Everyday email cost Victorian Grandpa $26,000 after it was intercepted by scammers
A Victorian grandfather has put the banks on notice after a sophisticated ruse left him thousands out-of-pocket.
Bill Hall was in the middle of building an extension to his “Grandpa apartment”, preparing to have his son and grandkids move in, when the unthinkable happened.
The 76-year-old grandfather from Hurstbridge, Victoria, had been emailed what seemed like a run-of-the-mill invoice from his builder.
Without a second thought, he paid the $26,345 which was owed.
In March, three weeks after Mr Hall paid the invoice, he was called by his bank’s (Bendigo Bank) fraud department.
The invoice had been intercepted by sophisticated scammers who changed the payment details to an account they had opened with Citibank.
According to Mr Hall, his bank told him there was a concern from Citibank that the money had been transferred into a suspicious account, not the builder’s account.
Want to stream your news? Flash lets you stream 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >
He had fallen victim to what is known as a business email compromise scam.
“I was able to scratch up another 10 grand to give to the builder but still I don’t have the other ten grand,” Mr Hall said.
He’ll need to tap into his mortgage to cover the $10,000 he is now short.
He described the gut wrenching feeling when informed he had in fact been duped.
“You just sort of get a real knot in your guts,” Mr Hall told news.com.au.
“I want to pursue a just outcome. There’s no point in being bitter and twisted and all that.”
Mr Hall has been working hard since to recoup his losses with only little success.
Of the over $26,000 taken from him, only $6,000 has been returned and attempts to get his money back have been littered with hurdles.
He claims he was told by Citibank there was little they could do in the way of compensation as he was not a customer.
A subsequent Australian Financial Complaints Authority complaint also fell flat for the same reason.
“(They) won’t take any notice of me because I’m not a Citibank customer,” he said.
The build which was initially supposed to cost him $26,000 has now cost the self funded retiree over $40,000 thanks to the scammers.
News.com.au understands the scammers may have been able to satisfy some banks’ identity verification processes with legitimate but illegally acquired identification documents.
‘Do more’: Calls for banks to step up
Consumer protection firm, Consumer Action, said bank scams were at “crisis level”, calling on banks and payment system providers to do more.
CEO Gerard Brody said scam victims will bear the growing burden of financial losses without more action from government and the banks.
“It is an extraordinary fact that anyone in Australia with a phone or online presence is now being targeted by highly sophisticated scam-crooks out to thieve and steal,” he said.
“Every day we are hearing more terrible stories from people calling our helpline who have lost everything by falling victim to highly sophisticated crooks.”
Mr Brody shared the example of a mother and her three daughters, all with serious mental health challenges, and how they were scammed out of approximately $74,000.
On another occasion, an elderly client lost his life savings an email which gave scammers access to his online banking, drained $19,000 from his account.
While the ACCC says Australians are scammed out of billions each year, Mr Brody believes the cost is much higher with ASIC research showing only around 13 per cent of victims report when they’ve been scammed.
He said those who fall foul of bank scams should be reimbursed.
“While efforts have been made by telcos to limit scam calls and texts, the payment system is still not safe from scammers,” he said.
“Where payments are unauthorised, like card fraud, the bank reimburses the customer. They face an incentive to improve their systems and we’ve seen losses from card fraud come down substantially over the last few years.
“However, where someone is tricked to authorise a transaction to a scammer, they are unlikely to be reimbursed.
“This doesn’t make sense, and banks should be required to appropriately reimburse blameless victims for scam losses.”
Making the banks liable for losses to scams would incentivise banks to invest more in fraud prevention according to Mr Brody
“It’s not fair that individuals bear the full losses associated with scams and so what we’re calling for is stronger measures in place to prevent fraudulent bank transactions from being processed”.
Mr Hall also felt too much of the heavy lifting was needed to be done by customers saying banks were “leaving it up to us”.
“We’re not all IT experts, and we’re not experts in scams,” he said.
Banks say customer security is a team effort
Ben Rix from NAB Group’s (which acquired Citibank in June) investigations and fraud team said “devastating” scams had been on the rise in recent years requiring both banks and customers to be vigilant.
“It’s upsetting to see the devastating effects these can have on the impacted victims,” he said.
“Business email compromise scams and investment scams are some of the most reported scams by our customers.”
Mr Rix said customers were encouraged to use PayID, BPAY or double-check account numbers with the recipient when making payments.
“PayID can help prevent scams like business email compromise and invoice fraud,” he said.
“We encourage everyone to remain vigilant and alert on what to look out for to keep themselves safe from scams.
“If anyone believes they have been victim to a scam or notice any fraudulent activity, they should take action and contact their bank immediately.”
A spokesperson from Bendigo and Adelaide Bank said it was constantly on the lookout for threats and that it is working hard to mitigate them.
They said customers also play an “important role” in securing their own information online.
“We would like to take the opportunity to remind customers of the important role they play in keeping their information secure as we continue to look for new ways to detect and neutralise threats to their online security,” the spokesperson said.
“Cyber fraud is a complex and challenging area for banks, customers and indeed all businesses.
“The Bank’s security staff remain vigilant and work closely with Australian cybersecurity agencies and our intelligence partners to detect any malicious or abnormal behaviour.
It too suggested customers used Pay ID.”
Bank scammers are ‘transnational, well resourced, resilient and ruthless’
In an op-ed published in News Corp papers in July NAB’s Executive of Investigations and Fraud Chris Sheehan said bank scams were becoming more frequent and sophisticated.
The ex-AFP officer with over 27 years of experience fighting fraud and other serious crime said the impacts were “devastating” and the operations were often run by serious criminals.
“This is not a case of a couple of kids with a laptop operating out of a garage,” he said
“These are the same criminals running drug trafficking rings and organised crime syndicates. “They are transnational, well resourced, resilient and ruthless.
“It’s distressing to see the impact these criminals are having on many families and communities.”
According to the ACCC, Australians lost over $2 million to scams in 2021 alone.
Around 96 per cent of Australians reported being exposed to scams in the last five years, with half saying reporting weekly or daily basis incidents.
Mr Sheehan said there were four major scams becoming frequently reported:
• Investment scams: People tricked into transferring large sums of money to scammers pretending to provide legitimate investment options. While the theme varies, fake cryptocurrency scams are currently most prevalent.
•Business email compromise: Where scammers hack into email accounts and change the payment details on invoices, or request payments to new accounts.
•Romance scams: Targeting vulnerable people or those looking for a companion, convincing them to transfer money to help their cause.
•Remote access scams: Where people are targeted by phone, email or SMS by scammers pretending to be from your bank, telco or a government agency.