Computer users are being warned to be on their guard after a conman pretending to be from an internet service provider (ISP) fleeced an unsuspecting victim for $8,000.
Insurer IAG New Zealand said a customer of its AMI brand was convinced by a fraudster to hand over remote access to their computer, which led to a chain of events in which they had the money cleaned out of their bank account.
The insurer is attempting to raise awareness of such crimes among its customers as fraud and cyber-crime losses are generally not covered by home contents polices across the industry.
The victim had thought the call was genuine because, shortly before they were defrauded, they had been contacted by their actual ISP, which was trouble shooting internet speeds in the area.
However, when the conman called they were not asked for, and did not provide ID.
Once they had the confidence of their then-potential victim, the fraudulent caller convinced them to grant remote access to their computer.
After gaining remote access, the culprit then said he would call back a couple of days later, the victim unaware that software that can “spy” on their computer activity – called spyware – had been installed.
The fraudster duly called back and told his victim to log onto their internet banking account under the guise that he was checking internet speed had improved.
Shortly after, the conman again called back to ask the victim if they had received a code via text message from their bank and, if so, could they read it out loud down the phone, which they did. This was the bank’s transaction verification message.
The fraudster immediately transferred $8000 to an account in Australia before the money was moved on again.
The customer called AMI about making a claim but, unfortunately, the industry does not cover such incidents. The victim’s bank would not assist because the victim had voluntarily given away all the details that enabled the fraud.
“Contents insurance provides cover for physical loss or damage. Most policies add that there is cover up to $1000 if your credit card is used to make purchases following a theft, but this requires the physical theft of that card,” Chris Kiddey, National Technical Specialist at IAG New Zealand, said.
This fraud was committed with the willing – albeit innocent – co-operation of the customer. However, he said research is being carried out into finding ways to help cyber crime victims.
“IAG New Zealand is exploring ideas for a special product that will cover certain costs that occur as a result of cyber crime,” he said.
In the meantime, it’s important for people to be on their guard against falling victim to cyber conmen.
“In the above incident, when you lay it out step by step there are three or four security doors,” said Chris. “And the customer, unknowingly, has held each and every one of these doors wide open.
The first of these was not checking the identification of the person on the other phone.
“You should treat your computer the same way you treat your home. Don’t let anyone in without being absolutely sure of who they are and what their intentions are. For callers on the phone, get correct ID number, check 0800 number for their organisations and never give out or confirm your personal or financial information.”
“Being asked to access your bank account is another red flag. At this point the customer should have said that they could have tried another website, such as YouTube, to check speeds.
“A genuine ISP would not ask a customer to log onto their online bank account. At this point the victim should have simply hung up.”
The other point at which the victim could have prevented the theft from their account is by declining to pass on the bank’s transaction verification message over the phone.
“In this case, no amount of online security could have helped because the customer gave everything important away.
“If something doesn’t feel right, it really might not be. Treat your personal information like you would treat your home. Keep it safe and IAG will continue to look for ways to help make it safer.