Victorian bulk porting scammer gets over two years in prison

A 35-year-old man from Lynbrook, south-east Melbourne, has received a prison sentence of two years and two months, with a 12-month non-parole period, for a bulk phone number porting scam.

He was arrested in March last year, having tried to port, or move, 86 mobile numbers registered with other telcos 193 times.

In 44 cases, the porting succeeded without the rightful owners consenting to moving the mobile numbers to a different telco.

The bulk porting took place in July 2024, and was discovered by the receiving telco which the AFP did not name.

AFP said porting scams involve the transfer of a victim's mobile number to a device or subscriber identity module (SIM) controlled by a scammer.

Once the number has been transferred to the scammer's device, it can then be used to bypass multi-factor authentication (MFA), to access bank accounts and other sensitive information.

Detective superintendent Bernard Geason of the AFP urged people to be alert to unexpected text messages from their mobile service providers, claiming the victims have requested their numbers to a different network.

“Alternatively, if your mobile phone service is suddenly disconnected, or shows ‘SOS only’, this could also be a warning sign your number has been transferred to another provider without your authorisation," Geason added.

It was critical to contact mobile phone providers immediately, if unauthorised porting is suspected, and also to take steps to freeze or put a hold on bank transfers, and to cancel any potentially affected cards.

Geason said that mobile phones have become valuable targets for scammers.

SpinTel penalised for unauthorised number porting

Earlier this month - in a separate, unrelated incident - the Australian Communications and Media Authority (ACMA) penalised SpinTel $59,400 after finding scammers used a vulnerability in its systems to gain access to one-time verification codes used for MFA.

Between February and March 2025, scammers were able to transfer 10 consumers' mobile numbers without authorisation which resulted in losses of over $45,000.

An ACMA spokesperson told iTnews that the unauthorised ports occurred because the attackers were able to exploit a weakness in SpinTel's verification processes.

"Consumers reported unauthorised access to their emails, bank and/or government service accounts after their mobile numbers were taken over by bad actors through unauthorised ports," the ACMA spokesperson said.

iTnews asked SpinTel for more details on how the bad actors compromised the telco's systems, if they had been identified and reported to the police, and if the customers who lost money had been reimbursed but did not get any answers to those questions.

"We acknowledge the findings outlined by the Australian Communications and Media Authority and take our regulatory obligations seriously," SpinTel's chief executive Liam Bal responded.

"The issue related to a short period in early 2025 and was addressed promptly once identified," Bal added.

Bal said SpinTel has implemented additional safeguards and continue to strengthen its systems, monitoring and compliance processes.

On top of the $59,400 payment to ACMA, SpinTel also entered into an 18-month court-enforceable undertaking requiring an independent review of its security arrangements, and implementation of recommended improvements.