‘I have done nothing wrong.’ How one man lost $40k in savings to this CBA phishing scam
- Replies 29
The thought of having your hard-earned money just vanish into thin air is enough to make anyone’s blood run cold.
But unfortunately, that’s exactly what happened to one Tasmanian man – who had his entire $40,000 life savings stolen in a matter of minutes.
Syed Rizvi, a 26-year-old electrical engineer, was going about his business one day when he received a heart-stopping wake-up call from his bank.
According to his bank, his transfer limit had been increased to $50,000 – a discovery that ‘shocked’ him since he did not request it.
‘I was left with no money and just before Christmas. I didn’t even have money to put petrol in the car,’ Syed shared with reporters.
Syed immediately checked his Commonwealth Bank account and discovered that $30,000 had already been transferred out.
He ‘panicked’ and called his bank immediately but noticed that another transaction – this time amounting to $9,860 – had been transferred from his account. And just like that, his entire life savings accumulated over four years were gone in a flash.
All of this happened while he was still on a call with his bank.
Upon checking, he noticed that the money was transferred into a CoinSpot account, which is a popular cryptocurrency exchange platform in Australia. Two-factor authentication did not kick in because Syed already made a previous transfer to the cryptocurrency exchange.
The man told reporters that he drove to the police station to report the crime before finally speaking to a CBA customer service representative an hour and a half after his account was frozen.
‘I planned to go on a holiday during the new year but I couldn’t go as I was left with no money,’ he explained. Mr Rizvi added that this incident even affected his mum who had to go to the hospital because she had been ‘so depressed’ upon learning what happened.
‘I couldn’t pay my rent as well. Now I don’t know if I will get my money back.’
As investigations were underway, Mr Rizvi was told by the CBA’s fraud team that the scammer had called and managed to impersonate him by supplying personal details and increasing his transfer limit from $1,000 to a staggering $50,000.
‘They ask only three questions: Your full name, date of birth, and residential address so any person can know these things,’ Mr Rizvi stated before adding that he had ‘no idea’ how the scammer got hold of his personal details.
He also admitted that he was ‘very shocked’ to learn that the bank didn’t have any technology to distinguish who was calling them. ‘They should have realised this is very strange that a person is calling from a different number and pretending to be me,’ he continued.
In July last year, CBA introduced new AI technology that uses machine learning techniques to track down unusual changes to the way a customer interacts with their devices. According to CBA, customers develop ‘habits and patterns’ in relation to banking – specifically on keystrokes and the way they use a mouse. The bank said this is to keep customers safe against potential scams.
Dark web monitoring revealed that Mr Rizvi’s details had been leaked as part of the Medibank hacking scandal – and this included his passport, bank and email details. You may remember that late last year, a group of hackers hijacked the system of Medibank and stole the customer data of almost 9 million Medibank members.
The hackers then posted the information of hundreds of individuals to the dark web and told the insurance company that they will release more data unless they were paid a hefty ransom. More details about this story can be found here.
Mr Rizvi told reporters he informed the bank within 10 minutes of the incident happening and went to the police right after. ‘I should get the money back – it was not my fault. I couldn’t do anything else,’ he added.
‘I saved up money working two jobs. My whole family will suffer because they depend on me – I am sending money back home,’ he continued further.
Mr Rizvi also shared that CoinSpot’s fraud management team told him money had been deposited from four other accounts to the same recipient on the day his savings were stolen – suggesting that more people were scammed.
A spokesperson for CoinSpot said they will continue to work closely with the relevant authorities and reassured their customers that they do not provide specific details of individual accounts on their platform.
Bank of Queensland’s Customer Advocate Ben Griffin previously said that scammers will usually transfer funds offshore into cryptocurrency, which makes it ‘virtually impossible’ for banks to recover lost funds. This comes after a couple almost lost $146,000 in savings due to a sophisticated scam. You can read more about that here.
A spokesperson for CBA also told reporters that the ‘security of its customers remains a top priority’.
‘We invest in state-of-the-art fraud prevention and detection technology and have a dedicated team who actively monitor unusual or suspicious activity,’ they stated.
‘However, it is widely recognised that scams are becoming increasingly sophisticated. This has prompted increased investment across the sector in resources, systems, data, and intelligence to combat scams and alert the Australian public to the risks the community faces,’ they said.
The spokesperson added that CBA’s process is to fully reimburse customers as ‘quickly as possible’ to minimise inconvenience.
