Help! I've been hacked
Plenty of Kiwis lose large sums of money to online fraudsters.
But rarely is it due to their bank account being hacked, despite what many people think.
More likely your personal computer has been accessed by fraudsters or you’ve succumbed to social engineering and given the money away to a con artist.
Here’s how they do it:
Fraudulent use of credit card
Commonly, a fraudster will get hold of your card details and use them to shop online.
Or you may be conned into buying something non-existent on websites like eBay and Alibaba.
The seller hijacks an innocent person’s account and takes a large number of payments, but never delivers the items.
When you’re a victim, the bank/ credit card company will usually reimburse you.
They want you to remain comfortable using credit cards. However, if it happens every few months they might decide they don’t want you as a customer, says Netsafe’s chief technology officer Sean Lyons.
Social engineering
Humans are hardwired to want to help others, says Lyons.
The classic Nigerian scam where you believe you’ll be paid handsomely if you help another person move some money is a classic social-engineering scam. So is the romance scam, where you’re sending money to someone you’ve fallen in love with online to help them in some way. If you send it through Western Union or similar companies there isn’t much that can be done to stop the fraud or get the money back. Banks have increasingly intelligent systems to help insulate customers from loss.
Bad look for a bank
Never say never when it comes to your bank being hacked — but they are very risk-averse around technology.
“If the bank gets hacked I doubt very much [customers] would know,” says Lyons.
The bank would pay the money back to the customer as quietly as possible. It’s not a good look.
Any criminal hacking into a bank is more likely to transfer huge sums of money out of the country and disappear on the proceeds for life, says Lyons.
They’re not going to go after Joe Smith’s account in New Zealand with a paltry $10,000 in it.
Banking Ombudsman Nicola Sladden says banks must act with reasonable skill and care when providing internet banking.
Your bank account is accessed
Maybe you use the same password for everything and fraudsters got hold of it.
Or you have clicked on a dodgy link that looks like it’s from your bank but isn’t.
Often the fraudsters load keylogging software on to your PC and capture your passwords that way.
If you are an innocent party and report it in time to your bank, your losses will usually be reimbursed.
Not so if you’ve given your PIN or passwords to someone, such as a carer, knowingly.
I’m very careful about doing something to compromise my bank accounts.
I’m forever changing passwords and have so many PINs it often takes several attempts to pay for anything.
I often wonder: when will a bank refund and when won’t it? I’ve seen cases on the Banking Ombudsman’s site when the bank hasn’t refunded until forced to.
Sladden says the latest Code of Banking Practice, which came into effect on June 1, promises banks will reimburse victims of fraud, unless they have acted dishonestly, negligently, breached their terms and conditions or didn’t take reasonable steps to protect their banking.
“A bank’s terms and conditions will often state that the bank is not liable for unauthorised transactions where it believes the customer has contributed to the unauthorised use of their card,” says Sladden.
Each case is different and has to be investigated.
Some examples where you might not be reimbursed include:
● Selecting 1234, your birthday or phone number as a PIN.
● Keeping your card somewhere unsafe.
● Writing down your PIN.
● Giving your card or disclosing your PIN to someone else.
I was pleased to hear from Sladden that not changing passwords frequently or using the same PIN for different cards does not necessarily mean you have failed to take reasonable steps to protect your banking.
“Your password or PIN is only one of many factors that get taken into account when someone is the victim of fraud,” she says.
Even so, says Sladden, it is sensible to refresh your password frequently, and if possible use a unique password that is just for your banking.