A bank customer who lost $60,000 after falling for a highly sophisticated phishing scam that mimicked IRD and his bank has warned others to be vigilant online.
Banking Ombudsman Nicola Sladden said it was a sign of increasing sophistication in online phishing scams. Bank data suggests nearly $200 million a year is lost to scams.
She said Kiwis should contact banks or IRD directly using publicly-listed numbers rather than going through links inside text messages or emails.
"A definite no-no is to click on a link or call a number from a text. We urge bank customers to be wary of any email or approach that asks them to carry out an online action via phone call or text."
The bank customer, who did not want to be named, said he received an email from what he thought was the tax department asking him to log into his myIR page and verify his bank account details in order to receive a tax refund.
The email contained a link to what looked like his bank’s website where he logged in to his internet banking and entered an SMS code.
A Chinese New Zealander narrowly escaped an elaborate scam involving Chinese police and allegations of billion-dollar fraud. (Source: 1News)
He later discovered that the entire interaction was a fake and that scammers had used his banking details and the SMS code to set up mobile banking on their device and withdraw $60,000 from his account over several days.
Sladden said the bank had rejected the customer’s request to reimburse the loss, however she found the customer had acted reasonably in the circumstances.
The Banking Ombudsman Scheme said the customer might have been alerted to the scam if the SMS message had made clear the purpose of the code - to set up mobile banking on a new device, not, as he thought, to log in on his internet banking.
Sladden continued: "Ordinarily, banks are liable for a customer’s losses as a result of an unauthorised transaction - typically a scam - if the customer has taken reasonable care to protect his or her banking."
Fraudsters are targeting people’s cell phones and pretending to be officials from agencies like NZ Post and Waka Kotahi. (Source: 1News)
Banks are obliged to reimburse a customer’s fraud losses, where someone has accessed their banking without authority, so long as the customer wasn’t dishonest or negligent, and took reasonable steps to protect his or her banking.
"In this case, such was the sophistication of the scam that we considered the customer had shown reasonable care in the circumstances," the Banking Ombudsman said.
"We therefore found the bank should reimburse the customer the full $60,000.
"Regrettably, it is but one of a growing number of phishing cases, like the recent road toll text scam, involving customers who are duped into disclosing their banking details and thereby enable scammers to steal their money."
SHARE ME