Having their identify stolen via phone porting, Melbourne couple returns from holiday to discovered their bank accounts were drained, shares sold and 20 new credit and debit cards created under their names. The semi-retired couple’s first indication that something was wrong was when the husband’s phone’s reception switched to SOS. The couple contacted their banks, credit card providers and phone provider to notify them. Thinking that their accounts were now safe, they went on holidays the next day. The attackers had ported their phones and while the couple was overseas, accessed their emails, messaged their friends, family and work clients to scam them. The wife received scam WhatsApp messages from the husband’s account while they were both on holidays. Attempts to contact their banks while overseas were unsuccessful as they were told to go into a branch to confirm their identity. In the end, they returned from their holidays with $325,000 stolen from their bank accounts, $45,000 worth of their shares sold and 20 credit and debit accounts created in their names. They were not sure how hackers got access to their license and passport details but said they were victims of the Medibank and Latitude data breaches. This incident highlighted several issues, including the ability for cybercriminals to open online accounts without the bank verifying the person behind those accounts, that phone porting disables the effectiveness of MFA and the victim blaming mentality of banks. There are calls for more regulations to be put on banks so they are compelled to better detect and respond to identity theft due to fraud and scams.
This segment was created for the It’s 5:05 podcast