After the harrowing experience of having hackers steal his life savings, through taking over control of his phone without him realising, a Sydney man is asking others to be on guard.
Suddenly losing signal on his iPhone was initially confusing for Mark Donnelly, 46. In reality, hackers were clearing out his bank accounts to the eye-watering amount of $35,000.
Mr Donnelly, who is currently a nurse and frontline worker at Westmead Hospital in Western Sydney, thought it would be a straightforward matter of going to the Optus store to see why his phone was stuck on “SOS only” mode – his connection was completely gone.
An employee at Optus replaced Mr Donnelly’s SIM card, resulting in a quick fix to the issue, but the nurse still wanted to understand what had triggered the problem with his original SIM.
Worryingly, it was discovered that the nurse had been the target of a “SIM swap” hack.
As security analysts start to uncover more of these attacks, the process is becoming clearer. What the scammer had done was gain control of Mr Donnelly’s SIM card remotely and subsequently stole his personal phone number. The scammer then utilised this control to redirect the nurse’s bank accounts to their own phone.
The nurse believes that the hacker was somehow able to uncover his date of birth and other crucial pieces of information, which equipped them to activate an eSIM card with his provider Optus by falsely proving their identity was his.
Speaking to 9News, he said, “I’m devastated.”
All the information that the hacker provided to Optus matched what the phone company had in their records, so they permitted the anonymous person a remote SIM card.
The spiral of exploitation didn’t stop there. Now commanding Mr Donnelly’s phone, the scammer delved deeper into the nurse’s personal details, such as crucial immigration documents which included his UK passport.
Mr Donnelly’s worries continue and he is dismayed to think that his private information will likely be sold on the dark web, increasing the potential of future hacks.
When asked to comment on the matter, Optus said that these circumstances are tricky due to the person’s information already being held by the hacker.
A spokesperson commented, “In the vast majority of instances, an individual’s personal information is often already compromised, making it easier for fraudulent activity to occur.”
The scammer drained a total of $35,000 from the nurse’s three bank accounts, transferring that money into a cryptocurrency platform, where – once converted into bitcoin – the funds are impossible to trace and recover.
However, the hacker didn’t stop there. They siphoned more money by raising the spending threshold on Mr Donnelly’s ZipPay account and attempting to mimic that move in his Afterpay account.
Mr Donnelly also told 9News that in a fresh low, the thief attempted to open a new bank account in his name.
The scammer also tried to take back control of Mr Donnelly’s new SIM card.
In a ray of silver lining, Mr Donnelly was able to recover most of his lost savings – $26,000 from ANZ, $4,000 from ING and another $1,700 from Bendigo Bank.
Currently, Optus has only been willing to provide the nurse with a total of $80 in compensation for the ordeal.
Commenting on their response to ‘SIM swap’ attacks, Optus has conveyed they have recently “strengthened its processes” in counteracting them.