News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Insights and research
  3. Quarterly reports
  4. Quarter Four Cyber Security Insights 2024
  5. Insights | Hello, this is your bank calling

Insights | Hello, this is your bank calling

The NCSC has received various reports of phishing calls and phone scams where attackers impersonate banks to steal money or information.

Scam calls are all too common – if you haven’t received one, you have very likely heard of someone who has. Scammers rely on gaining your trust, and the best way for them to do this is to impersonate a trusted institution.

Using the fear factor

Scammers may call you claiming to be from your bank’s fraud team. They inform you there has been a suspicious transaction on your account or your card, and ask you to verify it. You won’t recall these transactions because they are fictitious. They then ask you to verify your account details or your card number, so they can cancel these transactions for you. 

It is difficult to recognise a scam call - it may have all the markers of a legitimate message from your bank. The scammers also insist you act quickly or they cannot stop the money being lost, giving you little time to think things through. Some scammers might also have your personal details obtained through data breaches, making them appear even more credible. 

Understanding social engineering

Social engineering refers to a broad range of techniques scammers use to trick you into giving away sensitive information. It is more profitable for scammers to get information through psychological manipulation than through cyber attacks such as brute-forcing your passwords or exploiting vulnerabilities in your device. Social engineering techniques are effective because scammers put effort into gaining your trust or making you act without thinking, and are a big part of most scams reported to us.  

Things to do

A scam call will have telltale signs, but when you are put under pressure it can be difficult to spot them. If you get a call claiming to be from your bank, you can take the following actions. 

  • Disconnect and call your bank on their publicly listed number. If it is a legitimate phone call, they can verify it and you can proceed with securing your account or card. 
  • Do not engage with the scammer - they are professionals and can be very convincing. We have received reports from people who are usually aware of cyber threats and have good cyber security practice but still miss the red flags.
  • Do not give away your personal information to anyone calling you to verify it, and never share a one-time password or code sent to your device, not even with a bank employee. Sharing this with an unverified caller can give them access to your account and could enable them to steal your money.

  • If you think you have been contacted by a scammer or if you think you've been tricked into giving away information contact your bank as soon as you can. You may need to change your login details or block your credit card. Your bank will be best placed to advise you on the next steps. 

Using your voice to steal from you

If you have voice identity set up to authorise phone banking, scammers may try to use your voice recording to get access to your account. Do not provide any form of credential on an unexpected call and do not engage with the scammer.

Previous section Insights | Keeping the malware away Next section Data Landscape: A closer look at our numbers
SEE ALL QUARTELY REPORTS
Top