology, but Mr Penn said no new laws are needed for Telstra’s scheme to go ahead.

A recent report by the Australian Strategic Policy Institute also called on the government to fund a Clean Pipes cybersecurity strategy to provide better levels of default security for customers.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories