‘I’ve been hacked: Here’s what I did to secure my account and get my money back’

On Thursday, August 19, I purchased an item through Amazon. It was one of three previous purchases and I was so impressed with the quality of the items and the speed of delivery. At the time of purchase, I also took up the offer of a 30-day free trial with Amazon Prime.

Later in the morning, I received a text message saying my bank account was to be debited for $99.99. I logged into my Amazon account; clicked on the box for Customer Support, and was spoken to by a man named ‘Roger’, who had a thick foreign accent. I believed I was speaking with a bonafide customer support employee of Amazon Australia.

Roger asked me to type in this and that, and before I knew it he had remote access to my desktop computer. I was immediately uncomfortable about this, so turned my computer off. However, when I turned it back on again, he still had access.

Roger had take the time to leave me a message on the computer’s Notepage.

“Mam (sic), don’t touch the new emails … Please. And don’t turn off your computer. Do your normal work. Thank you so much, Mam … Don’t shut down your computer Mam.”

I demanded he send me proof of his identity. He provided me with the following information:

“This is Amazon Customer Support … Name: Roger Radcclife. ID: AMZ0108199920.”

I asked for him to provide me with a photograph of himself and a direct phone number for Amazon and said, “I don’t appreciate my computer being commandeered.”

Despite saying he would, Roger did not provide me with any further information.

What he did do, was access my PayPal account. On the 19th, he purchased two PayPay Gift cards (each to the value of $200), and on the 20th he purchased another to the value of $500. My bank account was debited in the amount of $900!

I am on a disability support pension and it had been paid into my account on August 19.

First, I contacted my computer technician who told me over the phone how to disable the programs the hacker had installed. Then, I called the bank (who immediately cancelled my debit card), following which I contacted PayPal who put through an immediate claim for resolution. PayPal acknowledged that these purchases were fraudulent on August 24 and the $900 was returned to my bank account.

I can’t begin to describe the distress and anxiety I felt, not to mention the tears I shed over the matter. I’ve since discovered that the hack originated in Hong Kong.

My bank couriered the replacement debit card, and as a gesture of goodwill, advised that should my account go into overdraft due to direct debit payments, any interest charged would be waived.  The institutions and organisations I contacted for assistance acted compassionately, promptly and with a complete understanding of the predicament I had found myself in. I can’t thank them enough.

No one was at fault. We had all suffered at the hands of a very smart computer hacker who’s probably never earned an honest dollar in his life. The likelihood is he never will.

Tips to protect yourself against remote access scams

Remote access scams (also known as technical support scams), such as this one, usually involve a scammer calling the victim or getting the victim to call them to get access to the victim’s computer with the aim of stealing their money. These scams are particularly dangerous because in addition to stealing your money, the scammer can continue to access your computer and cause more harm. Anyone can be the target of a remote access scam.

To protect yourself:

• Keep your computer up-to-date with the latest software updates, anti-virus software and a good firewall
• Never give your credit card or online account details over the phone (unless you made the call and you’re using a phone number from a trusted source)
• Never give remote access to your computer, even if they claim to be from a well-known business.

Where scams should be reported

If you’ve been the victim of an online scam or identity crime, the Australian Competition & Consumer Commission (ACCC) has some useful advice. You can report scams to the ACCC’s ‘Report a scam’ webpage as well as report it to the appropriate agency to help warn others.

• Banking scams can be reported to your bank or financial institution
• Centrelink, Medicare and myGov related scams should be referred to the Services Australia Scams and Identity Theft Helpdesk (telephone 1800 941 126)
• Cybercrime can be reported to ReportCyber
• Financial and investment scams should be referred to the Australian Securities and Investments Commission
• For fraud and theft, contact your local police link on 13 14 44
• Cyberbullying, illegal content and any image-based abuse should be reported to the Office of the eSafety Commissioner
• Spam should be directed to the Australian Communications and Media Authority
• Tax-related scams are to be reported to the Australian Tax Office.