Imposters posing as SBS bankers are running scams aimed at exploiting increasingly popular term deposits. Photo / 123RF
Imposters posing as SBS bankers are running scams aimed at exploiting increasingly popular term deposits. Photo / 123RF
Scammers masquerading as a legitimate bank have sparked a warning about fake term deposit offers.
The scam has emerged as con artists also manipulate search engines to exploit people looking for increasingly popular term deposits.
The Financial Markets Authority issued investor warnings for the SBS Bank imposter scam.
“Fake termdeposit investment opportunities have been offered in the name of SBS Bank, with emailed offers purporting to be from senior staff members,” the FMA said.
SBS confirmed it was not associated with the offer or email address using the domains of “sbs-am” or “sbs-clients”.
The authority said individuals claiming to be from HSBC New Zealand and offering a so-called “HSBC New Zealand ESG Bond” have also been approaching New Zealand residents.
“Fake product disclosure statements have then been emailed from the esgbonds-nz and hsbcnz domains,” the regulator added.
“HSBC confirms it is not associated with this offer, email domains or the individuals purporting to work for them.”
Meanwhile, it appeared scammers on Monday might have manipulated Google into displaying a fake SBS site at the top of results.
The first two search results for SBS initially seemed legitimate but the “sponsored” result led to a random URL and triggered antivirus warnings about a malicious URL.
That top result also had invalid site certificates and was blocked. The second result this afternoon led to the legitimate SBS site.
SBS Bank said it alerted customers to the investment scam.
It said cybersecurity teams had worked with internet hosting providers to have those three email domains taken down.
The bank advised anybody receiving emails from the sbs-am.com, sbs-clients.com or sbs-im.com to not engage but call SBS on 0800 727 2265.
Government cybersecurity agency Cert NZ said scammers sometimes used Google Ads to target potential investors.
People searching for terms such as “term deposit comparison NZ” would see an ad from a malicious site claiming to offer advice on investments.
“The site is used to harvest details on individuals,” Cert NZ added.
Scammers then called targets claiming to be from an investment team at a New Zealand financial institution and sent a fake investment prospectus.
“The target is followed up with numerous phone calls and emails with fake contracts and instructions on how to send money.”
Fake investment portfolios and sophisticated scam websites were sometimes used in the racket.
As the Reserve Bank under governor Adrian Orr yanks rates up, term deposits are increasingly popular. Photo / Mark Mitchell
The scammers running the latest campaigns are likely hoping to benefit from increasingly popular term deposits.
The Reserve Bank calculated the total value of term deposits in New Zealand at $156 billion in January 2022 and $188b in January 2023.
Term deposits have grown in popularity as interest rates have risen.
Genoa-pain
Meanwhile, the Privacy Commissioner said it was working with Latitude Financial after more than 300,000 customer records and documents were stolen in a cyberattack affecting Kiwi and Australian customers.
The hack affected people including Genoapay and Gem customers and has left some data theft victims furious.
“Latitude Financial notified our office on March 16 of a recent privacy breach and we are working with them as they seek to understand the size and scope of the breach,” a Privacy Commissioner spokeswoman said.
“We would expect it to be the agency involved in the breach, Latitude Financial in this case, who would usually provide you with details about the breach,” she added.
Under the Privacy Act, agencies collecting and holding personal information must protect it and respect it to avoid causing harm to people.
“This includes ensuring personal information is carefully managed, including that it is only shared with the intended recipient.”
ASX-listed Latitude Financial Services owns Genoapay.
Latitude’s chief operating officer, Andrew Walduck, wrote to customers overnight on March 16/17 and said about 103,000 ID documents, more than 97 per cent of which were copies of drivers’ licences, were stolen from one service provider.
And about 225,000 customer records were stolen from a second service provider, Walduck added.
In Australia, the ABC said customers were furious.
“I’ve got no compensation,” Courtney Randall told the broadcaster. “Time and time again, I’ve received vague emails and no follow-ups.”
Cert NZ: Individuals, small businesses can report a cyberattack, get advice: www.cert.govt.nz
IDCare: Backed by the Ministry of Justice and its counterpart in Australia. Assistance freezing your credit record, regaining control of your online identity after an ID theft: idcare.org
Netsafe: Report online bullying, hate speech, dangerous content: netsafe.org.nz
