I’ve been working in the digital space for long enough to feel pretty au fait with email scammers and fake websites – definitely long enough to flippantly roll my eyes when my husband innocently asks if clicking on a text message will release cookies into his phone (or biscuits as he endearingly calls them). Or so I thought.
And I’m not quite sure if it was because I was travelling overseas on my own, the fact that it was 3am, or the coincidence that my Qantas money card had failed twice the day before leaving me scrabbling for enough euros to board the bus – or perhaps it was simply the perfect trifecta? Whatever the reason, when Stuart* from Westpac bank put in the call to my mobile, he very nearly went home the winner.
*Not his real name – nor, as it turns out his genuine workplace
“Stuart from Westpac Bank Fraud team here, ma’am. My apologies for disturbing you but we have reason to believe you have been the victim of a Phishing scam and we need to secure your accounts with us.” Struggling to wake up, I scrabbled out of bed and fired up internet banking.
“Have you authorised a payment to TempCover for $84.25?” TempCover…hmmm – could be something work related, but not familiar.
“What about a payment to Powerleague in the UK?” My phone was dinging with the exact payment authorisations as I wondered dimly if my boys were online downloading something for the PS4. “No, I don’t think I’ve authorised those payments,” I told cool-as-a-cucumber Stuart. He didn’t miss a beat as he informed me I would shortly receive a text message from Westpac confirming his role in assisting me today. Text message received on cue.
Naturally, I would allow him to block my accounts so he could protect me from the scammers who had infiltrated my phone and were now watching my every move – who wouldn’t?
As I mentioned earlier, I consider myself to be fairly alert to scams, however my new pal Stu was next level slick. He had a detective-like Pommy accent and was extremely polite. He used all the correct terminology, even warning me that the call would be recorded for training and security purposes.
“I just need you to log on and read out the last three transactions on your primary account,” he asked calmly, and of course I dutifully replied.
“Can you confirm how many accounts you have with Westpac?” he asked.
“And the total amount in each of your accounts?” – clue one, albeit I was too distracted desperately scanning my accounts for missing money and dodgy withdrawals to notice.
“Now Mrs Preston, I need you to remain calm and follow my instructions so we can secure your accounts. Any transactions made by the phishers during this call will be fully refunded to you so long as you remain on the line.” – clue two? It certainly curtailed my first attempts to double check what was happening by making a call home.
Okay, okay, don’t hang up, I thought; meanwhile wondering if I could text my husband while on the call without the scammers seeing my message.
“The scammers can see everything you are doing on your phone.” Stuart was reading my mind.
I’m rather ashamed to admit that I went so far as to actually type in the BSB Stuart calmly read out to me into the pay anyone fields, carefully following his instructions for the name he painstakingly confirmed, letter by letter using the NATO alphabet. This, he explained, would set up a new, safe BSB and account number for me, and also allow them to catch the scammers in the act.
I’m not quite sure why my befuddled brain suddenly kicked in (it was nearly 4 am by now). Perhaps I was just desperate to not have my Visa card cancelled while in Italy (now there’s a real disaster!)? Whatever the reason, I quickly managed to text my cookie-suspicious husband and asked him to call the bank – without hanging up. Remember, I was terrified that a transaction was going to occur at any moment and be incepted by my hero Stu and his detective mates.
Moments before I transferred a sizable sum into Stuart’s eager arms I paused, and finally connected the dots. The amount he told me to transfer as a test was just slightly less than the amount in that account – which of course I had told him myself! Clue three.
The BSB was all wrong – it wasn’t even a Westpac account! The vague recollection of an Optus data leak popped into my head and simultaneously my husband texted, telling me the bank hadn’t been able to confirm any suspicious actions on our account and just in the nick of time, I hung up the phone and cancelled the transaction.
Retrospect is a marvellous thing, and of course I really can’t believe how easily duped I was! He was pretty persistent, my little Pommy friend and rang a further 8 times in the following hour. Fortunately, I turned off my phone and went back to sleep. When I received a similar call a few days later, I was prepped and ready!
“Hello ma’am, Westpac Bank Fraud Team here, we’d like to record this call for training and security purposes, is that ok?”
“Sure, that’s fine, just give me your number at Westpac and I’ll call you right back,” I was confident this time… and the line was instantly dead.
Report any scams to https://www.scamwatch.gov.au/
