A Sydney couple are warning Aussies to stay vigilant after they lost more than $100,000 in less than two hours.
They are not the first to fall victim to email scams that pose as well-known payment services to swindle people out of their hard-earned savings.
“It’s years of savings gone up in smoke. It’s a lot of hard work, a lifetime of hard work,” Ben told 9 News on Wednesday night.
He said he received what he believed to be an automated email from PayPal with a payment request.
At the bottom of the email, the scammer posing as PayPal directed him to call a specific mobile number if the payment request appeared fraudulent.
Realising the email seemed suspicious, Ben followed the instruction and called the mobile number that unknowingly linked him with the email scammer.
“The people were telling me on the phone there were multiple fraudulent transactions and I had to go through a series of steps to get rid of those transactions,” he said.
Thinking he was speaking to a customer service operator from Macquarie Bank he answered every question relating to his personal details, debit card numbers and a series of one-time passcodes.
He was told the one-time passcode would confirm the cancellation of each fraudulent transactions.
In reality, he was authorising more than $100,000 in payments to a scammer based in Perth.
The sums started under $1000 but soon the criminal accessed the couple’s home loan account and transferred $55,000 into their offset account that has no spending limit.
The suspicious transactions reportedly triggered Macquarie Bank to contact Ben, but he was still on the phone with the scammers.
“There’s an element of shame that comes with it: You were tricked, you fell for it,” Ben told 9 News.
“I consider myself savvy, I‘ve fended off so many scams in the past.”
Macquarie Bank put a block on the card but did not retrieve the funds, as the couple had passed on the one-time passcodes to the scammers.
Easy hacks to avoid being scammed
1. NEVER call numbers contained in emails or texts
It sounds extreme but put simply, if a scammer sends you a text or an email, they often include a false phone number or email and ask you to contact them.
If a bank or legitimate business tries to contact you, they may also send you a contact number or email.
In the heat of the moment, it is easy to get flustered and just call the number sent to you.
To avoid this, search online for the business’s official website and find the contact page that contains the official customer service line.
2. NEVER read out a one-time passcode over the phone
One-time passcodes are a four to six-digit pin sent to a mobile phone as an additional security measure to authenticate that a transaction is being completed by you.
When the code is sent to your mobile, you will be required to input the OTP within a timeframe.
A bank or legitimate business will NEVER ask you to read an OTP out verbally over the phone, so don’t.
If someone does ask you to do that over the phone, hang up and report them.
A Macquarie Bank spokesman said the volume and complexity of scams and fraud were increasing.
“We’re actively raising awareness among our customers on what to look out for and how to keep their personal information and money safe,” he said.
“Scammers are becoming increasingly convincing and we are continuing to urge our customers to be aware of the devastating impacts of these types of scams and to never share passwords or authentication passcodes with any third party.”