BNZ’s head of financial crime, Ashley Kai Fong, says the most notable change in scam activity over the past year was the increased volume.
In the last year, BNZ found four out of every five people had been targeted by a scam and more than a quarter had fallen victim to one, up 7% the year prior.
It found that 47% of businesses had been a victim in the last year, up from 21% the year before.
“Scams are rising, year-on-year, and as they climb, so does the toll on New Zealanders and the trail of destruction left in the wake,” says Kai Fong.
“Scams don’t just damage our finances. They cause hurt, shame, and embarrassment to their victims and they erode trust and confidence in brands, businesses, and organisations.”
In one scam that the bank dealt with recently, a customer fell victim to a recovery scam multiple times.
A recovery scam is where a scammer steals money then poses as a bank or police to help recover it.
The first scam was an investment scam. The customer had been watching investment YouTube videos and followed a link to speak to someone who advised them on a cryptocurrency investment. But there was no investment and the customer lost almost $90,000.
When the scam was discovered, BNZ changed the customer’s passwords and details and secured the account. But then someone pretending to be an investigator from a cryptocurrency company offered to help recover the money. They obtained access to the customer’s online banking and stole more money.
BNZ secured the account again and told the customer what to look for to avoid being caught in future. BNZ was not able to recover any of the money.
“Cryptocurrency scams are virtually impossible to recover as they are effectively untraceable transactions,” says Kai Fong.
“This underlines the importance of being wary of anyone calling you out of the blue and asking for details or access to your computer.
“If you get one of these calls, the best thing to do is hang up and call back on the number listed on the website, not on the one they called you from.”
Kai Fong says people should report being targeted by a scam or having fallen victim to one.
“If you think you may have lost money to one or someone might have accessed your online banking, call your bank immediately.”
The sooner the bank knew about it, the better the chance they had to recover the money.
He says some scammers were changing their tactics.
“As the world is coming out of lockdown, unfortunately these criminals have business plans like everyone else, they’re just not as structured. They’ve got a lot of time to make up for. Everyone’s online a bit more and I guess the landscape for them to attack has become bigger.”
Professor of commercial law Alex Sims speaks about the red flags to watch for when investing in crypto, and why Unvest was such an unusual case. Video: Stuff.
Kai Fong says 25% of victims says they had clicked on a link in an email or text.
“It could be almost anything – a message pretending to be from a bank asking you to urgently confirm a transaction or from a courier company asking you to urgently pay a release fee. The link in the text messages look almost legitimate so it’s easy for someone in a hurry to tap through.
“But the website is fake. Everything you enter is immediately sent to the scammers and they use the details to log into your real online banking and take your money or run up charges on your debit or credit card.”
He says businesses were often caught by invoice scams.
In an invoice scam, a business’s system is compromised and the bank account number on invoices is changed to one a scammer owns so payments meant for the business go to the scammer instead.
“In a new development, we’ve also seen scammers posing as employees changing the bank account where their wages are paid. These scams are notoriously difficult to spot and are the leading scam by value of losses.”
In another case the bank dealt with, a woman believed she had met a man who was a missionary in India.
He told her that he was stuck in a hotel with Covid-19 and needed money for accommodation and new flights.
When the customer tried to send money to the man, the bank talked to her to see if she could find any documents to prove he was who he says he was.
She was not able to but still went ahead with the transfer and lost more than $100,000.
In another, a woman thought she was being messaged by her son on WhatsApp and sent money to a scammer.
“The customer was alerted to the scam by receiving another message from the same number later, this time saying, ‘hi dad’. The scammers were changing tactics but had inadvertently messaged the same number,” says Kai Fong.
Cert NZ data shows that in the June quarter, there was $3.9 million in direct financial loss reported due to cybersecurity incidents. About 2000 incidents were reported, down 14% from the first quarter.
Kai Fong says it was likely that larger numbers of people were affected but not reporting because they felt embarrassed.