Teacher scammed out of thousands while on holiday after identity bought on web for $10 by hacker

A teacher, whose identity was stolen and sold on the dark web, lost his £3,500 savings while on a holiday with his wife after a Romanian hacker used it to foot a hotel and drinks bill.

Matthew Shaw, a 27-year-old science teacher, was enjoying a holiday in Cornwall in August 2021 with his nursery worker wife, Davina, 27. The couple were enjoying their two-week trip, their only getaway of the year.

However, while on the way to try jet skiing for the first time, Matthew received an unexpected notification from his bank, First Direct, informing him that his account had just been debited £3,500 for a hotel stay – the location and name of which were not provided.

In a state of panic, Matthew contacted First Direct, who deduced someone from Romania had opened an account in his name with digital financial services company Monese, using his identity. They linked this to his First Direct account to pay for the hotel after obtaining his details from the dark web – a transaction that could cost as little as $10.

This left Matthew with just £20 in his bank account, forcing the Gloucestershire couple to cut their holiday short by a week, leaving Davina in tears. Matthew praised First Direct for their "brilliant" response, with the money refunded a week later.

However, despite tightening his security measures, he still receives six or seven email notifications daily alerting him to unauthorised sign-in attempts. Recounting the moment he found out about the transaction, he said: "We had woken up, we had breakfast, and we were on our way to go and do jet skiing – something we’ve always wanted to do.

"Then, I parked up and I had a notification at the top of my phone saying, ‘£3,500 has been paid to a hotel’. I thought, ‘Oh my God, what is this? ’, and I rang First Direct straight away and said, ‘This is not me’. They were going through their security questions, but I was just panicking and thinking, ‘All my money’s gone – that was our savings for a house and it’s all gone’."

At that point, Matthew was holding down a job as an unqualified supervisor teacher. He diclosed that the only time he could take a break in the summer was during the school six-week break, and seeing as Davina's holidays were "restricted", the couple had meticulously planned their two-week tenting holiday in Cornwall.

Matthew said: "We have that one holiday for the whole year and that’s it." The couple had booked tickets to visit a seal sanctuary and a crystal maze in Cornwall and were on their way to try jet skiing when Matthew received the notification.

“(First Direct) said my email had been hacked and a person in Romania had obtained my ID, set up a bank account using my ID, and then basically paid for a hotel with all the drinks and everything using my credentials, which then came out of my bank account,” he said. “They said the process was that someone had hacked into my email, got my ID and everything, and then that was published to the dark web… and, apparently, you could pay 10 dollars to access someone’s information.”

Matthew confessed that despite being tech-savvy with different passwords for each of his accounts, which he changed regularly, he never thought his email would be compromised. However, the cyber theft left him and his partner, Davina, forced to cut their holiday short after being left with only £20 in their account.

"Davina was upset, crying, and on the way home it was a quiet car journey," he said. "I think we were both in shock – our holiday, that we go on once a year, has been ruined by someone who is probably doing this 10, 11 times a day, and you just think, ‘Why have they chosen us? ’"

"I was just thinking, ‘What could I have done better? ’ You start to blame yourself. How is this even possible? What else have they got access to? " After an anxious week, Matthew felt a wave of "relief" when the £3,500 was finally refunded by First Direct, leaving him "impressed" by the bank’s handling of the incident.

He was placed on a 12-month fraud prevention programme, which meant he had to go through “rigorous” processes when making large transactions, obtaining a loan or setting up a new account or credit card. He said these processes sometimes took several hours, and although it was “frustrating” and some of his transactions were initially blocked, it made him feel “secure”.

"At the time, it was very frustrating to sit and do a million security questions... and trying to apply for things was a nightmare, but reflecting on this, I was grateful," he said. Matthew has since improved his account security, switched email providers, and set up two-factor authentication—a step he hadn't taken before the scam.

Yet, hackers still try to infiltrate his old email, which he no longer uses. "I have about six or seven notifications a day, saying, ‘Is this you? Confirm the number to get into your account’," he revealed.

Matthew's keen to tell his tale to prompt others to bolster their device security. "You just don’t think it’s going to happen to you until it happens," he cautioned. "If I can educate at least one person – like my job as a teacher – then I’ve done my job."

A spokesperson from First Direct said: "Protecting our customers from fraud and scams is a key priority for us and we have a range of features in place to spot unusual activity on an account and protect our customers’ money. In this case, we’re really pleased we were able to intervene when Mr Shaw’s details were compromised and refund the money promptly."

'It is also standard practice for us to offer additional support to those customers who are victims of fraud, to give them extra assurances when making further payments so they feel confident and supported when managing their account."

Meanwhile, a Monese spokesperson emphasised their stringent measures to combat fraud: "Here at Monese we take fraud extremely seriously, investing in and operating a range of controls to detect and prevent misuse of identities. These include algorithmic document authentication testing by specialist providers, identity confidence scoring, biometric matching of video selfies to the facial images in authenticated identity documents, and asking applicants to complete physical and verbal challenges, amongst other measures."

"As it stands, we can’t comment on this particular case as we don’t have enough identifying information to investigate. We’d love to contact Mr Shaw directly so that we can look into his case further. This would not only ensure that he receives the appropriate apology from us, but would also help us to protect other customers and thwart future fraud attempts."

To learn more about products such as Norton 360 Advanced, which includes Dark Web Monitoring to help safeguard individuals by scanning for any misuse of personal information and restoring compromised identity details, visit: uk. norton.com/products/norton-360-advanced.