This Sunday morning, my mobile phone rang. It was an unknown number.
“Hi, I’m calling from the Western Australian Museum. A few tickets are available for today’s event ‘In conversation with James Cameron.’ Are you interested?”
Of course, I’m interested! The tickets were already sold out. I had joined a waiting list on the WA Museum website. The conversation continued and I got offered two tickets and only four of them are left. Lucky me!
You know where this is heading, right? The person wanted my credit card details over the phone to lock the tickets. I asked about other payment options like paying at the venue (“No!”) or paying on the WA Museum website (“Again, no!”). Then I did what I had to do — I declined to give my card details, and the call was cut.
I immediately sprang to action — I informed this incident to two of WA Museum’s email addresses with the subject “Possible SCAM.” I also reported it at WA ScamNet website maintained by the WA Department of Energy, Mines, Industry Regulation and Safety (DMIRS). I knew about this website because I had attended an “All About Scams” session organized by DMIRS last year.
Protect Yourself from Scams
Do not give out your personal, credit card or online account details over the phone unless you made the call and the phone number came from a trusted source.
– WA DMIRS ScamNet website
The Twist Ending
Within an hour, I received an email from WA Museum confirming that it was a genuine call and they did indeed collect credit card info over the phone to issue the last remaining tickets of the James Cameron event!
On one hand, government agencies and cybersecurity professionals spend time, effort, and money to educate people about social engineering and phone scams. On the other hand, entities belonging to the same government follow questionable processes making people vulnerable to scams and lose their hard-earned money. I hope WA Museums will review their practices to ensure that their customers are safe from social engineering, scams and phishing.
And, dear James Cameron…
…if you are readings this: We are all fans of your films! We deeply admire your contribution to science, technology and deep sea exploration. Keep doing the good work!
During the upcoming school holidays, we will definitely visit WA Maritime Museum’s exhibition “JAMES CAMERON – CHALLENGING THE DEEP.”
Report all online scams you encounter to the WA ScamNet website by DMIRS.
UPDATE: 28 MARCH 2024
WA Museum has replied to me about this incident.
Thanks Anas for raising this important issue. Unfortunately, we were only able to release additional tickets late on Saturday afternoon. The team were focused on doing the right thing for those on the waitlist, and as soon as we realised it was causing concern, we changed our approach and emailed the remaining people. We always strive for best practice and continue to look at ways to improve our customer experience. We will apply the lessons learned here in the same way.
– WA Museums on LinkedIn
UPDATE: 30 MARCH 2024
A very intense discussion happened about this topic on r/Perth on Reddit. Some people supported me, some others were against me, some people didn’t know what the problem was. I learned a lot of new things like WA Museums being a statutory body, Cybersecurity principles like the ASD Essential Eight, how calls are routed internally from 1300 numbers…
I have an observation that I got ten times the reach on Reddit (20,000+ views) compared to Linkedin (2,000+ views) within three days of posting the story on both the platforms.
