Fraudsters posing as Spark staff fleece pensioner for $40k after hacking his computer and iPhone, stealing identity

Fraudsters posing as Spark internet staff phoned a pensioner, hacked his computer and iPhone, accessed his online banking using a stolen password then pilfered $40,000 during a cunning three-hour scam.

The cybercriminals also stole the 85-year-old’s identity - opening ASB and Wise accounts under his name while in control of his devices - after instructing him to send photos of his credit cards, driver’s licence and passport.

His son says the crooks even took a digital scan of the elderly man’s face and tried accessing his international bank accounts.

The Nelson octogenarian was oblivious, believing “Steve from Spark” - who cold-called the retiree on his landline - would help him secure faster internet service.

BNZ refused to refund the man’s stolen money because he had breached the bank’s terms and conditions by disclosing his secure banking credentials.

The man’s son says his father is now embarrassed about his “stupidity and naivety”, and grappling with how he was so gullible.

“There were just so many things he did that should have rung alarm bells in his brain.

“For God’s sake, if Steve from Spark calls up on your landline, just hang up.”

The incident took place in May. The son told the Herald the scammers strung his father along for three hours by phone while in “full control” of his computer and iPhone.

They emailed him a link which it’s believed gave the crooks access to his computer, then asked him to download an app on his iPhone which gave them control of his device.

While pretending to fix his internet, the thieves found the man’s passwords and accessed his internet banking after he sent them a photo of his BNZ NetGuard card, allowing them to complete two-factor authentication checks.

They moved money between his BNZ accounts before sending $40,000 to a Kiwibank “mule” account. The money was then transferred overseas.

The fraudsters also tried accessing the man’s international bank accounts but were shut out by NatWest’s security systems.

“He would have lost absolutely every cent he had if this had carried on.”

The man later received emails from financial technology company Wise and an ASB debit card in the mail - discovering the scammers had opened accounts under this name using his stolen identification.

The son presumes the accounts were to be used by the fraudsters to receive more stolen money from other “poor bastards” who were yet to be targeted.

His father was now in disbelief, repeatedly asking his family “How did this happen?”

‘Don’t give them any money’

The son said the incident was a huge wake-up call about the dangers of allowing elderly relatives ready access to online cash.

“With elderly people, don’t give them any money. Give them pocket money but don’t leave a whole lot of money sitting in cheque or ready money accounts. It’s just too dangerous.”

The son understood BNZ’s position, but was critical of Kiwibank for harbouring a “mule” and questioned whether they had met anti-money laundering obligations.

Though he immediately lodged a police complaint in May, the son said the case was only assigned to an officer last week. It seemed no one was taking fraud crimes seriously, despite the exponential rise in this type of offending, he said.

“Who’s putting a stop to this because it just goes on and on.”

The one bright spot was the scammer calling back and the son pretending to be his father so he could confront the thief.

“He said, ‘Steve from Spark - your computer is not on’. I didn’t last very long until I just gave him a full serve.”

‘All necessary anti-money laundering obligations have been met’

A BNZ spokeswoman said the victim was targeted in a remote access scam.

The May 16 money transfer was two-factor authenticated by the scammers using the victim’s BNZ NetGuard card.

The transfer triggered BNZ’s internal monitoring systems. Staff then blocked the victim’s accounts, asked Kiwibank to launch a fund recovery process and contacted the victim about potential fraudulent activity.

Kiwibank could not recover the money. And though BNZ empathised, the victim’s disclosure of his banking credentials “ultimately led to the loss of funds”.

“All customers have a responsibility to keep this information safe and secure.”

The thieves stole the victim's identity then set up accounts at ASB and Wise under his name, which his son believes were to be used to scam other victims.

Kiwibank also defended its actions. It was investing in combating financial crime and understood the stress faced by victims.

It would not comment on what action had been taken against the mule account holder for privacy reasons, but said “all necessary anti-money laundering obligations have been met”.

When notified of fraudulent transactions it froze accounts to prevent further transfers and tried to recover stolen funds.

A police spokesman said enquiries were continuing, but no production orders had yet been served on the banks for details of the fraudulent transfers or account holders.

Police warned people to be alert given the rise in fraudulent activity.

“Scammers are impersonating people such as police officers and bank staff, requesting private information over the phone.”

Elderly people were often targeted and police asked anyone with vulnerable relatives to make them aware this activity was a scam.

If suspicious, disconnect the call and phone back on a number displayed on the company website. Contact police and the bank immediately if you’ve been scammed.

Lane Nichols is Deputy Head of News and a senior journalist for the New Zealand Herald with more than 20 years’ experience in the industry.