A hardworking Australian who lost his entire superannuation balance of more than $100,000 to a hacker has had his savings returned and his retirement plans back on track.
Aaron Willcox, 43, a data scientist from Melbourne, was shocked when he sat down to complete his tax return on July 10 and discovered his retirement savings had completely disappeared.
The mysterious cybercriminal also transferred hundreds of dollars from the Australian Tax Office (ATO) into his own bank account.
Mr Wilcox was shocked when his safety and privacy were breached and feared he would have to work until he died.
Mr Wilcox told Daily Mail Australia that Hostplus, his pension fund provider, had managed to get the money back late last month.
Mr Wilcox explained that the ATO’s internal fraud team also assisted by putting various security measures in place to block his account.
When asked how he felt, he said he now feels “confident” about his financial future.
“That’s certainly reassuring, but the identity anxiety is still there,” Wilcox said.
Aaron Willcox, 43, (pictured) said he is relieved to get his retirement savings back after a hacker stole more than $100,000 from his pension balance
“I was lucky to get my money back.”
Mr Wilcox said he has changed his bank account and also needs a new mobile phone number.
His ATO account has been blocked and he can only access it through the myGov app on his phone.
The account is also secured with two-factor authentication and the digital MyGov pass and has now been relinked to his super account.
Mr Wilcox strongly warned Australians to take responsibility for their own digital footprint online and urged the government to do more to protect personal data.
He also encouraged people to use the myGovID app to protect themselves from hackers and suggested that super accounts should be allowed to be linked to ATO accounts.
Mr Wilcox previously told the Daily Mail the first sign something was wrong was when he tried to log in to the ATO via MyGov but was met with a barrage of error messages.
He tried to verify his identity through his super account, but access was blocked.
Worried, Mr Willcox logged into his Hostplus account, which was named Best Super Fund of the Year by Money Magazine, to discover that money had been stolen from his pension savings.
All that remained were four documents describing how the money had been transferred to another account, an account that was not his.
Mr Willcox said he was “shocked” and “in disbelief” when asked how he felt at the time.
Mr Willcox, 43, (pictured) discovered his money had been taken from his Hostplus account when he sat down to do his tax return in June
He informed the ATO and Hostplus of what had happened and both organisations launched an investigation.
His super fund account had been cancelled and his ATO account had already been frozen.
“It’s really scary that someone got in and I’m still wondering how,” Willcox said.
They have [hacker] They not only received the super, but also other benefits from the ATO.’
He said it was difficult for ATO officials to provide him with information about exactly how his account was hacked, as it could reveal security breaches.
Mr Willcox said his retirement plans at the time were completely derailed by the trials he endured, until he fought to get his money back.
“You feel invaded,” he said.
A Hostplus spokesperson previously said staff had stopped the transfer of the stolen money and were working to get the money back to Mr Wilcox.
“This issue was not caused by a breach of our systems or controls, but is the result of a compromised myGov account,” the spokesperson said.
‘The security of the myGov platform is outside the control of Hostplus. However, proactive monitoring is still in place to identify and mitigate unauthorised transactions on our members’ accounts.’
Mr Wilcox warned Australians to take responsibility for their own digital footprint online and urged the government to do more to protect personal data (stock image)
An ATO spokeswoman declined to comment on Mr Willcox’s case, citing privacy reasons.
“When the ATO has information that a taxpayer’s identity may be at risk, we put in place strong security measures to protect the taxpayer,” she said.
According to a report by the ACCC, Australians lost more than $2.7 billion to scams in 2023, with more than 600,000 scam reports made.
Australians have fallen victim to three major types of pension fraud: fake pension accounts, early access scams, where people are tricked into withdrawing money early, and fraud, a consumer watchdog says.
Jo Brennan, CEO of Aware Super, said all super funds should have multi-factor authentication (MFA) to ensure the account is secure.
MFA is a security measure designed to protect users by requiring them to provide two or more pieces of identification before they can access a website.
“While implementing MFA does introduce some additional complexity for members logging in, the benefits and risk reductions far outweigh these costs,” she said. Choice.
The hacker managed to gain access to Mr Wilcox’s retirement savings account by accessing his MyGov account (stock image)
Australians are advised to protect themselves from super fund scams by regularly checking their account balances, using strong passwords and not doing business with unauthorised super fund managers.
If you may be the target of someone trying to access your pension, contact your super fund, Scamwatch or the ATO.