When you think of a scam victim, Monique Svenson is not the typical person who comes to mind.
The 37-year-old small business owner and mother of two is the daughter of a bookkeeper and scientist.
“I’ve been around people who run their own businesses and I know to check balances,” she told ABC News.
“I work full time for myself, I have staff, I have multiple bank accounts, I have a branch manager, I have accountants, I invest in shares. The banking world feels very familiar to me.”
And yet, despite feeling confident in the world of cyber security, Ms Svenson very nearly lost thousands of dollars when scammers targeted her while on a family holiday.
The scenario they posed ‘seemed possible’
It started with a text message from her bank, or what she thought was her bank, saying there had been fraudulent activity on her account and asking her to call the number back immediately .
“I just had fraudulent charges on my account a few months ago, and I was caught up in the Optus data leak, so it didn’t seem out of the realm of possibility,” Ms Svenson said.
The text appeared in the same thread as other correspondence from the bank, which lulled Ms Svenson into a false sense of security.
This is a scamming tactic called ‘spoofing’ where scammers overstamp the legitimate number that they are calling or texting on, appearing as if you are receiving communication from the legitimate number.
“He (the scammer) followed the normal thread of name, email address et cetera, so it feels very familiar. They’ve obviously looked at what the bank says and imitated it perfectly,” Ms Svenson said.
“You get lulled into a false sense of security because you’re like, ‘yep, that sounds right’.”
So, believing it to be a legitimate bank representative, Ms Svenson pushed on.
The scammer then told her there was a device in Perth that was accessing her account and the only way to fix this was to re-register her device and deactivate the ‘fraudulent’ device.
Ms Svenson was then texted a link from the scammer to log into her online bank account. Convinced it was her bank on the line, and dropping in and out of reception while driving to her holiday destination, Ms Svenson clicked the link and logged in.
“The other thing that was going through my head was ‘I’ve never had this happen before’, so I don’t know what this process is,” Ms Svenson said.
And just like that, the scammer had access to her bank account.
Still feeding her the line that a device had to be removed from the account, the scammer asked Ms Svenson to read out the verification code on a text that was sent to her.
But a red flag popped up when Ms Svenson realised the code was to verify the transaction of all the money in her account, a number in the “thousands”, to an unknown account.
There was also an additional message at the bottom of the text that stated, “Do not read this code out to anyone, not even us.”
Upon reading the warning, Ms Svenson denied the scammer the code and asked to be sent the bank’s phone number so she could call back independently.
“If I was at my desk, it probably would have raised a red flag earlier but we’re driving through the mountains to our holiday and reception was very spotty. That interrupted the flow of what normally happens,” Ms Svenson said.
As a last-ditch attempt to get her back on the hook, the scammer threatened Ms Svenson by saying that any money taken from her account would not be the bank’s liability.
Undeterred, Ms Svenson called the number on her bank’s website and they immediately confirmed that she had very nearly fallen into the grasp of a scammer.
A lock was quickly put on all her accounts and her online banking account deactivated.