17 June 2022

Beware phone and text scammers impersonating banks

Agencies including Consumer Protection and CERT NZ team up with 10 banks to urge New Zealanders to stay vigilant.

Scammers are using sophisticated methods to impersonate bank staff, tricking New Zealanders out of millions of dollars every year.

They use duplicated phone numbers and social engineering, as well as text messages with links to fake websites, to harvest users’ log-in details.

The warning comes from government agencies and departments CERT NZ, Consumer Protection and Te Tari Taiwhenua Department of Internal Affairs, and is backed by 10 New Zealand banks.

Phone call scams

Cyber criminals are getting more convincing at writing scripts that a real call centre might use. They can also use phone numbers that look very similar to those from the genuine bank call centre, in a technique called “spoofing”.

It can be hard to tell what’s real and what’s not. If you’re not sure, the agencies and banks suggest hanging up and calling back the bank from the official number on its website.

A phone scammer’s favourite tool is urgency. If you feel like you’re being forced to act too quickly, stop and take a breath. You’ll be less likely to make a mistake.

All users should turn on two-factor authentication (2FA), which adds a second step to the log-in process. Your bank will never ask for a 2FA code over the phone.

Text message scams

Phishing (credential harvesting) over SMS has increased at an alarming rate over the past few years, according to the warning.

A text uses similar tactics to a phone call, preying on fear and urgency. It will also contain a link that usually leads to a fraudulent bank website encouraging the consumer to input their banking information.

Banks will never send you a link to log in to internet banking by text message.

You can forward any suspicious texts you receive to 7726. This is a free service run by Te Tari Taiwhenua, to record and monitor text message scams in New Zealand.

How to avoid these scams

The agencies and banks urge consumers to keep up their guard and take some precautionary steps to keep themselves and their bank accounts safe.

  • If you receive a call you’re unsure about, hang up and call back the organisation on its official number.

  • Turn on two-factor authentication (2FA) for your banking accounts.

  • Never give your password or 2FA codes to anyone, even a bank employee.

  • Don’t follow links in unexpected or unusual text messages or emails.

  • If you have given over a 2FA code (or your password), contact your bank immediately and report the scam to CERT NZ.

Member comments

Get access to comment

Peter H.
18 Jun 2022
Bank Spoofing

The only issue with hanging up and ringing a known number is ..... how long do I wait until the bank answers? They are so poor at providing enough staff to cater for their customers that one can be waiting a long time.

Kevin H.
17 Jun 2022
The rule of life

If you have any doubts at all, follow your gut instinct. It is seldom wrong.
There is no urgency to follow the instructions in a call, email or text.
Don't be too proud to admit that scammers are far more cunning than you and I.