We can only hope that something like this never happens to anyone in the SDC community – but if it does, we recommend you contact your bank immediately and request help from the ACCC here.
But unfortunately, that’s exactly what happened to one Tasmanian man – who had his entire $40,000 life savings stolen in a matter of minutes.
Syed Rizvi, a 26-year-old electrical engineer, was going about his business one day when he received a heart-stopping wake-up call from his bank.
According to his bank, his transfer limit had been increased to $50,000 – a discovery that ‘shocked’ him since he did not request it.
‘I was left with no money and just before Christmas. I didn’t even have money to put petrol in the car,’ Syed shared with reporters.
The man was horrified to learn that his savings had been stolen. Credit: Anna Tarazevich/Pexels
Syed immediately checked his Commonwealth Bank account and discovered that $30,000 had already been transferred out.
He ‘panicked’ and called his bank immediately but noticed that another transaction – this time amounting to $9,860 – had been transferred from his account. And just like that, his entire life savings accumulated over four years were gone in a flash.
All of this happened while he was still on a call with his bank.
Upon checking, he noticed that the money was transferred into a CoinSpot account, which is a popular cryptocurrency exchange platform in Australia. Two-factor authentication did not kick in because Syed already made a previous transfer to the cryptocurrency exchange.
The man told reporters that he drove to the police station to report the crime before finally speaking to a CBA customer service representative an hour and a half after his account was frozen.
Syed lost his life savings. Credit: Towfiqu barbhuiya/Pexels
‘I planned to go on a holiday during the new year but I couldn’t go as I was left with no money,’ he explained. Mr Rizvi added that this incident even affected his mum who had to go to the hospital because she had been ‘so depressed’ upon learning what happened.
‘I couldn’t pay my rent as well. Now I don’t know if I will get my money back.’
As investigations were underway, Mr Rizvi was told by the CBA’s fraud team that the scammer had called and managed to impersonate him by supplying personal details and increasing his transfer limit from $1,000 to a staggering $50,000.
‘They ask only three questions: Your full name, date of birth, and residential address so any person can know these things,’ Mr Rizvi stated before adding that he had ‘no idea’ how the scammer got hold of his personal details.
The scammer wiped out his savings. Credit: Tara Winstead/Pexels
In July last year, CBA introduced new AI technology that uses machine learning techniques to track down unusual changes to the way a customer interacts with their devices. According to CBA, customers develop ‘habits and patterns’ in relation to banking – specifically on keystrokes and the way they use a mouse. The bank said this is to keep customers safe against potential scams.
Dark web monitoring revealed that Mr Rizvi’s details had been leaked as part of the Medibank hacking scandal – and this included his passport, bank and email details. You may remember that late last year, a group of hackers hijacked the system of Medibank and stole the customer data of almost 9 million Medibank members.
The hackers then posted the information of hundreds of individuals to the dark web and told the insurance company that they will release more data unless they were paid a hefty ransom. More details about this story can be found here.
Mr Rizvi told reporters he informed the bank within 10 minutes of the incident happening and went to the police right after. ‘I should get the money back – it was not my fault. I couldn’t do anything else,’ he added.
‘I saved up money working two jobs. My whole family will suffer because they depend on me – I am sending money back home,’ he continued further.
Mr Rizvi also shared that CoinSpot’s fraud management team told him money had been deposited from four other accounts to the same recipient on the day his savings were stolen – suggesting that more people were scammed.
A spokesperson for CoinSpot said they will continue to work closely with the relevant authorities and reassured their customers that they do not provide specific details of individual accounts on their platform.
Bank of Queensland’s Customer Advocate Ben Griffin previously said that scammers will usually transfer funds offshore into cryptocurrency, which makes it ‘virtually impossible’ for banks to recover lost funds. This comes after a couple almost lost $146,000 in savings due to a sophisticated scam. You can read more about that here.
A spokesperson for CBA also told reporters that the ‘security of its customers remains a top priority’.
‘We invest in state-of-the-art fraud prevention and detection technology and have a dedicated team who actively monitor unusual or suspicious activity,’ they stated.
‘However, it is widely recognised that scams are becoming increasingly sophisticated. This has prompted increased investment across the sector in resources, systems, data, and intelligence to combat scams and alert the Australian public to the risks the community faces,’ they said.
The spokesperson added that CBA’s process is to fully reimburse customers as ‘quickly as possible’ to minimise inconvenience.
.png){kind=icon}
