Cybercriminals are stepping up their game in New Zealand with a combination of cybercrime strategies and telephone
tactics straight out of the con-artists playbook.
Author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – SMB cybersecurity expert
Daniel Watson advises Kiwis not to be surprised when they get scam calls from people with New Zealand accents pretending
to be their bank’s fraud team.
"There is a lot of identifying data on Kiwis, from various breaches, that is for sale on the dark web. The scammers use
that collection of data to manipulate vital accounts like your phone company and bank.”
Watson said the latest thing is for scammers to compile enough information about you to then pass themselves off as you
and convince your phone company to block outgoing calls and texts from your phone, so you can’t call your bank.
Next they will try to persuade your bank to set up a phone banking account. But because the bank uses two factor
authentication, the scammers are forced to call you to get the one-off code the bank sends.
"They inject urgency into the call and they sound like Kiwis. They pretend to be the fraud team from your bank trying to
block a suspicious transaction. They will ask you for the authentication code by pretending they sent it to you in the
first place, purportedly to verify your identity.
"The combination of these factors can be enough to panic people into parting with vital information, purportedly to halt
the so-called 'suspicious activity."
Watson said most New Zealanders would recall receiving scam texts from well-known courier and logistics brands earlier
this year, telling them they had a parcel waiting.
"The text messages were designed to get access to your phone, harvest essential details and then use those to persuade
you to part with information that gives the criminals ways access your accounts.
"If you received one of those texts, and you clicked on the link, you need to change all of your passwords now," Watson
said. "Do not trust text messages that require you to install apps on your phone."
Watson said one of his small business clients was the victim of cybercriminal activity when scammers in possession of
enough personal information had the client’s mobile phone provider block outgoing calls and texts. The scammers
persuaded the bank to enable telephone banking on the phone, which gave them transactional access to the person's bank
account.
"Fortunately for the client, they were online when the criminals attempted to process the transactions, enabling the
client to stop it. She actually watched the transactions being set-up right infront of her eyes."
He offers the following advice to help protect yourself, your staff and your business:1. Maintain top of mind awareness
Business leaders should educate their staff on common cybercrime tactics and what to watch for, and then maintain
constant awareness with regular updates.
"Your bank will never ask for your expiry date, passwords or authentication codes. Any requests for such information
should set off alarm bells."2. Install protection software
"Make sure you have robust anti-virus, malware and ransomware on all your devices.
"Also, change your passwords and don't use the same password for multiple accounts. It may seem like a pain at the time,
but it will save you a lot of hurt down the line. "
3. Update your policies
"If you are in business, you need up-to-date your technology policies that very tightly prescribe how your staff
interact with technology – for example, bar the downloading of unauthorised apps. Have in place incident response
processes and do not browbeat staff members when they make a mistake because this may cause them to hesitate about
coming forward in the future.
"If you don't live cyber security every day, you are setting a low bar."
For more information visit: https://www.linkedin.com/in/daniel-watson-smb-cybersecurity-expert-07424b12/