An Aussie worker is reeling after a hacker stole his entire superannuation balance of $100,000 – and now fears he will have to work until the day he dies.
Melbourne data scientist Aaron Willcox, 43, was alarmed when he sat down to complete his tax return last Thursday only to discover his retirement savings had completely vanished.
That wasn’t all – the mystery cyber-criminal also claimed hundreds of dollars from the Australian Tax Office (ATO) to their own bank account.
Mr Willcox told Daily Mail Australia the first sign something was amiss was when he tried to log into the ATO via MyGov – but was bombarded with error messages. He tried to use his super account to verify his identity but was blocked from logging in.
Concerned, Mr Willcox then logged into his Hostplus super account – named Money Magazine’s Best Super Fund of the year – only to discover his retirement savings were completely gone.
All that was left was four documents outlining how the funds had been rolled over into another account – one that wasn’t his.
Asked how he felt at that moment, Mr Willcox said: ‘Shocked… disbelief’.
Melbourne resident Aaron Willcox 43, (pictured) discovered his retirement savings had been drained from his Hostplus account when he sat down to do his tax return last Thursday
He immediately notified the ATO and Hostplus about what had happened – with both organisations launching investigations.
His super fund account has now been cancelled and his ATO account had already been locked.
‘It’s really scary that someone got in and I’m still wondering how,’ Mr Willcox said.
‘They’ve [hacker] not only got the super, they’ve got some other payouts from the ATO.’
Mr Willcox said he doesn’t know what personal details the hacker now has and he says he is ‘holding out hope’ his money will be recovered.
‘The only small ray of light was…the lady from Hostplus did say they looked like they might have found the money,’ he said.
The incident could also force to him to change most of his personal details, including his mobile number and email address, and he’s in limbo over whether he will have to change his Tax File Number.
Mr Willcox fears his retirement plans have now been completely derailed because of his ordeal.
‘You feel invaded,’ he said.
Mr Willcox (pictured) fears his retirement plans have now been completely derailed because of his ordeal
A Hostplus spokesman confirmed staff have stopped the stolen money from being transferred and they are working to have the money returned to Mr Wilcox.
‘This matter was not caused by a breach of our systems or controls, but occurred as a result of a compromised myGov account,’ the spokesman said.
‘The security of the myGov platform is outside of the control of Hostplus however, proactive monitoring remains in place to identify and mitigate unauthorised transactions on our member accounts’.
An ATO spokeswoman declined to comment on Mr Willcox’s case due to privacy reasons.
‘When the ATO has intelligence that a taxpayer’s identity may be compromised, we activate stringent security measures to protect the taxpayer,’ she said.
Australians lost more $2.7billion to scams in 2023 and over 600,000 scam reports were made according to a report by the ACCC.
Aussies have been affected by three main types of superannuation scams – fake super investment accounts, early access scams where people are tricked into making early withdrawals, and fraud, according to a consumer watchdog.
The hack is currently being investigated by the ATO and Hostplus as a cybercrime incident (stock image)
Aware Super CEO Jo Brennan said all super funds should have multi-factor authentication (MFA) to ensure the account is protected.
MFA is a security measure designed to protect users by asking them to provide two or more types of identity before they are given access to a website.
‘Implementing MFA does result in some added complexity for members logging on but the benefits and risk mitigations significantly outweigh these cost,’ she told Choice.
Aussies are urged to protect themselves from super scams by checking their account balance regularly, using strong passwords and not dealing with unlicensed super fund managers.
Anyone who may have been targeted by someone, who is trying to access their super, should contact their superfund, Scamwatch or the ATO.
Daily Mail Australia contacted the Federal Minister for Government Services Bill Shorten for comment.
Mr Willcox said he was bombarded with error messages when he tried to log into the ATO via MyGov (stock image)