A NSW woman says she has been unable to sleep after being scammed out of more than $40,000 and left fighting against the odds to get it back.
Thuy Le has two young children, aged six and 11, and a husband living with Parkinson’s disease who is unable to work. For 14 years she has operated Sparkle Nails and Beauty in Wollongong, but on November 24 last year her world was turned upside down.
A devastated Le told 7NEWS.com.au her nightmare started when she received a call from the ‘husband’ of a supposed customer claiming he had accidentally paid her $60 on behalf of his wife, and wanted a refund.
Watch the latest News on Channel 7 or stream for free on 7plus >>
Checking her Commonwealth Bank account and noticing a discrepancy, Le obliged, transferring the cash into an account supplied by the caller.
Despite not handing over any personal information, numbers or passwords, several more withdrawals were made from Le’s account into the same one supplied by the caller, who she now believes was a scammer.
Soon, $41,600 in life savings vital for her husband’s treatment and young children was stolen. She only realised the money was gone when she checked her account the next day.
“I am in financial hardship,” Le said of her three-month ordeal.
“I have two little kids, I have a husband with Parkinson’s disease, he cannot work. We are still in the process of applying for government help and I have carried the financial burden on my shoulders.”
Le said she was locked out of her main business account and called her bank when she realised what was happening.
Le said she felt the bank had placed the blame entirely on her despite the huge amounts leaving her account triggering no red flags within CBA and the mother handing over zero personal information.
To her dismay, the bank’s investigation found it was not liable for her losses.
CBA argued that all logins before the alleged scam transactions were done so on the first attempt, something that is “very remote and nearly impossible for an unauthorised third party to guess”.
It told her in a letter, “the only reasonable explanation for these logins would be that your online banking credentials were known to the unauthorised third party, which would be in breach of the passcode security requirements”.
The bank also argued that logins had been made from the CommBank app during the disputed period and Le should have been “reasonably aware” of changes to her balance.
“Had you reported the transactions immediately after the login … the chances of successfully recovering some of the funds would have been much higher,” CBA said.
“On the balance of probabilities, if you did not complete transactions yourself, you have provided NetBank credentials to a third party, who has gone on to perform the transactions.”
CBA said it would not comment on individual matters, and pointed 7NEWS.com.au to its scam awareness page.
Finding no luck with the bank, other than a $2000 offer to resolve the complaint, Le decided to make a report to the Australian Financial Complaints Authority (AFCA) in a desperate bid to have the money returned.
“I can’t sleep. I want to know why this happened to me and how it happened to me,” she said.
“I’m not a liar, not a criminal, not a fraud.
“My husband is not working. We need the money for medicine.”
Le’s case is eerily similar to that of a Melbourne mother who had $200,000 stolen from her bank account in 2022.
Donna Brain was ready to move into her new home when an unusual deposit was made into her Commonwealth Bank account.
Like Le, Brain received a call, this time from someone posing as a banker and asking for the money back.
The 56-year-old nurse returned the $210, with scammers somehow hacking her account and stealing $200,000.
“I don’t even know how it happened,” she said.
While the Victorian was at a loss as to how she was swindled, having not handed over NetBank numbers or passwords, cyber experts said criminals were evolving all the time, looking for any crack in bank security.
“With access to (Brain’s) device, the attacker could have extracted enough personally identifiable information that they could then set up an ‘authority to pay’ direct debit and/or make scheduled transfers,” Sophos global cybersecurity solutions spokesperson Aaron Bugal said in August.
“Alternatively, if they had gained remote access to her device, the attackers could change any new transfers once she logged into her bank to be redirected and increased.”
His advice if you see a random deposit is to call the bank directly.
Australians are being targeted all the time, with almost two thirds of people aged over 15 exposed to a scam in 2021-22, recent figures from the Australian Bureau of Statistics revealed.
Almost half were targeted over the phone (48 per cent) or by text (47 per cent).
ABS head of crime and justice statistics William Milne said that while more people were exposed to scams, fewer were responding to them.
“The survey shows that 2.7 per cent of Australians responded to a scam in 2021-22, down from 3.6 per cent in 2020-21,” Milne said.
While many are alert to signs of danger, scammers are scoring big when they do get their hooks in.
AFCA said the number of complaints it received had increased from 340 a month in the 2021-22 financial year to 400 per month since July.
“It’s not just the volume of complaints involving scams that is increasing, but also the sums involved,” AFCA’s chief executive David Locke said.
“People are losing home deposits and retirement savings. We know that vulnerable people can be just as devastated by the loss of money they’d set aside for bills.
“This mustn’t continue, and we encourage all banks to consider what further steps they can take.”
Last month, the CBA announced it was introducing new technology to combat the scam wars waged on digital platforms.
One of those is NameCheck, which the bank said would fight false billing scams by indicating whether names and account details look legitimate. The change will come into effect in late March.
“When (customers) transfer money online many people assume the intended recipient’s account name is checked as well as the BSB and account number, but in most cases this is not possible. We now have the data and technology to improve this,” CBA group executive of retail banking Angus Sullivan said.
The bank has also launched in-app caller verification technology through a feature called CallerCheck, which should provide customers with peace of mind that their bank is genuinely contacting them.
Le said she wanted to tell her story not only in the hope of finding answers, but as a cautionary tale to others.
“I want to warn other people that this can happen to them,” she said.
If you’d like to view this content, please adjust your .