In the 25 years Helen Cahill has kept the books for her small business near Melbourne Airport, she's never had any trouble doing online banking.
So on a particularly busy afternoon on May 26, when she sat down at her desk, she thought it was strange it was taking so long to log in.
She'd googled "Bendigo Bank" and clicked on the first link that came up, which was a Google ad for the bank.
She then keyed in her login details, including a two-factor authentication pin.
What Ms Cahill soon discovered was that she had clicked on a malicious advertisement instead of the Bendigo Bank website, and that a scammer had gained access to her account.
"It was probably within two minutes that I logged onto the genuine Bendigo Bank … and realised that $30,000 had been taken from my account," Ms Cahill told 7.30.
"I just felt really violated … I thought, 'How can that happen?' I really feel like I'm a very cautious, careful person when I'm doing banking."
Ms Cahill quickly phoned the bank to report the incident, and also spoke to the IT company that looks after her business' computers, called Ignite Systems.
They were able to go back through the steps Ms Cahill took and uncovered that the link she clicked on the search results page looked real, but the site that opened had a phoney URL that was easy to miss in a hurry, referring to "bendigohank" instead of "bendigobank".
"It looked like a replica of the genuine Bendigo Bank website," Ms Cahill said.
"My takeaway message would be: This can happen to anyone."
After days of constant calls and follow-ups on Ms Cahill's part, Bendigo Bank was able to return the funds within a week.
But she remains concerned a malicious site was promoted on Google without the bank warning customers of its existence.
"Initially I was very annoyed and then I became very angry that a genuine Google ad could be linked to a bogus online banking site.
"I just do not understand how … the bank didn't know about it. I think something needs to happen with Google, that they can run these ads."
Bendigo Bank said in a statement that after the ad was discovered its "Financial Crimes team alerted the owner of the platform and had the fraudulent advertisement taken down".
Cyber-security expert Dave Lacey told 7.30 Google ad scams were particularly sophisticated.
"They're using third-party, what we call, ad affiliates that have an ability to almost manipulate or change ads after they've gone through a vetting process," Mr Lacey said.
Google didn't explain how the scam ad showed up in its search engine.
The tech giant said in the last year alone it blocked or removed nearly 60 million ads globally for violating financial services policies, and said it was constantly developing new tools to protect its users from fraudsters.
Scams on the rise
There have been more than 35,000 reported attempts to gain the personal information of Australians since January.
The Australian Cybersecurity Centre reported cybercrime cost the economy an estimated $33 billion in 2021.
National identity and cyber-support service IDCARE has never been busier, according to its managing director, Mr Lacey.
"I don't think there are many crimes that you can say penetrate the family home almost on a daily basis," he said.
"[Scammers'] whole business is about deception and they're well trained and versed at it."
A popular method used by scammers is what's known as "phishing", where things like an email imitating a bank or telco are used to encourage people to share their personal information.
"Smishing" is a similar method, involving text messages.
"So smishing is via SMS and phishing more generally is via email or telephone," Mr Lacey said.
'What is yours is ours also'
One of the leaders of a group involved in a prolific scam operation was jailed in May after duping dozens of Australians when large swathes of the population were in COVID-19 lockdown in 2020.
Court documents reveal the group created false identities on a website they called the "1-stop-rort-shop", bragging online about software that was able to evade SMS spam filters.
Self-promoting videos of their exploits, which were seized by police as part of the operation, showed special logos and wads of cash accompanied by menacing music.
"In this particular case, we would say the offenders were fairly skilled," Acting Assistant Commissioner for Cyber Command Chris Goldsmid told 7.30.
"We estimate they sent over 20 million text messages … That's a significant number of people that could have potentially had their information stolen and their bank accounts accessed."
The "rort corp" motto was "what is yours is ours also".
Police found the men had access to staggering amounts of personal information, including people's secret online questions and answers.
In one instance, a member of the group bragged about sending "13 sets" of personal and financial information, specifically bank account user numbers, account passwords, full names, credit cards, expiry dates and CCV numbers.
The syndicate had dozens of identities on tap and Medicare card templates.
"It is difficult for law enforcement and agencies to apply traditional tools of deterrence and intervention," Mr Lacey said.
"Certainly, when arrests occur, we do cherish and relish that."
Act quickly
The newly elected Labor government has vowed to crack down on cybercrime, including by introducing new industry codes for banks and telcos.
There is a strong emphasis from experts on preventing the crime in the first place and acting quickly when people's accounts are compromised.
"If you think you've been the victim of a scam, don't be embarrassed. Get in contact with your bank," Acting Assistant Commissioner Goldsmid said.
"The earlier you report it, the more chance there is … to get that money back."
Watch this story tonight on 7.30 on ABC TV and ABC iview.