It has prompted the banks, Cert NZ, Consumer Protection and the Department of Internal Affairs to issue a warning about the rise in sophisticated attacks against New Zealanders.
Cert NZ director Rob Pope said scammers were able to imitate bank call centre phone numbers and could accurately copy the script that a real call centre would use.
"It can be difficult to tell the real from the fake. If you have any concerns about the legitimacy of a call the best strategy is to hang up, find the bank's phone number from its website and call them back. This way you are assured the information is genuine."
Pope said scammers relied on urgency and fear to make people react without thinking and he urged people to take a break and pause.
"The scammers will use a sense of urgency, hoping you won't think clearly and will make a mistake."
Consumers are being urged to use two-factor authentication on their bank accounts. The extra security measure means people have to enter a one-time unique code, which is usually sent to their phone n order for a payment or money transfer to occur.
The code should be kept secret and will never be asked for by your bank.
The agencies also warned that text message phishing had increased at an alarming rate over the past few years.
Consumers are typically sent a short message and a link. The message will use the same social engineering triggers of urgency, fear and opportunity to elicit a response.
Once the user has clicked on the link and entered their banking information into an imitation bank website they will receive a phone call from the fraudster impersonating the bank's fraud team, trying to obtain security codes and other financial information to complete fraudulent transactions they have just created.
Sam Gribben, senior analyst in the threat and incidence response team at Cert NZ, said a legitimate bank worker would never ask for a person's password, access number or two-factor identification codes.
"If you are speaking to someone who claims they are from the bank and is requesting this kind of specific information that should ring some alarm bells and that's where we recommend you hang up the call, call the legitimate number for your bank, which can usually be found on your card and speak to someone at the bank about the contact you have received."
Gribben said often those who expressed concern about the call were then told the issue was urgent and needed to be sorted out straight away.
"And that can be another red flag."
He said it was easy for scammers to duplicate a bank's legitimate phone number.
"Ultimately they just need a piece of software that will change the output of what comes up on the victim's side and that's all they really need in place to make it look like they are calling from that number. It is quite easy for them to do."
The number could also come up as private, which some banks also use when they make calls to customers.
Gribben said another red flag was the caller asking for access to a device via a third party piece of software. Remote access will give them the ability to get into your bank accounts and undertake fraud.
"If any requests are made like that by a caller that should definitely ring those alarm bells as well and the person getting the call should definitely hang up."
He said it was seeing an increase in the number of scams that involved phone calls.
Gribben said the public had caught on to last year's flubot scam which sent thousands of people text messages asking them to click on a link with scammers now asking for people to call instead.
"You generally won't get an answer to that call but later they [the victim] will get a call back and that's where the caller will pretend to be from your bank or internet provider and that is when that call scam will ensue."
Scammers have learned to mimic the scripts that banks use.
"They can make it sound a lot more legitimate by being on the phone. I do think when people are talking directly with another person it does raise that level of trust a little bit."
What to do if you are exposed?
Gribben said those worried they had been caught out should call their bank first and get them to check on their account to see if there have been any transactions that shouldn't have happened.
You should also change your banking password, which should be a unique password that you don't use elsewhere.
If you do use it elsewhere change it there too, Gribben said.
Text message scams can also be reported by forwarding them to the Department of Internal Affairs 7726 service which is free and all scams can be reported to Cert NZ.
"If we have information about the numbers that are calling people, the times that they have called then we can take action again those numbers. If we have info about text scams, the links contained in those, we can take action to get those sites taken down.
"It can be tricky to catch the people behind it. Putting a stop to the scams is something we have capability to do. That is why reporting is key - if someone has fallen victim if they receive these texts and calls, reporting it to your bank but through to Cert NZ as well is important."
Gribben said there was no shame or embarrassment in being caught up in a scam.
"If you have clicked on one of those things, we are all human, we all make mistakes and there is help out there. Report it through to your bank to get some assistance, report it through to Cert NZ so we can stop the scam as a whole and hopefully we can prevent further people falling victim."
