An Australian woman lost nearly $40,000 after a scammer accessed her online banking information from an old phone she dropped off at an e-waste scheme.
Harmony Antoinette was relaxing in her Melbourne home when she received the strange notification asking her to enter a code.
However, within an hour, she lost almost $40,000 after the hacker made several online purchases using her wallet ID.
Ms Antoinette, who worked in financial services for 14 years, was extremely careful not to open phishing text messages or respond to scammers.
She believes her details were taken from an old phone after she dropped it off at an e-waste program in Melbourne.
Harmony Antoinette (pictured) received a 'strange' notification on her phone and within an hour $40,000 was stolen from her account
Ms Antoinette immediately called the Commonwealth Bank to inform them of the scam and to have her account frozen to prevent unwanted transactions.
The Commbank employee assured Ms Antoinette that her banking affairs would be reset and the transactions could be reversed.
“The lady I spoke to was nice and reassuring and told me that I had called in time and that the transactions could be reversed because I had called so quickly, and she was very apologetic,” Ms Antoinette said. 7News.
“While on my way to work, I received another notification that a transaction had been initiated by my wallet ID.”
However, Ms Antoinette then started receiving email notifications from retailers about online purchases, including more than $2,000 on Catch.com.au and an email from JB Hi-Fi about a purchase they had rejected due to suspected fraud.
Ms Antoinette then called the CBA's fraud department, who told her they believed she had made the purchases.
A total of $40,000 was debited from Ms Antoinette's account, half of which was reversed overnight.
Ms Antoinette is fighting for the remaining $20,000 – which consists of seller deductions – and fears her identity and personal information have been compromised.
“I thought it would be good because I've been banking with CommBank for 14 years…I thought it should show that I'm a legitimate customer,” she said.
'They just made me feel like a criminal. Why would I cause myself so much stress if I did this on purpose? I'm really afraid for my safety and my identity.'
Ms Antoinette has filed a complaint with the Australian Cyber Security Center and changed her online details.
Ny Breaking Australia has contacted the Commonwealth Bank of Australia for comment.
CommBank explained that the fraud occurred after a third party gained access to Ms Antoinette's device and the access codes registered to her CommBank Tap & Pay – an account she had linked to her banking profile for three years.
“In this case, the disputed transactions were made from a device registered in the customer's CommBank app,” a CommBank spokesperson said.
'The transactions have therefore not been classified as suspicious or unusual. We encourage customers to be vigilant and protect their personal information.”
The hacker accessed Ms Antoinette's banking details from an old phone and used her information to make online purchases from retailers (stock photo from CommBank transaction notification)
Commbank urged its customers to uninstall the banking app and reset their phones to factory settings to erase personal data before recycling their old devices.
“Customers should uninstall the CommBank app and factory reset a device to erase all your personal data, including any passcodes before disposing of, giving away or selling a device,” they said.
'Customers can also log out of the CommBank app on another device within the app.'
The bank is working with Ms. Antoinette to resolve her complaint and the disputed transactions.