Australia markets open in 6 hours 7 minutes

    +56.30 (+0.69%)

    -0.0028 (-0.41%)
  • ASX 200

    +58.30 (+0.73%)
  • OIL

    -0.30 (-0.36%)
  • GOLD

    +5.90 (+0.24%)
  • Bitcoin AUD

    +5,018.55 (+5.65%)
  • CMC Crypto 200

    +50.53 (+3.98%)

Major ATO warning as more than $100,000 vanishes from worker's super: 'Violated'

Aaron is terrified he now has to start all over again after his super was stolen.

Aaron Willcox standing in the snow
Aaron Willcox is worried his retirement will have to be delayed if he can't get the money back. (Source: Supplied)

An Aussie worker made a discovery that would send a shiver down the spine of anyone with a superannuation account. Aaron Willcox's $100,000 nest egg has vanished.

The Melbourne man wanted to start doing his tax return last week but was confused when he couldn't log into his Australian Taxation Office (ATO) account. The ATO told the Melburnian this can happen when fraudulent activity is detected.

But Willcox had not received any messages that someone was trying to log into his account.

His confusion quickly turned to worry when he realised someone had not only logged in but changed the bank details in his ATO account and siphoned off hundreds of dollars.


"This happened in the last three or six months...and those bank accounts didn't belong to me," he told Yahoo Finance.

Willcox said the ATO guided him through resetting his account, which he did, and then it asked him for security documentation to prove his identity.

When he added his superannuation details, it said his account "didn't exist".

He quickly logged into his Hostplus account and discovered his entire superannuation fund had been drained.

"There was nothing there except for four documents, and those documents outlined how, on the 16th of June, someone had decided to roll over my super into another super fund and then close my account," he recalled to Yahoo Finance.

He said he's fairly "tech savvy" and has systems in place to protect his accounts and passwords. As a general rule, he also doesn't click on any link he's not 100 per cent sure of.

Have you been scammed like this? Email

Willcox is terrified that his entire identity has been stolen by a hacker somewhere in the world and he doesn't know how far down the rabbit hole it's gone.

"I feel violated and absolutely devastated," he said.

His super account had a balance of more than $100,000 and now Willcox has serious concerns for his future.

"What does retirement mean now?" he told Yahoo Finance. "Do I have to start again? Do I have to work till I die?"

The Melbourne worker's main concern is how someone was able to change his details on the ATO and Hostplus accounts without any prior contact from them.

"When they gain access to the ATO...I guess it's one of your most private possessions in some way," he said. "It's your setup, your nest egg.

"And they can just get in, and they're pushing out rollovers to whoever's super. And they've [ATO and Hostplus] just accepted that it's all great."

He added that the security documents didn't even have his signature on them.

The ATO and Hostplus told Yahoo Finance they are investigating the security breach and Willcox said he just has to play the "waiting game" until there's a resolution.

Get the latest Yahoo Finance news - follow us on Facebook, LinkedIn and Instagram.

Consumer group CHOICE claimed not all super funds thoroughly check ID, "even for high-risk actions like moving super into a new fund".

Willcox's horror experience could soon hit other Aussies.

Jo Brennan, chief operating officer at Aware Super, said hackers trying to get into Aussies' super accounts "is one of the most rapidly emerging threats to members".

She's urged everyone to set up multi-factor authentication to protect themselves from unauthorised transactions and scams.

There are three distinct types of superannuation scams in Australia at the moment:

  • An account holder can be tricked into transferring their super to a scammer after being promised the money would have a big return on investment

  • Scammers can convince someone to withdraw their super early illegally and the criminal can charge a high fee or use the process to steal the person's private information, which can be used down the track to steal more money

  • Fraud or identity theft is the third type where hackers gain access to a person's account without their knowledge and then steal personal information or money

If an investigation into superannuation fraud ends without the desired resolution, you can make a formal complaint to the Australian Financial Complaints Authority (AFCA).

The AFCA can force a super fund to repay a victim if the fund is liable for the loss.

Aussies lost $2.7 billion to scams last year, with 601,000 cons reported to authorities, according to a new report from the Australian Anti Scam Centre.

That's down from a record $3.1 billion the year previous, however, the number of scams reported went up by 18.5 per cent. Over 65s were the hardest hit and only group to take a higher loss in the last year.

Investment scams are the most prolific, with $1.3 billion lost, followed by remote access scams ($256m) and romance scams ($201.1m).

Scamwatch warns to beware of the following scenarios:

  • It’s an amazing opportunity to make or save money

  • Someone you haven’t met needs your help - and money

  • The message contains links or attachments

  • You feel pressured to act quickly

  • They ask you to pay in an unusual or specific way

  • They ask you to set up new accounts or Pay ID

Contact your bank and report the scam. Ask them to stop transactions and stop sending any money.

Report the scam to Scamwatch here and make an official complaint to police here.

Watch out for follow up scams, particularly ones promising they can get your money back. Scamwatch warned one in three victims of a scam are scammed more than once.

Lastly, get support for yourself. You can talk to a financial counsellor or reach out to BeyondBlue on 1300 22 4636 or here for an online chat or Lifeline for crisis support online here on 13 11 14.

You can also contact IDCARE to “reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation”.