Remote Access Scams: A Real-Life Case Study

How Jane* fell victim to a remote access scam

Jane*, aged 80, from Essendon, Melbourne received an unexpected call from a man calling himself Ben. Ben claimed he was a specialist from Telstra’s technical department. Ben advised Jane that he had detected a security breach from Jane’s computer and that her IP address had been compromised — which indicated a “hacker” was trying to steal her personal information in order to access her bank accounts.

What followed was an unfortunate yet all-too common example of what is known as a ‘remote access scam’:

  • Ben informed Jane that he needed remote access via a screen-sharing application on her computer to have a closer look to fix the issue. Understandably fearful, Jane allowed Ben to guide her to a website where he prompted her to download and install a remote access program, TeamViewer — which would give Ben full control of Jane’s computer.
  • Ben instructed Jane not to touch her computer for a couple of hours while he pretended to fix the “serious problem.” After Ben ‘fixed’ Jane’s computer, he told her that there was indeed a “hacker” based in Russia trying to access her personal details. He then showed Jane a web page full of fake ‘hacking’ reports and a photo of the alleged hacker — an image he had previously saved from Google.
  • Ben then claimed to be working with the police to set up a covert sting operation to catch and arrest this fictional hacker. He told Jane that in order to do this, he needed to use Jane’s bank account to send money to the hacker to discover his location. Ben insisted that if Jane told her bank or the authorities, the ‘hacker’ would know and release her personal details onto the internet. Ben asked a frightened Jane to sign into her online banking, reassuring her it was safe to do so. However, the TeamViewer software and other items Ben had now installed on Jane’s computer would give him full access to and control over her online banking. In a state of panic and still fearful of the entire ordeal, Jane agreed.
  • Once Jane logged into her online banking, Ben instructed her not to touch anything. During this time, Ben was secretly recording all of Jane’s financial and personal information — including her drivers licence, passport details and passwords to many other accounts such as her email and social media.
  • Under the pretence of sending $10,000* from Jane’s linked savings account to her everyday account that she would “see as credit,” in reality, Jane did not receive a credited amount of $10,000 and instead it was Jane’s money Ben moved between accounts. Ben then requested to transfer the ‘credited’ $10,000 to the alleged hacker’s account and advised Jane that her bank would send her the two-factor authentication code needed to approve the transfer to the new payee: “the hacker.” Jane didn’t realise it was her own money that was going into the supposed hacker’s account — and that Ben was actually stealing her money.
  • Jane’s bank contacted her to confirm the unusual transfer. With Ben on the other line, he coaxed her to lie to her bank and say that she knew who she was transferring her $10,000 to — by informing her that she risked a fine or even jail for impeding an investigation if she did not cooperate.
  • With the remote access scam transaction completed, Ben advised Jane that he could “catch the hacker now” and hung up. By the time Jane realised she was missing $10,000 out of her account and contacted her bank, it was too late for the bank to intervene and help recover the funds.

In summary:

Jane lost $10,000 to a remote access scam. Not only are these funds unlikely to be recoverable, but Jane’s computer is now compromised with the risk of malware and keylogger applications. This means Jane is still open to the theft of her personal information, which includes government-issued identification such as her drivers license, passport, Medicare and TFN. This also means Jane is at risk of identity fraud. Bank accounts could be opened in her name without her knowledge, affecting her personal credit. Her personal social media and email accounts may be accessed and compromised. This could potentially take Jane years to recover from.

What you can do to avoid falling victim:

  • Hang up on the caller. Don’t feel rude — if you don’t know them, better safe than sorry.
  • Be wary of any software that you are downloading to your device. A good rule of thumb in to NEVER download software that gives someone else access to your device.
  • Call the organisation on the registered contact number to verify the call.
  • Never provide your banking details or two-factor authentication code to anyone (no reputable person or entity including law enforcement will ever ask for your banking logins, passwords or two-factor codes).
  • Never allow anyone to transfer money from your account.

*The story above is based on one or more real-life scam reports received. For privacy purposes real names, dollar amounts and images of victims have not been used.

If you believe your security has been compromised or that you have fallen victim to a scam, contact us immediately on 1300 747 747 (Mon-Fri 7am-7pm and Sat 9am-5pm).