Podcast host Karyn Parkinson was at her doctor’s clinic just weeks before her second baby was due when her phone pinged with a worrying SMS.
“It said that my ATO (Australian Tax Office) account had been removed from my myGov account, and ‘If this wasn’t you, please give us a call’,” recalls Karyn, director of Unstoppable eCommerce.
“I was super pregnant at the time and had pre-eclampsia, so I wasn’t feeling very well. I thought ‘I can’t be bothered dealing with this now’. But it seemed a bit dodgy so I thought I had better check.”
The marketing specialist googled the number for the ATO, rather than trust the number in the message, and called the general line. And it’s lucky that she did.
Staff informed her that her account had been hacked, her Business Activity Statements (BAS) had been doctored, and the culprits were poised to benefit from a fraudulent $46,000 refund at any moment.
“They put me through to their scams department, and I was told ‘we can see that you are logged in right now’. I said ‘No, I’m at the doctor’s office’. It turned out someone had gone in and changed my bank details, accountant’s details and all of my BAS, to make it look like I was owed a refund of $46,000.
"I was told I would have been liable for the money if it had gone through.”
That was in 2021, and only the beginning of a stressful three-year journey to unpick the damage that hackers had caused. This included getting new bank account numbers, driver’s licence, passport and Medicare.
Complicating matters for Karyn was the fact she had been applying for a mortgage when her identity had been compromised.
“We were about to buy a house and I was told they could have applied for a mortgage with all my details, so I had to block all my credit lines so no one could take it,” she says.
Even now, she is still dealing with the repercussions of the hack, including going through bureaucratic hoops to get a new passport, as she was born in South Africa.
But she has taken steps to boost her online security and now wants to help other small business owners do the same.
Karyn has completed the free Cyber Wardens program, and dedicated a podcast episode to cyber risks and red flags, interviewing Cyber Wardens spokesperson Kimberley Roberts-Salee.
“It was really helpful to learn that cyber criminals are getting better and better at doing this, and it can happen to anyone… but there are simple things we can do to avoid an attack,” she says.
“As soon as I finished the podcast I went and put multi-factor authentication on my emails, I had it on everything else but not email.
“What happened was a big eye-opener. I still to this day don’t know how they got in. I have always considered myself pretty savvy about things like scam emails and messages, and I’m even more cautious now.”
