An Australian worker is in shock after a hacker stole his entire $100,000 superannuation balance, leaving him fearing he could have to work until he dies.
Aaron Willcox, 43, a data scientist from Melbourne, was shocked when he sat down to complete his tax return last Thursday and discovered his retirement savings had completely disappeared.
And that’s not all: the mysterious cybercriminal also transferred hundreds of dollars from the Australian Tax Office (ATO) into his own bank account.
Mr Willcox told Daily Mail Australia the first sign something was wrong was when he tried to log into the ATO via MyGov – but was bombarded with error messages. He tried to use his super account to verify his identity but was blocked from logging in.
Worried, Mr Willcox logged into his Hostplus super account, named Best Super Fund of the Year by Money Magazine, only to find that his pension savings had completely disappeared.
All that remained were four documents describing how the money had been transferred to another account, an account that was not his.
When asked how he felt at the time, Mr Willcox replied: ‘Shocked… disbelief’.
Aaron Willcox (pictured), 43, from Melbourne, discovered his retirement savings had been siphoned off from his Hostplus account when he sat down to do his tax return last Thursday
He immediately informed the ATO and Hostplus of what had happened, after which both organisations launched an investigation.
His super fund account has now been cancelled and his ATO account was already frozen.
“It’s really scary that someone got in and I’m still wondering how,” Willcox said.
‘They have [hacker] They not only received the super, but also other benefits from the ATO.’
Mr Willcox said he does not know what personal information the hacker now has and that he ‘hopes’ his money is recovered.
“The only little bright spot was… the lady from Hostplus said it looked like they had found the money,” he said.
The incident could also force him to change a large part of his personal details, including his mobile number and email address. In addition, he does not yet know whether he will have to change his tax number.
Mr Willcox fears his retirement plans have been completely derailed by his ordeal.
“You feel invaded,” he said.
Mr Willcox (pictured) fears his retirement plans have now been completely scuppered by his ordeal.
A Hostplus spokesperson confirmed that staff had stopped the transfer of the stolen funds and that they were working to get the money back to Mr Wilcox.
“This issue was not caused by a breach of our systems or controls, but is the result of a compromised myGov account,” the spokesperson said.
‘The security of the myGov platform is outside the control of Hostplus. However, proactive monitoring is still in place to identify and mitigate unauthorised transactions on our members’ accounts.’
An ATO spokeswoman declined to comment on Mr Willcox’s case, citing privacy reasons.
“When the ATO has information that a taxpayer’s identity may be at risk, we put in place strong security measures to protect the taxpayer,” she said.
According to a report by the ACCC, Australians lost more than $2.7 billion to scams in 2023, with more than 600,000 scam reports made.
Australians have fallen victim to three major types of pension fraud: fake pension investment accounts, early access fraud where people are tricked into withdrawing money early, and fraud, a consumer watchdog says.
The hack is currently being investigated by the ATO and Hostplus as a cybercrime incident (stock image)
Jo Brennan, CEO of Aware Super, said all super funds should have multi-factor authentication (MFA) to ensure the account is secure.
MFA is a security measure designed to protect users by requiring them to provide two or more pieces of identification before they can access a website.
“While implementing MFA does introduce some additional complexity for members logging in, the benefits and risk reductions far outweigh these costs,” she said. Choice.
Australians are advised to protect themselves from super fund scams by regularly checking their account balances, using strong passwords and not doing business with unauthorised super fund managers.
If you may be the target of someone trying to access your pension, contact your super fund, Scamwatch or the ATO.
Daily Mail Australia has contacted federal Public Services Minister Bill Shorten for comment.
Mr Willcox said he was bombarded with error messages when he tried to log into the ATO via MyGov (stock image)