Scammers use duplicate banking call center numbers to trick customers
Scammers turn to phone calls to gain people’s trust. Photo/NZME
Scammers are using duplicate banking call center phone numbers and text messages containing links to fake banking websites to trick Kiwis into handing over their account details.
Children’s book author Malcolm Clarke posted a viral video this week warning of a scam in which crooks disguise themselves as bank employees and claim to be fighting fraud.
Clarke canceled his Kiwibank card when he noticed strange transactions on his account. Kiwibank then told him that its fraud department would look into the matter.
Clarke then received a phone call without caller ID from the scammers claiming to be from Kiwibank asking for her access code. When Clarke became suspicious of the anonymous caller, the scammer then called back an 0800 number asking for passwords and the answers to his security questions.
Luckily, he didn’t fall for the scam. But millions of dollars are siphoned off from the Kiwis every year.
This prompted banks, Cert NZ, consumer protection and the Home Office to issue a warning about the increase in sophisticated attacks on New Zealanders.
Cert NZ director Rob Pope said the scammers were able to mimic banking call center phone numbers and could accurately copy the script that a real call center would use.
“It can be difficult to tell right from wrong. If you have any concerns about the legitimacy of a call, the best strategy is to hang up, find the bank’s phone number on their website, and call them back. This way you are assured the information is authentic.”
Pope said scammers rely on urgency and fear to make people react without thinking and he urged people to pause and pause.
“Con artists will use a sense of urgency, hoping you won’t think clearly and make a mistake.”
Consumers are urged to use two-factor authentication on their bank accounts. The added security measure means people have to enter a unique one-time code, which is usually sent to their phone for a payment or money transfer to take place.
The code must be kept secret and you will never be asked by your bank.
The agencies also warned that SMS phishing has increased at an alarming rate in recent years.
Consumers usually receive a short message and a link. The post will use the same social engineering triggers of urgency, fear, and opportunity to elicit a response.
After the user clicks on the link and enters their banking information on a bank impersonator website, they will receive a phone call from the fraudster posing as the bank’s fraud team, trying to obtain security codes and other financial information to perform fraudulent transactions that he just created. .
Sam Gribben, senior threat and incident response team analyst at Cert NZ, said a legitimate bank employee would never ask for the password, access number or identification codes from two a person’s factors.
“If you’re talking to someone claiming to be from the bank and asking for this kind of specific information that should raise alarm bells and that’s where we recommend you hang up, call your bank’s legitimate number, which can usually appear on your card and talk to someone at the bank about the contact you received.”
Gribben said often those who expressed concern about the call were then told the issue was urgent and needed to be addressed immediately.
“And that may be another red flag.”
He said it was easy for scammers to duplicate a bank’s legitimate phone number.
“At the end of the day they just need software that will alter the output of what’s happening on the victim side and that’s all they really need to make it look like they’re calling from of this number. It’s pretty easy for them to do.”
The number may also appear as private, which some banks also use when calling their customers.
Gribben said another red flag was the caller requesting access to a device through third-party software. Remote access will give them the ability to access your bank accounts and commit fraud.
“If requests are made like this by a caller, that should also sound an alarm and the person receiving the call should definitely hang up.”
He said he was seeing an increase in scams involving phone calls.
Gribben said the public understood last year’s flubot scam that texted thousands of people asking them to click on a link with scammers now asking people to call instead.
“You usually won’t get an answer to this call, but later they [the victim] will get a call back and that’s where the caller will claim to be from your bank or ISP and that’s when this call scam will happen.”
Scammers have learned to imitate scripts used by banks.
“They can make it seem a lot more legit being on the phone. I think when people are speaking directly with another person, it increases that level of trust a bit.”
What to do if you are exposed?
Gribben said those worried they may have been caught off guard should first call their bank and ask them to check their account to see if there were any transactions that shouldn’t have happened.
You also need to change your banking password, which should be a unique password that you don’t use elsewhere.
If you use it elsewhere, change it there too, Gribben said.
SMS scams can also be reported by forwarding them to the Department of Home Affairs 7726 service which is free of charge and all scams can be reported to Cert NZ.
“If we have information about the numbers people are calling, what times they called, we can take action again on those numbers. If we have information about SMS scams, the links they contain, we can take steps to get these sites taken down.
“It can be difficult to catch the people behind. Stopping scams is something we have the ability to do. That’s why reporting is key – if anyone is a victim of these texts and calls, report Sending it to your bank, but also to Cert NZ is important.”
Gribben said there was no shame or embarrassment in being caught in a scam.
“If you clicked on any of these things, we’re all human, we all make mistakes and there’s help out there. Report it to your bank for help, report it. le to Cert NZ so we can stop the scam altogether and hopefully we can stop other people from falling victim to it.”