An Australian worker is reeling after a hacker stole his entire $100,000 pension and now fears he may have to work until the day he dies.
Melbourne data scientist Aaron Willcox, 43, was alarmed when he sat down to complete his tax return last Thursday and discovered his retirement savings had completely disappeared.
But that wasn’t all: the mysterious cybercriminal also claimed hundreds of dollars from the Australian Taxation Office (ATO) in his own bank account.
Willcox told the Daily Mail Australia that the first sign that something was wrong was when he tried to log into the ATO via MyGov, but was bombarded with error messages. He tried using his Super account to verify his identity, but was unable to log in.
Worried, Mr Willcox logged into his Hostplus super account (named best super fund of the year by Money magazine) only to discover his retirement savings had completely disappeared.
All that was left were four documents describing how the funds had been transferred to another account, one that was not his.
Asked how he felt at the time, Mr Willcox said: “Shocked… disbelief.”
Melbourne resident Aaron Willcox, 43, (pictured), discovered his retirement savings had been emptied from his Hostplus account when he sat down to do his tax return last Thursday.
He immediately notified the ATO and Hostplus of what had happened, and both organisations launched investigations.
Your super fund account has now been cancelled and your ATO account has now been frozen.
“It’s really scary that someone got in and I’m still wondering how,” Willcox said.
“Not only did they get super, but they also got other payments from the ATO.”
Mr Willcox said he does not know what personal data the hacker now has and is “hopeful” his money will be recovered.
“The only small ray of light was… the lady from Hostplus who said it looked like they had found the money,” he said.
The incident could also force him to change most of his personal data, including his mobile phone number and email address, and he is in limbo over whether he will have to change his tax file number.
Mr Willcox fears his retirement plans have been completely derailed by his ordeal.
“You feel invaded,” he said.
Mr Willcox (pictured) fears his retirement plans have been completely derailed by his ordeal.
A Hostplus spokesperson confirmed that staff have prevented the stolen money from being transferred and are working to get the money back to Mr Wilcox.
“This issue was not caused by a breach of our systems or controls, but rather occurred as a result of a compromised myGov account,” the spokesperson said.
‘The security of the myGov platform is outside of Hostplus’ control; however, proactive monitoring is maintained to identify and mitigate unauthorized transactions on our members’ accounts.’
An ATO spokeswoman declined to comment on Mr Willcox’s case for privacy reasons.
“When the ATO has information that a taxpayer’s identity may be compromised, we activate strict security measures to protect the taxpayer,” he said.
Australians lost more than $2.7 billion to scams in 2023 and more than 600,000 scam reports were made, according to an ACCC report.
Australians have been hit by three main types of superannuation scams: fake superannuation investment accounts, early access scams where people are tricked into making early withdrawals, and fraud, according to a consumer watchdog.
The ATO and Hostplus are currently investigating the attack as a cybercrime incident (file image)
Jo Brennan, chief executive of Aware Super, said all retirement funds should have multi-factor authentication (MFA) to ensure the account is protected.
MFA is a security measure designed to protect users by requiring them to provide two or more types of identity before being granted access to a website.
“Implementing MFA creates some additional complexity for logging in members, but the benefits and risk mitigations significantly outweigh these costs,” he said. Choice.
Australians are urged to protect themselves from super fund scams by checking their account balances regularly, using strong passwords and not dealing with unlicensed super fund managers.
Anyone who has been targeted by someone trying to access their superannuation fund should contact their superannuation fund, Scamwatch or the ATO.
Daily Mail Australia has contacted Federal Government Services Minister Bill Shorten for comment.
Mr Willcox said he was bombarded with error messages when he tried to log into the ATO via MyGov (file image)