“Hi Dad, I Dropped My Phone”: How a Simple Text Stole $3600 And Why This Scam Is Exploding

Leave a Comment / Cyber Security Culture & Awareness / By
Cracked smartphone on a dark table at night displaying a text message notification that says “Hi Dad,” symbolising the start of a scam.

A Real Incident Response Case

This wasn’t a hypothetical scenario or a second‑hand story, it was a real incident I handled during an incident response call. These impersonation scams are not targeted attacks; they’re mass‑sent messages blasted out to thousands of numbers at once, hoping that one or two people respond at the wrong moment.

This case became a perfect example of how timing, psychology, and social engineering can override even the strongest security controls and it’s exactly the kind of scenario I’ll be breaking down in future incident response articles.

One of his daughters was travelling overseas. Different time zone. Patchy reception. The kind of trip where a broken phone isn’t unusual. So when a message came through from an unknown number at 8:40pm, saying:

“Hi dad my phone dropped into the toilet and had to get a new simcard so this will be my number for now.”

…it didn’t feel suspicious, it felt believable.

The timing wasn’t an accident. Evenings are when people are unwinding, tired, and less likely to double‑check things. Family members are harder to reach. People are mentally “off duty”. Scammers know this and they strike when your guard is down.

He couldn’t call his daughter to check. He couldn’t message her old number. He couldn’t confirm anything.

Within an hour, $3600 was gone.

Not because he was careless, but because the scammer struck at the exact moment when the story made sense and when verification was least likely.

This is how the “Hi Mum/Hi Dad” scam works: not through hacking, but through timing, psychology, and emotional precision.

Mass‑Sent, Not Targeted

These messages aren’t personal, they’re mass‑sent scripts blasted out to thousands of numbers every day. Scammers don’t need everyone to fall for it; they only need one or two people to respond to make the entire operation profitable. It’s a volume game. They send out waves of “Hi Mum/Hi Dad” texts hoping to catch someone at the right moment. Tired, distracted, emotional, or unable to verify the story. That’s all it takes for the scam to begin.

Timeline of the Scam: Message by Message Breakdown

These are the exact steps the scammer used, the real sequence that shows how quickly the situation escalated.

Below is the exact message sequence from the incident, a real‑world example of how quickly this scam escalates.

1. 8:40pm – The Hook

Scammer: “Hi dad my phone dropped into the toilet and had to get a new simcard so this will be my number for now.”

A believable accident. A reason for a new number. A casual tone.

And sent at a time when most people are mentally winding down.

2. Establishing Legitimacy

Scammer: “You can save this number for now.”

They reinforce the idea that this is temporary, a common tactic.

3. Creating the Illusion of Delay

Scammer: “Did you only just get my message?”

Victim: “Yes”

This makes the conversation feel natural and human.

4. Blocking Verification

Victim: “I can still face time ?”

Scammer: “The calls aren’t going through though.”

This is critical, they shut down the one thing that would expose them instantly: a voice or video call.

5. Building Urgency

Scammer: “Are you busy right now?”

This isolates the victim and keeps them engaged.

6. Introducing the Problem

Scammer: “I was going to ask for help because I’m trying to buy a new phone but it’s not letting me pay without the code that’s getting sent to my old number which I don’t have right now.”

This is the setup. A problem only the victim can solve.

7. The Direct Ask

Scammer: “Is it okay if you pay for me and I’ll be able to pay you back on Saturday please?”

Victim: “What do you mean”

Scammer: “Can you help me pay for my phone and I’ll pay you back on Saturday pls”

This is the emotional pressure point:

  • Urgency
  • Politeness
  • Promise to repay
  • A believable reason (broken phone)

8. The MFA Trap

After collecting his card details, the scammer told him: “You’ll get a code from the bank. Send it to me so I can process the payment.”

A legitimate SMS arrived from his real bank, a one‑time MFA code used to confirm a transaction.

He believed he was helping his daughter buy a replacement phone. He was actually authorising the scammer’s transaction.

This is the part most people don’t understand. The scammer didn’t bypass MFA. They socially engineered the victim into handing it over.

Once they had the code, the bank treated the transaction as approved. Within minutes, $3600 was charged across two cards.

Why This Scam Works So Well

These scams succeed because they’re engineered around human behaviour, not technology.

  1. It exploits real‑life context, A daughter travelling overseas made the story believable.
  2. It uses perfect timing
  3. 8:40pm is prime scam time:
    • People are tired
    • Less alert
    • Less likely to verify
    • Family is harder to reach
    • Logic is weaker, emotion is stronger
  4. It avoids technical red flags
  5. No suspicious links.
  6. No fake websites, just conversation
  7. It hijacks legitimate security
    • The MFA code came from the real bank.
  8. It creates urgency.
    • “Please help.”
    • “I need it now.”
    • “I can’t access my old number.”
  9. Urgency shuts down critical thinking.

Red Flags to Watch For

  • Unknown number claiming to be a family member
  • Story involving a broken phone or new SIM card
  • Refusal to call or video chat
  • Urgent request for money
  • Requests for bank details or credit card numbers
  • Pressure to act immediately
  • Emotional manipulation (“I’m embarrassed”, “Please don’t tell anyone”)
  • Anyone asking for MFA codes
  • Slightly off spelling or grammar
  • Payment requests through unusual methods

If someone asks for a one‑time code, it is always a scam.

What To Do If You Receive a Message Like This

  • Pause. Scammers rely on panic.
  • Verify the story. Call the real number of the person you already have saved.
  • If verification isn’t possible, delay your response until the next day, scammers rely on you acting immediately. There is always a way to contact your family member directly, even if it takes time.
  • Call another family member that is knowledgeable about Cyber Security.
  • Ask a personal question only the real person would know. A nickname, a memory, a detail.
  • Never send money or share card details. No matter how convincing the story is.
  • Never share MFA codes. Banks will never ask for them. Family will never need them. Scammers always want them.
  • Block and report the number. This helps telcos shut down scam networks.

What To Do If You’ve Already Sent Money or Codes

  • Call your bank immediately. Ask them to freeze the card and dispute the transactions.
  • Change your online banking passwords. Even if you didn’t give them out.
  • Enable transaction alerts. So you see every charge instantly.
  • Report the scam to Scamwatch. It helps track patterns and warn others.

Why We Need to Talk About This More

These scams aren’t random. They’re scripted, targeted, and highly organised.

They work because they exploit:

  • Emotion
  • Timing
  • Trust
  • Real‑life context
  • Human instinct

My client’s story, while painful, is exactly the kind of example that helps others recognise the signs before it’s too late.

The more we talk about these scams, the fewer people fall for them.

If you found this helpful, share it with someone, awareness is the strongest defence against these scams.

Further Reading: Your First Steps into Everyday Cyber Security Series

If this incident taught me anything, it’s that cyber security isn’t about being perfect, it’s about being prepared.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe