An Australian small business owner has described the moment she realized her phone and bank accounts had been hacked by fraudsters who took $50,000.
The woman, who asked to be named Jenny, said she and her husband both run a small healthcare business and first noticed something unusual on January 9 when she received a call from National Australia Bank.
NAB told her that they had detected suspicious activity on her account, which they would follow up on, but just minutes after the call, both her and her husband’s phones went into SOS mode and could not be unlocked.
Jenny told 2GB’s Ben Fordham that she later discovered that both their numbers had been ‘ported’ to devices owned by the fraudsters, which then allowed them to receive the two-factor authentication codes needed to access accounts.
Jenny said the fraudsters hacked into her NAB, St George, CBA and Paypal accounts in two days and siphoned off a total of $50,000.
NAB told her that they had detected suspicious activity on her account which they would follow up on, but just minutes after the call, both her and her husband’s phones went into SOS mode and could not be unlocked
“I had never heard of porting before and even some people when you go to the bank say, ‘what is that?’” Jenny said Thursday.
“If you have credit cards somewhere, they can open new cards and they just go crazy.
“We went to our business phone center and they said, ‘Looks like something’s happened in Melbourne’ and told them to call back at 2pm on a public phone.
“Well I called back at 2pm on a public phone, which not all of them work by the way, and as soon as I answered he said go get two $10 SIM cards from the nearest Telstra store and put them in your phones.
“We were like, ‘What’s going on?’
She said NAB was first alerted when someone posing as Jenny called the bank to request that her credit limit be increased so she could buy a car for her daughter.
According to the ACCC, number porting scams are an increasing threat, with scammers pretending to be you to trick your telecom company into porting your number to a device they own.
Once this happens, they can use information like your name, address, or any passwords they’ve hacked to make transfers or get credit in your accounts, which they quickly empty.
Jenny told 2GB’s Ben Fordham that she later found out that both their numbers had been ‘ported’ to devices owned by the fraudsters, which then allowed them to receive the two-factor authentication codes needed to access accounts
“We have no idea how this transmission happened,” Jenny said.
“It’s taking over your life, we need new licenses, new passports, new Medicare cards, my Apple account is gone and it’s going to take 30 to 40 days to get a refund.”
Jenny said her accounts had been put on hold and she was trying to get the money back.
“St George stopped them at the gate, they only got $50 because they were on it straight away.”
She said the rest of the money is being returned “in piecemeal fashion.”
“NAB has been pretty good,” she said.
Between 2018 and 2019, Australians lost an estimated $5.4 million to fraud.
New rules introduced by the Australian Communications and Media Authority (ACMA) in 2020 have tightened controls around porting, reducing the impact of the scam, but the problem persists as fraudsters find clever ways to game the system mislead.
In 2021, the ACMA issued warnings to Telstra, Optus and Medion Mobile, saying they needed stricter processes to check identities before porting numbers.