A hard-working Australian who lost his entire pension fund, worth more than $100,000, to a hacker has had his savings restored and his retirement plans are now back on track.
Melbourne data scientist Aaron Willcox, 43, was alarmed when he sat down to complete his tax return on July 10 only to discover his retirement savings had completely disappeared.
The mysterious cybercriminal also claimed hundreds of dollars from the Australian Taxation Office (ATO) in his own bank account.
Mr Wilcox was left reeling after his security and privacy were breached and feared he would have to work until the day he died.
Incredibly, Mr Wilcox told Daily Mail Australia that Hostplus, his superannuation provider, was able to recover the money late last month.
Mr Wilcox explained that the ATO’s internal fraud team also assisted by implementing several security measures to lock down his account.
Asked how he felt, he said he is now “confident” about his financial future.
“That’s comforting, for sure, but the anxiety about identity is still present,” Wilcox said.
Aaron Willcox, 43 (pictured), said he is relieved to have his retirement savings back after a hacker stole more than $100,000 of his retirement balance.
“I was lucky to get my money back.”
Mr Wilcox said he has now changed his bank account and will also need to get a new mobile phone number.
Your ATO account has been blocked and can only be accessed via the myGov app on your phone.
The account is also protected by two-factor authentication and the MyGov digital passcode and has now been re-linked to your super account.
Mr Wilcox issued a stark warning to Australians to take responsibility for their own digital footprint online and urged the government to do more to protect personal data.
He also encouraged people to use the myGovID app to protect themselves from hackers and suggested super accounts should be allowed to be linked to ATO accounts.
Previously, Mr Wilcox told the Daily Mail the first sign something was wrong was when he tried to log in to the ATO via MyGov but was bombarded with error messages.
You tried to use your super account to verify your identity, but you were prevented from logging in.
Worried, Mr Willcox logged into his Hostplus account (named the best retirement fund of the year by Money magazine) and discovered his retirement savings had been stolen.
All that remained were four documents describing how the funds had been transferred to another account, one that was not his.
Mr Willcox said he was “shocked” and “in disbelief” when asked how he felt at the time.
Mr Willcox, 43 (pictured), discovered money had been stolen from his Hostplus account when he sat down to do his tax return in June.
He informed the ATO and Hostplus about what had happened and both organisations launched investigations.
Her superfund account was cancelled and her ATO account had already been frozen.
“It’s really scary that someone got in and I’m still wondering how,” Willcox said.
“Not only did they get super, but they also got other payments from the ATO.”
He said it is difficult for ATO officials to provide him with information on exactly how his account was compromised as it could expose security breaches.
Mr Willcox said his retirement plans had been completely derailed by his ordeal at the time, until he fought to get his money back.
“You feel invaded,” he said.
A Hostplus spokesman previously said staff prevented the stolen money from being transferred and were working to get the money back to Mr Wilcox.
“This issue was not caused by a breach of our systems or controls, but rather occurred as a result of a compromised myGov account,” the spokesperson said.
‘The security of the myGov platform is outside of Hostplus’ control; however, proactive monitoring is maintained to identify and mitigate unauthorized transactions on our members’ accounts.’
Mr Wilcox has issued a stark warning to Australians to take responsibility for their own digital footprint online and urged the government to do more to protect personal data (file image)
An ATO spokeswoman declined to comment on Mr Willcox’s case for privacy reasons.
“When the ATO has information that a taxpayer’s identity may be compromised, we activate strict security measures to protect the taxpayer,” he said.
Australians lost more than $2.7 billion to scams in 2023 and more than 600,000 scam reports were made, according to an ACCC report.
Australians have been hit by three main types of superannuation scams: fake superannuation investment accounts, early access scams where people are tricked into making early withdrawals, and fraud, according to a consumer watchdog.
Jo Brennan, chief executive of Aware Super, said all retirement funds should have multi-factor authentication (MFA) to ensure the account is protected.
MFA is a security measure designed to protect users by requiring them to provide two or more types of identity before being granted access to a website.
“Implementing MFA creates some additional complexity for logging in members, but the benefits and risk mitigations significantly outweigh these costs,” he said. Choice.
The hacker managed to access Mr Wilcox’s retirement savings by accessing his MyGov account (file image)
Australians are urged to protect themselves from major scams by checking their account balances regularly, using strong passwords and not dealing with unlicensed superannuation fund managers.
Anyone who has been targeted by someone trying to access their superannuation fund should contact their superannuation fund, Scamwatch or the ATO.