A children’s book author almost fell victim to an elaborate Kiwibank scam, which uses a phone number hacking trick to call from a seemingly legitimate 0800 number.
Malcolm Clarke, author of Tu meke Tūī!, took to Tiktok to warn others about the scam, which started when he saw unusual activity on his bank account on the weekend.
“I noticed two strange transactions on my account from Wise Auckland,” he said.
The first successful fraudulent transaction was on June 8 for $30.58.
* Massive phishing expedition targets 10,000 NZ phones in 24 hours
* Close call with clued-up phone scammer has residents concerned
* 81-year-old spends thousands on iTunes gift cards for scammers
The second one was on the same day for $214. This was also successful but was still pending in his account.
He used international money transferring site Wise sometimes, but said it definitely wasn’t the same transactions.
To be on the safe side Clarke cancelled the card and reported it with Kiwibank, who said someone from its fraud department was going to get in touch.
He then got a call straight away from a no caller ID number. The caller said they were from the Kiwibank’s fraud department and were going to issue a refund.
But they first needed his access code punched into the keypad, and he would receive a text message with his confirmation number.
“I started to feel a little bit wary, so I said I don’t want to give you any more information over the phone, and the guy said ‘good on you for being cautious, we’ll call you back from our Kiwibank recognisable number’.
“So when he called back from an 0800 number that googled searched back to Kiwibank, I thought yes this is much more legitimate.”
The caller then asked for his secure key code, which made alarm bells ring again.
Clarke said he would rather go into a bank, to which the scammer responded saying that was fine, but his accounts would be locked as he couldn’t verify his identity before ending the call.
Clarke then rang Kiwibank back straight away, and it was confirmed it was a scam.
“Honestly I was shocked at the level of deception,” he said.
The caller was empathetic, professional and calm, and had a New Zealand accent which made Clarke feel more secure in the beginning.
“I realise now, this was a very naive point of view,” he said.
Since posting the video on Tiktok, Clarke had heard more stories of this happening to people.
A Kiwibank spokesperson said this type of activity was known as phone spoofing, and had been happening on and off for the past three months.
Spoofing is when a scammer calls customers, claiming to be from a bank or phone company.
“These scammers use a phone hacking trick which makes it look like the calls are coming from a legitimate 0800 or local number,” she said.
The scammer might ask customers to confirm a recent bank card transaction and would then follow up and ask customers for their banking logins, passwords, or their credit card information.
“If you’re not sure if you’re being scammed, hang up and call the organisation back on their publicly listed number.”
The bank would never ask for a pin, password or a bank card expiry date or CSV number, she said.