I’m sure most people here know some of the key ways to protect yourself against this kind of scam, but just in case:
- Always be watchful when contacted by an organisation (bank, company, etc). You need to verify they’re not a scammer, at least if you’re giving out login credentials or anything else sensitive
- Check the source phone number/email address. Banks usually will not call/text from an international number, or cell phone. Emails will be sent from the appropriate domain (e.g. bnz.co.nz)
- Never log into something if you’ve clicked on a link in a text message/email, unless you are really sure it’s safe. If in doubt, go directly to the bank (or whatever) website and log in rather than clicking on a link.
- Don’t be rushed. It’s better to wait on hold for 2 hours to contact the bank directly than to lose thousands.
- Turn on two-factor auth on anything important (banks especially)
- Remember scammers will try to make you feel like you’re bring rude or difficult by asking them questions. That is part of the scam!
Other tips?
Use a password manager…it will not auto-fill on the wrong website.
You would have to go and manually copy the password from the manager and into the fake website, giving you another mental break point.
Yeah good point. And there are obviously other advantages of using a password manager.
Yeah, much beetter to be safe than sorry.
A few years ago I had contacted the Dell Support Team about an issue I was having with my order, and they called me back and had asked me to give them my card details so that they could cancel and make the payment again. I wasn’t comfortable with that so asked if we could do it another way. I was a bit nervous?, about asking but they didn’t think it was weird at all and were very accommodating.
I feel it’s a really good rule of thumb to just not click any links, especially if they’re texted. I can’t think of the last time an organization texted me a direct link, MSD and IRD usually send you a text telling you to check your account for instance, so I feel it’s much better to er on the side of caution and ignore them all.
Emails are a bit trickier but most organizations generally use letterheads and footers to identify themselves pretty plainly, but if I’m ever in doubt I’ll again er on the side of caution again and either ring them or go straight to the website rather than touch a link.
There is a surprising lack of personal agency displayed in these recent news stories. The one with the real estate agent pretty much flat out blames the bank
Was that the one with long call wait time? I mean yes ideally people wouldn’t fall for scams in the first place. But also businesses should answer their phones promptly. Especially ones that hold people’s financial security.
I keep getting scam texts and scam calls on my mobile constantly. It’s so annoying. I keep blocking the number but they just change the number the number and call again. I really wish there was a proper way the government can deal with these scammers.
You can report them to the DIA. Not sure if it does anything though.
Also, make sure you don’t interact in any way. i.e. don’t answer calls, don’t reply to texts.
Wow I didn’t get notification of your reply. Interesting.
In terms of “catching” the scammers, there isn’t much that can be done. But DIA collect information about the scams to compile lists to help people stay aware and for other organisations to use to help with scam awareness.
I presume they are purchasing these numbers from spark or whoever right? If I report a number they know who bought it, they know what other numbers they bought and they can disable all of them. Seems like a simple solution to me
Nah, that’s not how it works. Caller ID is surprisingly insecure. Basically, the phone number of the calling party is sent along with the phone call. All you need is special software in your call centre, and anyone you call will see whatever number you type in. So they set up software to automatically generate a phone number that appears to have a similar location to the one they are calling. They call you, it looks like it comes from NZ (or often Australia), but actually they are sitting in a call centre in pretty much any country in the world.
If someone is calling from overseas, there’s very little that anyone in NZ can do. Call blocking only works on the caller ID; since you can generate infinite new phone numbers to send along the caller ID channel without needing to actually use that phone, it doesn’t do a lot.
How do they not generate already existing phone numbers?
I’ve seen comments from people who’ve gotten calls from themselves, as in they’ve spoofed the number they’re calling.
They do, but the possible numbers compared to the ones saved on your phone mean it’s unlikely to be one in your contacts. It probably happens occasionally though.
Are there txt message spam/scam filters like you might have on email?
Even a pop up warning when you click a link would help some people.