IT SEEMS ABSOLUTELY nobody and no website is safe from scammers, and it’s getting harder and harder to tell the scams from the genuine communications.
Recently, we were planning a trip to Melbourne. We’d be travelling right across the city to get to our destination and making a number of trips into town along toll roads during our stay.
We went online to organise a temporary toll pass through Linkt.
After filling out the form, we were informed that there would be a $3.53 charge for Vehicle Licence Plate recognition, which was a little annoying but unavoidable.
As things turned out, our trip to Melbourne had to be cancelled.
A week or so after our intended return (and therefore while our temporary Linkt pass was still current and active) we received an SMS text message stating “From E-Toll System: Dear E-tag holder, our system shows that you have an uncharged toll trip (followed by a link, which we have removed in case anyone clicks on it by mistake)”
Now here’s the thing: we don’t have an E-tag; we didn’t travel to Melbourne; we didn’t use any toll roads.
Linkt’s website recommends deleting the SMS and, naturally, not clicking on any links within the SMS. Sounds pretty logical, but when I tried to report the scam to them, the scam report form required me to upload the SMS message. And it wouldn’t submit the scam report without the uploaded file … pretty difficult to do since I had followed their own advice and deleted it! Adding insult to injury, the form asked me our home state, or in which state we had travelled and incurred a toll. The only three options were Queensland, New South Wales or Victoria. We don’t live in any of them, and we hadn’t travelled on a toll road in any of them.
I finally emailed Linkt, gave them all the information, and asked for an explanation of how a scammer was able to get our details (we have never before received any communication from Linkt, or anyone purporting to be Linkt, and it is highly unlikely to be a coincidence that it has happened within weeks of entering into an agreement with them).
Some time later, I received a standard format response: “Thanks for getting in touch about the SMS you’ve received. We appreciate letting us know about this.
We are aware of these messages going around and have flagged them with our cybersecurity team.
Please delete the SMS received, do not click on the link.
If you’re concerned about your account details, you can update them by logging in directly via the website at linkt.com.au or the Linkt app.
You can also send a screenshot of the SMS for us to check further and to smsscams@linkt.com.au that will help our Cyber Security team in shutting the scam down.
If you have any questions regarding this matter, please contact Linkt on 13 33 31 or reply to this email and quote your Customer Case Number XXXXXXXX.
Thank you for contacting Linkt. Safe travel.”
Notice that the response failed to answer (or even acknowledge) my concern that somebody had obviously accessed our data. I have contacted Linkt again, and again requested information about how our data was accessed, what other data may have been breached, and what the company is doing to ensure information is kept confidential.
A day after my second enquiry, I received another email from Linkt. We reproduce it without any corrections or alterations:
“Linkt is always make sure that your informations are secured.
There has not been a security breach of Linkt’s system. Phishing scams send messages to as many phone numbers as possible in the hope that the recipient will click on the link.
We have a Cybersecurity Team for these kind of concern. Customers reporting these messages assists us in having these sites taken down and prevents others from receiving the scam.
Thank you for contacting Linkt. Safe travel.”
Hardly reassuring, I think you’ll agree.
Recent data breaches against Medibank and Optus have made us all even more aware of the risks involved. Legislation has been enacted to hold companies more accountable for the security of the data they hold on customers.
The message doesn’t seem to have got through to Linkt.