A local couple in Canning have been left gutted after online scammers hacked both of their myGov accounts in an attempt to release their superannuation funds despite neither of them being eligible for the support package.
If successful, Angie and Ben Bee would have lost nearly $20,000, something that had never happened to them before.
Ms Bee, who is an educator, works casually at the Department of Education and has a part time job as a trainer and assessor for a registered organisation.
She said they had both been very fortunate to keep their jobs and as such they don’t qualify for the super early access scheme.
However, on April 30 at about 8.30am, the couple received separate texts from the Australian Taxation Office saying changes to their account details had been made.
“I initially saw the text and thought perhaps it was part of a scam and had almost resolved myself to ignoring it but my husband showed me his and we felt it was better to be safe than sorry,” she said.
“Having confirmed the number was legitimate, we dialled the ATO direct, while we were on hold, we logged into our myGov accounts and navigated to the ATO link only to receive error messages telling us the links we had previously made were no longer available.
“This set off further alarm bells.”
It turned out the scammers not only found a way to enter the two-factor authentication, but they also created new myGov accounts, tried to link both of their ATO records to the new accounts, and were successful in linking only Mr Bee’s records, all within a matter of six days.
On April 29 they also managed to link Ms Bee’s ATO file to the new myGov account.
“We began to receive messages from our superannuation funds saying our applications had been received/approved,” she said.
“Fortunately, at least one of the funds had further safety measures in place and I was required to call to authorise the transfer.
“The other funds simply stated the applications had been received/approved and would be processed into the nominated bank accounts as soon as possible.
“While one of us was working through locking down our ATO accounts on one telephone, the other was contacting our respective superannuation funds to block the release of funds.”
The scammers then changed their email addresses, mobile phone numbers, and added fake mailing addresses to their personal details within the linked ATO file.
They also submitted an application for $9996 on Mr Bee’s superannuation, claiming that he had had a 20 per cent reduction in income and another two applications for $5000 from each of Ms Bee’s superannuation accounts, claiming she qualified for the job-seeker or other government benefits.
The scammers’ work wasn’t over yet, as they tried to access both myGov accounts once again on May 1.
The scammers allegedly tried to check the status of lodgements, but by that stage the couple had already reclaimed the ATO files and informed their superannuation providers of the fraudulent activity.
“The banking details they used in the application didn’t match our banking details although the BSB numbers matched a National Australia Bank in Victoria,” Ms Bee said.
“We don’t technically qualify for the early release of super scheme.
“This is one of the issues we find thoroughly disappointing, the applications were approved very quickly despite the fact we don’t meet the government’s own criteria.
“Our super funds were very helpful and although they couldn’t cancel the claims outright, they added extra security measures and notes to our accounts to ensure anyone dealing with the claims was made aware they were fraudulent and the funds were not to be released, even if someone rang to request it.
“I fear that some Australians received legitimate text messages from their superannuation funds alerting them of a pending claim and probably ignored them thinking ‘well I didn’t apply, so this must be a scam’ or ‘I don’t qualify, someone’s pulling my leg’.
“In this case, doing nothing was playing right into the fraudster’s hands.
“This has shown us that absolutely no one is immune to identity theft.”
While chatting to the help desk at Services Australia, Ms Bee was informed that scammers will accumulate documentation and maybe store it or put it up for sale on the ‘dark web’ (a part of the internet that isn’t visible to search engines and requires the use of an anonymizing browser called ‘Tor’ to be accessed).
As of now, the couple said they are worried knowing that scammers have their full names, dates of birth, tax file numbers, physical address and other tax, income or banking information that is between three to five years old.
The couple said they haven’t heard back from ATO, but previously said their action plan in the case of tax file compromise is to remove online access to their ATO accounts.
“If we want to see our files to do things like lodge a tax return via eTax, we need to call them and quote a specific code then answer a raft of security questions before they will activate online services for a very small window of time,” Ms Bee said.
“This is a lifelong change; we can’t simply switch this feature off. “We won’t ever have ‘easy’ access to our tax information again.
“The ATO assured us they had escalated the case to their investigations team and what has since come from that is a suspension on any further payments for all Australians via early super release scheme while they increase security and a federal police investigation.”