'I simply clicked the link': Man shares how one email put his Centrelink payments at risk
By
Maan
- Replies 65
Online scams are becoming increasingly sophisticated, catching even the most cautious among us off guard.
Staying informed is the first step to protecting yourself and your loved ones from potential fraud.
Here’s a story that highlights the importance of vigilance and the lessons we can all learn. Read on.
Even the most vigilant can fall victim to online scams, as retired University of Western Australia employee Jeff Pollard discovered.
Despite his familiarity with online safety, a convincing phishing email led him down a path of fraud that impacted his Centrelink payments.
The trouble began when Mr Pollard received an email that appeared to be from myGov, claiming he had received a notification from Centrelink.
Believing it was related to previous communications with the agency, he clicked on the link.
‘I had been providing some requested information, so thought it was a follow-up to that and I simply clicked the link in the email,’ he said.
The link directed him to a fake myGov website that mimicked the real one perfectly. He entered his login details, including his password, and soon received an SMS containing a six-digit security code.
This layer of protection, known as two-factor authentication, is designed to safeguard accounts, but it became part of the scam.
As Mr Pollard entered the code into the fraudulent site, the scammers likely used it to access his legitimate myGov account. Once in, they prompted him to set up security questions and upload copies of his driver’s licence.
‘At this point, it seems they had everything they needed to hijack my identity completely,’ Mr Pollard said.
Initially, he dismissed messages about new devices and passkeys as routine responses to his earlier interactions with Centrelink.
However, the scam escalated when he received a notification about a tax refund supposedly due to him. This raised red flags, prompting him to contact the Australian Taxation Office (ATO).
The ATO placed his tax details under a security watch, but the damage had already been done.
‘I did not receive my age pension on the normal date,’ Mr Pollard revealed.
Further investigation showed payments from his account, including a $1200 advance, had been redirected to suspicious bank accounts.
Acting quickly, Mr Pollard contacted Centrelink, which locked his account. Within days, the agency restored his missed payment and began investigating the fraudulent activity.
Reflecting on his experience, Mr Pollard offered some advice to others: ‘Never click on a link unless you genuinely know it is legitimate and have spoken to someone first. From now on, I will always type in the name of the website on my computer. That, really, is the only way I know the website is the real thing.’
The incident underscores how phishing scams can deceive even the most cautious individuals, using sophisticated tactics to exploit trust and access personal data.
Reporting the scam to Centrelink proved crucial, but earlier vigilance could have prevented much of the ordeal.
Previously, we covered the story of a woman who lost $39,000 in a matter of minutes to an elaborate scam. Her experience serves as another stark reminder of how easily anyone can be targeted by fraudsters.
Read the full story here.
Have you or someone you know ever encountered a similar situation? Share your experience in the comments.
Stay informed and protected against the latest scams with the SDC’s Cybersecurity for Aussies Over 60 modules. Find out more here.
Staying informed is the first step to protecting yourself and your loved ones from potential fraud.
Here’s a story that highlights the importance of vigilance and the lessons we can all learn. Read on.
Even the most vigilant can fall victim to online scams, as retired University of Western Australia employee Jeff Pollard discovered.
Despite his familiarity with online safety, a convincing phishing email led him down a path of fraud that impacted his Centrelink payments.
The trouble began when Mr Pollard received an email that appeared to be from myGov, claiming he had received a notification from Centrelink.
Believing it was related to previous communications with the agency, he clicked on the link.
‘I had been providing some requested information, so thought it was a follow-up to that and I simply clicked the link in the email,’ he said.
The link directed him to a fake myGov website that mimicked the real one perfectly. He entered his login details, including his password, and soon received an SMS containing a six-digit security code.
This layer of protection, known as two-factor authentication, is designed to safeguard accounts, but it became part of the scam.
As Mr Pollard entered the code into the fraudulent site, the scammers likely used it to access his legitimate myGov account. Once in, they prompted him to set up security questions and upload copies of his driver’s licence.
‘At this point, it seems they had everything they needed to hijack my identity completely,’ Mr Pollard said.
Initially, he dismissed messages about new devices and passkeys as routine responses to his earlier interactions with Centrelink.
However, the scam escalated when he received a notification about a tax refund supposedly due to him. This raised red flags, prompting him to contact the Australian Taxation Office (ATO).
The ATO placed his tax details under a security watch, but the damage had already been done.
‘I did not receive my age pension on the normal date,’ Mr Pollard revealed.
Further investigation showed payments from his account, including a $1200 advance, had been redirected to suspicious bank accounts.
Acting quickly, Mr Pollard contacted Centrelink, which locked his account. Within days, the agency restored his missed payment and began investigating the fraudulent activity.
Reflecting on his experience, Mr Pollard offered some advice to others: ‘Never click on a link unless you genuinely know it is legitimate and have spoken to someone first. From now on, I will always type in the name of the website on my computer. That, really, is the only way I know the website is the real thing.’
The incident underscores how phishing scams can deceive even the most cautious individuals, using sophisticated tactics to exploit trust and access personal data.
Reporting the scam to Centrelink proved crucial, but earlier vigilance could have prevented much of the ordeal.
Previously, we covered the story of a woman who lost $39,000 in a matter of minutes to an elaborate scam. Her experience serves as another stark reminder of how easily anyone can be targeted by fraudsters.
Read the full story here.
Key Takeaways
- A retired University of Western Australia employee fell victim to a phishing email disguised as a legitimate myGov notification, leading him to enter his personal details on a fake website.
- Scammers used his login credentials and two-factor authentication code to access his myGov account, set up new security measures, and request copies of his driver’s licence.
- Fraudulent activity included redirecting Centrelink payments, including a $1200 advance, to suspicious bank accounts before the account was locked.
- The victim emphasised the importance of typing website addresses directly and verifying links to avoid scams in the future.
Have you or someone you know ever encountered a similar situation? Share your experience in the comments.
Stay informed and protected against the latest scams with the SDC’s Cybersecurity for Aussies Over 60 modules. Find out more here.