When the manager looked up at the computer screen there was a pop-up demanding a ransom, as well as a second pop-up claiming to be from Spark technicians.
She clicked the 'Spark' pop-up, inadvertently letting the hackers into her computer.
The 'technician' on the other end of the line put in a good performance. He warned them to shut down other computers, to stop them also being hacked.
Then he warned them to check their bank accounts to make sure no money had been lost.
"I was just totally presuming she was talking to my IT guy, and I thought it made sense that he would say that," Redfern, 45, said.
The staff member first checked her personal bank account, and then pulled up the business account, which had a large amount sitting in it ready to pay off their GST bill.
"Then the screen just went black, and straight away I knew something had gone bad," Redfern said.
"I said to her, 'who are you talking to?' And she said 'Spark'.
That was when Redfern realised her staff member hadn't called an IT technician, but that someone claiming to be from Spark had instead rung them.
"I told her, 'oh my God, Spark would never ring you. It's the bloody hacker on the phone'."
They kept the fraudster on the line, while calling Spark to see if the man was legitimate.
Spark told them to check his ID number, and when he tried to give a fake number, he was revealed as a hoax.
Redfern is just glad that the bank accounts were frozen before the hacker got the chance to do any damage. The bank's anti-fraud teams have warned them to watch out for any suspicious activity, just in case.
Pin numbers and credit cards have had to be changed, and a professional IT team had to come in to clean up the computer before the bank would reinstate internet banking.
"All of us were in shock for a good 24 hours," Redfern said.
"You know that violated feeling? Because you're talking to this nice person on the phone, but they're doing something like that right under your nose.
"They were quite slick and charming, and it made everyone feel quite violated really."
Netsafe warns that scammers will often try to gain remote access by calling or using pop-ups, then claiming to be security checking your computer.
They may also contact you to offer a free assessment or upgrade for your computer.
But the organisation warns companies like Microsoft and Spark don't call customers at home about issues with a device, and will never ask for passwords or other private information.
If you're contacted, Netsafe advises politely saying no thanks, and hanging up the phone.
Don't engage in conversation, try to trick the scammer, or tell them off, as you may be put on a 'harass' list.
A police spokesperson said it was a "really common scam", with callers often purporting to be from Windows or Apple.
The spokesperson said not to trust anyone that rings out of the blue offering to fix a glitch that you were not aware of yourself, nor to trust anyone who calls and offers to help with a computer problem.
They also said to delete any emails that popped up and not open emails if you do not know the sender.
A Spark spokeswoman said it was difficult for Spark to prevent these types of attacks.
"The best line of defence we have is to make sure our customers know what to look out for so they avoid being scammed," she said.
"We welcome the opportunity to make New Zealanders aware of the tactics scammers use, so they are forewarned and can keep themselves safe.
"There are a number of scams out there - for instance, we've heard that fraudsters tell customers their Spark services will be cut off due to security issues unless they change their settings or clean up their computers. The customers are then directed to a website where they are asked to download some software, which the fraudsters have branded as Spark.
"Another example is where customers are asked to give remote access to their computer and provide personal banking information. Sometimes they are instructed to leave their phone off the hook for three days following the 'setting change' as part of this scam. Or in other instances, fraudsters give customers a made-up 'employee number' to verify their identity, and then gain access to people's bank accounts by claiming that customers have exceeded their data limit and need to hand over credit card details in order to pay."
Spark's tips to protect yourself from scams:
- We will never ring customers out of the blue and ask them for any form of personal information - particularly bank details or passwords. We will only ask you for personal information if you call us. If you receive a call from someone claiming to be from Spark who asks you to enter on the computer your bank details, end the call.
- It's vitally important that customers do not visit fraudulent webpages, or provide any personal banking information. If they have any doubts about a phone call's legitimacy, they should end the call as quickly as possible.
- Unfortunately, fraudsters actively monitor Spark's activity and copy our methods of communication, so we know it can be difficult for customers to tell the difference between genuine calls and fake ones.
- Anyone who suspects they have been the victim of this scam and who has passed on bank account details or logged into online banking while on one of these calls, should contact their bank immediately.
- Spark customers who wish to share details of scam calls, or who have any particular concerns, should email scamhelp@spark.co.nz.
