Smooth fraudsters take $50k off lawyer
Silver-tongued callers say they’re from bank in sophisticated scam
Phone scammers have stolen $50,000 from a lawyer as more Kiwis are targeted by a highly sophisticated fraud in which crooks pretend to be bank employees.
The Tauranga man was targeted by scammers who disguised their call as coming from an official ANZ 0800 number.
The fraudsters called the man saying two transactions of more than $5000 were taken from his account and queried whether these were legitimate.
The lawyer said he did not make the purchases and the scammers then told him they would put him through to ANZ’s fraud department. The crooks, posing as the bank’s fraud specialists, then gained access to the man’s account.
The lawyer’s son told the Weekend Herald it was a highly sophisticated scam.
“They sounded like a normal bank, nothing to suggest they were scammers.
“He actually said to them multiple times ‘Are you scamming me?’ and they were very calm and patient, they weren’t aggressive or anything.”
The man’s son also claimed ANZ’s actual fraud department took too long to respond, which added to his father’s confusion.
“[My dad] called the fraud department after he realised he might be being scammed. He was on hold for half an hour, possibly more, then it went to answer phone and asked him to leave a message.
‘Then the scammers rang, pretending to be from the fraud department, which made it very cloudy to tell who was actually calling you.”
An ANZ spokeswoman said the bank couldn’t comment specifically on the case due to privacy reasons.
“We understand when customers get caught in these situations it can be very stressful and we’d like to make sure the customer is getting the support they need.”
She said customers were increasingly being targeted by scammers and the man’s case was a reminder for people to be careful with private and financial information.
The lawyer’s story is similar to that of children’s author Malcolm Clarke who was also called by scammers on what appeared to be a legitimate 0800 number, pretending to be from Kiwibank’s fraud department.
The tricksters then asked for Clarke’s access code, secure key code and full security phrase and told him they would lock and freeze all his accounts if he didn’t provide the information.
Clarke posted a warning on social media after almost falling for it.
He also said the scammers had a calm and collected demeanour and the sophistication of the scam had him “pretty much convinced” it was a legitimate operation.
Clarke told the Weekend Herald he was lucky he didn't fall for the scam but was worried others might.
As this type of scam continues to impact more Kiwis, Cert NZ’s acting manager of incident response Jordan Heersping warns the public to stay vigilant.
“We have seen an increase in scammers imitating (‘spoofing’) banks’ phone numbers to use in phishing scams,” he said.
Scammers use software to change the number that appears on the victim’s phone screen to make it seem they are calling from that number. It could also come up as a private number, which some banks use when they call customers.
“The attackers are convincing because they have done their research and can duplicate what a bank call centre will say.
“They also use social engineering tactics like urgency, fear and opportunity to engage people and, even if you are aware of this, it could catch you out when you’re busy, tired, stressed or focused on other things.”
Heersping said if a person was caught out by the scam, the best thing to do was to report the issue to the bank and CERT NZ, and if any money had been taken, to the police as well.
If any password information had been given out, that should be changed anywhere it was used.
Heersping recommended using long and unique passwords for each different website or platform used.
Consumers were also being urged to use two-factor authentication on their bank accounts.
The extra security measure means people have to enter a one-time unique code, which is usually sent to their phone, in order for a payment or money transfer to occur.
The bank will never ask for your code.
Sam Gribben, senior analyst in the threat and incidence response team at Cert NZ, said a legitimate bank worker would never ask for a person's password, access number or twofactor identification codes.
“If you are speaking to someone who claims they are from the bank and is requesting this kind of specific information that should ring some alarm bells and that's where we recommend you hang up the call, call the legitimate number for your bank, which can usually be found on your card, and speak to someone at the bank about the contact you have received.”
Gribben said often those who expressed concern about the call were then told the issue was urgent and needed to be sorted out straight away.
“And that can be another red flag.”