Spouse nearly got scammed. Scammer has all personal details and license number and has started opening bank accounts using info. What do should we do to stop it?
My spouse received a call on their personal mobile from Afterpay. The caller ID was another mobile number.
The caller said their had been some fraudulent activity detected on the account and they asked for all the personal details to confirm identity.
Spouse is suspicious so refuses to give any info. The caller then states my spouses full name, including middle name, address and obviously knows phone number.
They then explain they are going to send them a verification code by sms. A code is received which my spouse gives to the caller.
Call ends and basically straightaway my spouse realises they have been scammed and the verification code was one to authorise a purchase.
They contact Afterpay who confirm a $900 purchase from the Good Guys. The Afterpay account is then disabled and Afterpay confirm the credit cards on the account. There's two cards on file and only one belongs to my spouse.
Obviously the Afterpay account got hacked somehow.
Incident reported to crimestoppers on the advice of Afterpay. Follow up call from local cop shop says watch out because there has been identity theft reports in our area from mail getting stolen.
We reported the transaction to the Good Guys with the order number afterpay had.
Today, about 2 weeks later, spouse receives a 86400 debit card in the mail. They havent opened an account.
86400 freeze account and report to fraud department. They confirm that a driver license or medicare card mustve been used to open account.
That means the scammer must have the license number or the Medicare number as well. You dont need the physical license to open an account, just the number and the cards have never been lost.
The email used was spouse full name @gmail.com
86400 advised reporting this to the police too, so thats now been added to the original report.
Now I'm thinking that because 86400 is just a visa debit account, there needs to be money in the account to make any purchase so the scammer probably wants a bank statement to start building 100 point ID. Thats my guess.
It seems a bit amateurish to open an account when you know a physical card will be delivered 5-7 days later potentially alerting the victim.
Service NSW confirmed that no one has attempted to change address on driver license but apparently theres no point in getting a replacement license because the license number will always be the same, only the card number will change.
We've filled out the request for help with IDcare.
Passwords have been changed in all other accounts.
Theres nothing of note in haveIbeenpwned.
We dont know how the Afterpay account got hacked or how they got the license number.
We're worried about identity theft, got any advice?