How a phone scammer nearly got my pin number out of me


Published on

What do you think our most popular password is for all those accounts we have online? I guessed incorrectly.

I thought we might be marginally original and use our dog's or cat's name, or our birth date. These are about as secure a wet paper bag.

But no, the most popular password for our personal information and key data is 123456.

ask paul askpaul paul clitheroe scam scammer retirement centrelink

I nearly fell off my chair when I found out.

We hear so much about online fraud and the critical role that passwords play in protecting us, yet many people do the equivalent of leaving the keys in the car and the front door open, with a wad of cash in easy view.

We all know the problems of myriad passwords. And I do agree that many of the sites we open with a password are pretty innocuous.

I actually do use my now deceased dog's name on a couple of sites. Two of these are footy tipping sites.

I seem to come dead last every year, so if anyone cares to hack into these and change my tips I would be grateful.

I also use pretty standard passwords for my golf club and yacht club. If anyone wishes to go to the effort of checking out my clubs member's dinner menu, or what our start time is for our next yacht race, feel free.

If you are wondering what has inspired these words, it is because in May there was a Privacy Awareness Week. I read through some of the news releases and also took a look at Scamwatch.

We have well and truly moved on from crooks robbing banks to crooks scamming us. A scam may cause huge emotional distress, but it tends to be a non-violent activity so does not get big headlines in the media.

The message about online security is not sinking in.

Let's do the basics first. The usual scam trick is phishing, where we get scammed into handing over personal details. I had a good example of this recently.

At 6am on a Sunday morning the phone rings. I was half asleep, which is of course part of the scam, but the conversation went something like this.

"Good morning, Mr Clitheroe, it is Peter from NAB. Can I just check you are Paul Clitheroe and your date of birth is July 7, 1955, and your address is .... "

Here he correctly gave my address. He continued: "As I am speaking to you at home, I can safely assume you are not in Croatia using your NAB Visa card to withdraw $1000 cash. We believe you are being scammed. We wish to put your card on security hold for your own protection."

At this stage I was most impressed: my bank was looking after me. We actually had a bit of a laugh about me not being in Croatia and he discussed how the bank would refund the amount I had been scammed for. He even encouraged me to go straight to my computer after the call to check for myself.

Anyway, the twig dropped when he said, "All I need to do to put a hold on your account and replace the $1000 is to get your pin number."

I am pretty aware of scams, but it did throw me a bit but not enough to fall for it. Pretty impressive, though!

Hacking is something I would think we are all on top of with decent security scanners.

Mind you, if 123456 is the most popular password, I probably should not assume that.

Remote access, where a scam caller purporting to be from Apple or Outlook convinces you to allow remote access to your system so they can "fix it", is very popular as is introducing malware into your system.

Fake online profiles are very common, and if an online stranger is asking for your pet's name, you can be certain they are grooming you for potential passwords.

Falling prey to the bad guys can cost you dearly. The Australian Institute of Criminology says victims of identity theft are left out of pocket by an average of $3696, though in some cases losses have exceeded $500,000.

Protecting yourself from identity fraud or an online scam is the same as locking your front door. Cyber crooks typically get hold of personal details by hacking our computers or via email or social media.

So make sure you have the latest security software installed on all digital devices, including computers, tablets and phones, and keep them updated.

Use unique passwords and change them regularly. Nothing is perfect but at least do the electronic equivalent of locking your doors!

Get stories like this in our newsletters.

Related Stories


Paul Clitheroe AM is founder and editorial adviser of Money magazine. He is one of Australia's leading financial voices, responsible for bringing financial insight to Australians through personal finance books, the television show Money, radio, and most notably this publication, which he established in 1999. Paul is the chair of the Australian Government Financial Literacy Board and is Chairman of InvestSMART Financial Services. He is the chair of Financial Literacy at Macquarie University where he is also a Professor with the School of Business and Economics. Click here to email Paul your money question. Unfortunately Paul cannot respond to questions posted in the comments section. Please view our disclaimer here.