Spoofed number scam: A woman received a call from someone saying he worked for her bank and had identified unusual transactions in her accounts. Graphic / File
By Susan Edmunds of RNZ
A woman caught by a scammer who made it look as if his phone number was the same as her bank’s is to be reimbursed the $30,000 she lost.
The Banking Ombudsman looked into her case in December.
She received a call from someone who said he worked for her bank and had identified some unusual transactions in her accounts.
He said he would suspend her internet banking and cancel payments and she would receive codes for these actions, which she should read out to him.
She checked the number he was calling from and it matched the number on the bank’s website, so she followed his instructions.
But she became suspicious when he said he needed to move her money to a safe account. She called the bank and found it was a scam.
The man had taken $30,000 from her credit card and had tried another large payment that had been blocked.
She spent 90 minutes on the phone explaining what happened. Bank staff arranged to replace her credit cards and suspended her internet banking.
After getting off the phone to the bank, the woman called the Auckland outlet where the scammer had made purchases. But the goods had been picked up 15 minutes earlier.
The merchant would not agree to return the money because the goods had gone.
The woman asked the bank to reimburse her because she had not authorised the payments.
“She also said the bank might have prevented the loss if it had acted promptly when taking their fraud report and trying to recover the money,” Banking Ombudsman Nicola Sladden said.
“The bank refused her request, saying she had shared the text code used to authorise the payment — an action that was in breach of the bank’s terms and conditions. Nonetheless, it offered to reimburse half of the loss.
She said the bank’s basis for declining her request — that she had shared the codes — was unfair because the bank asked her husband to do the very same thing and read out a code sent to him via text when setting up two-factor authentication for him.
The Banking Ombudsman said the code of banking practice required banks to reimburse unauthorised transactions unless a customer acted negligently or dishonestly, failed to take reasonable steps to protect his or her banking or breached the bank’s terms and conditions.
Sladden said the woman had taken reasonable care because she checked the number the call came from was the bank’s.
“It had appeared to be so, but the scammer had spoofed the number, that is, falsified the number displayed on her phone’s caller ID.”
The scammer “skillfully mimicked” the way real banks interacted with customers.
The messages accompanying codes did not warn against sharing them, and the explanation the scammer gave for resharing codes was sufficiently close to their true purpose to trick a real person.
The woman had hung up and called the bank as soon as she became suspicious about the caller’s real identity.
“In addition, we had concerns with how the bank had handled their fraud report, and thought that better handling could have resulted in the loss being prevented.”
It was recommended the bank reimburse $30,000 plus $1000 for delays in handling the case.
Sladden said it was a sophisticated bank impersonation case.
She said bank impersonation cases were almost a quarter of all the fraud and scam cases received this financial year.
-RNZ
Internal Affairs anti-spam and scam awareness: Forward text scams for free to 7726
Cert NZ: Individuals, small businesses can report a cyber attack, get advice: cert.govt.nz
Financial Markets Authority: fma.govt.nz/scams/
Privacy Commissioner: Complaints about privacy breaches. 0800 803 909 or privacy.org.nz
ID fraud: Internal Affairs advice: dia.govt.nz
IDCare: Assistance freezing your credit record, regaining control of your online identity after an ID theft: idcare.org
Netsafe: Report online bullying, hate speech, dangerous content: netsafe.org.nz
NZ Police: Report cybercrime online scams, online child safety issues: police.govt.nz
If you believe you are or have been the victim of fraud, contact police at 105.police.govt.nz, or call police on 105.
Worldline's Bruce Proffit said adjustments to household budgets were a key driver.