Australian university student Sarah Towers says she was scammed out of nearly $3000 by someone with remote access to her mobile phone.
Watch the video to see more on how this Aussie student thinks she may have been hacked
Watch the latest News on Channel 7 or stream for free on 7plus >>
The Australian university student on minimum wage was studying for a maths test when she noticed her savings and the money she had put aside for bills draining from her account.
The series of suspicious transactions from London ranged from $200 to $900 on May 10.
She believes the scammer was able to remotely access her text messages and NetBank code.
“They managed to turn off my NetBank notifications which allowed them to get a NetCode without me ever knowing,” Towers said on TikTok.
Once inside the CommBank app, which allows users to register up to five devices at once, the scammer was able to add their phone so that they could make “authorised transactions”.
Only one user can use the app at a time despite this function, so once alerted to the scam it was a back-and-forth battle between Towers and the hacker to use the app.
She was finally able to gain access and change her pin code, but it was too late, and shortly after she was booted from the account again following too many incorrect pin entries from the hacker.
The first notification which alerted Towers to the breach wasn’t until after business hours, so Towers was forced to call the bank’s phone line for help and had no option where she lived to visit a branch.
“I did have to wait until Monday to go into a branch to help me, because they were no help over the phone,” she said.
“The branch I go to are super nice, I’m just so disappointed with their security and decision,” she wrote.
The initial notification from CommBank said that $204.32 had been withdrawn from Towers’ account by somebody in London, despite Towers never having left the country.
“I didn’t understand how my bank would allow that,” Towers said.
Towers immediately called the number provided to report suspicious activity but she was placed on hold for an hour and a half, “waiting for them to answer just so I could close my account”.
She had just $200 remaining in her account by the time her account was closed.
Disputing the outcome
Towers’ transaction dispute claim wasn’t reviewed by her bank until three weeks later, but with bad news for the penniless student.
The bank provided Towers with an outcome which claimed that because she was aware of the money leaving her account it was “authorised”, and she would therefore receive no compensation.
“As you can expect, that’s probably the worst possible outcome for me,” Towers said.
Towers made a report to the Australian Cyber Security Centre, but the website states that not all claims are investigated by the body.
She also made a complaint about the outcome to CommBank, which provides customers with a single opportunity for the case to be reopened with a case manager.
Towers’ case manager told her they will be escalating the case.
A Commonwealth Bank spokesperson told 7NEWS.com.au: “We are always very concerned when we are made of aware of frauds and scams affecting customers and the wider community.”
“We review frauds and scams on a case-by-case basis however it is widely recognised that scams are becoming increasingly sophisticated which has prompted increased investment across the sector.”
On Tuesday, Towers took to TikTok with her last update on the saga – she had been reimbursed by CommBank.
“My original video did a lot better than I was expecting, it reached quite a large audience, so large in fact that even the higher ups at Commonwealth Bank saw it,” Towers said.
She was reimbursed with the full amount lost in what she said the bank called “a gesture of goodwill”.
“Typically in my case they wouldn’t have given me back my money, which kind of also just confirms the fact that the only reason they’re giving it is because of the social media attention.”
Towers clarified that while CommBank staff who helped her throughout the dispute were “amazing”, she has now changed banks.