The uncertainty of Covid-19 has resulted in an explosion of online and phone-based scams. Here’s what the experts recommend to identify and defend yourself against these insidious rackets.
It begins with a phone call. A tech support expert from your bank is on the line, urgently informing you there’s been a security breach with your account, and you need to change your details in order to protect your money.
“It’s quite serious,” the tech expert warns. “But not to worry, we’re here to help. Just follow these instructions and we’ll walk you through the steps.”
Swayed by their conviction, you stay on the line; alarmed at the possibility that money might’ve already been taken.
So you follow their instructions and change your settings to safeguard your account. Then, you begin seeing the mouse moving along the screen on its own, esoteric lines of script being typed on your desktop and folders being moved. Confident the bank expert knows what he or she is doing, you start to relax, certain a crisis has been avoided.
The rest of the story – and it’s expensive consequences – are all too familiar for many New Zealanders. The hapless customer finishes the phone call, only to receive another call from their actual bank 15 minutes later, asking if they’ve authorised an overseas payment of $20,000 from their account. Because, of course, the first caller wasn’t the bank at all – it was a scammer swindling them out of their savings.
To the detached observer, the above scam might seem woefully obvious, but that hasn’t stopped an alarming number of New Zealanders falling prey to increasingly sophisticated scams since Covid-19 emerged.
“There’s definitely been a rise in recent months,” says Bronwyn Groot, a partner at risk and security consultancy Qrisk. “[There are] vast opportunities for scammers – more people at home so more likely to answer the phone, and more people looking for opportunities on the internet.”
An expert on fraud, Groot says more people are getting caught up in a range of elaborate scams like the tech support racket: a cold call in which someone purports to be a representative from a trusted institution or agency and then manages to gain remote access to the customer’s computer or phone. It takes persistence, cunning and exploitation of the victim’s vulnerability to make it happen.
“Scammers are ringing vulnerable New Zealanders pretending to be from a Spark, IRD, NZ Police or even the fraud team of a bank,” Groot says. “They’re then getting the victims to download software which gives the scammers remote access to their computer. The fraudsters then get access to their bank accounts and they are cleaned out. In some cases not only are they stealing the savings but also accessing the persons overdraft facility and maxing out credit cards.”
Bag of tricks
Scammers employ a variety of methods to keep people on the phone, changing their ruse rapidly to gain and keep the trust of customers. In many cases, they’ll aim to isolate a victim by calling on their home phone and instructing them to switch off their mobile, thereby preventing the actual bank from making contact. Otherwise, the scammer will anticipate the security process that a bank follows when it’s alerted to suspicious activity and pretend they sent the two-factor authentication text message to the victim’s mobile themselves.
While digital hackers and scammers are as old as the internet itself, Groot says this particular generation have become far more aggressive and intimidating, sometimes keeping people on the phone for several hours and threatening them if they try to end the call. The scams are also becoming more elaborate, involving multiple parties and layers of process.
In one version known as the “grandparent scam”, a con artist calls or emails an older person and poses as a relative in distress or a lawyer or police officer representing the relative. The “relative” of the grandparent says he or she is in trouble and needs the grandparent to send them funds that will be used for a fictitious expense like bail money or hospital bills.
The scammers play on the fear of a relative being harmed, trying to overwhelm the victim’s reason or vigilance, compelling them to comply with the ruse.
Extortion and blackmail
It isn’t just phone-based scams that are on the rise. According to government cybersecurity agency Cert NZ, there was a 229% increase in reports of online scams between April and June 2020 compared to the first three months of the year.
This includes fake job scams in which an attacker will pose as a hiring employer and persuade applicants to submit their police check form along with their address, passport details and employment history.
“Employment scams are nothing new. However, it seems that cyber attackers are taking advantage of the current employment situation resulting from Covid-19,” says Rob Pope, Cert NZ director.
“Generally, we receive about one report of fake job ads a fortnight, but we recently had six reports in an hour, which is very concerning.
Extortion and blackmail scams are one of the most common, rising from less than 10 to over 170 per week during April. A chilling example is the webcam extortion scam in which the attacker claims to have access to a person’s webcam and has recorded them viewing adult material. The attacker then threatens to share the alleged footage with the victim’s contact list unless they pay a ransom.
According to Groot, such threats are likely to cause an excessive emotional response where the victim’s sense of reason and calm is temporarily overwhelmed. She says these types of extreme responses – known as amygdala hijacking – have been exacerbated by the fear and uncertainty caused by Covid-19.
“Scammers love a disaster and use it to the best of their abilities,” she says. “This is the perfect storm for them. We have people who are isolated so maybe unable to ask for help.”
“The recent lockdown in Auckland would’ve created fear among people and while I haven’t seen it here, overseas they’ve reported victims receiving a text message saying that they’ve been exposed to the virus. When people are scared or panicked they don’t think things through properly.”
There’s a common misconception that older people are more likely to be targeted by scammers. While retired people may be more vulnerable and more impacted by the loss of money, Cert NZ’s Q1 2 Q2 2020 report shows that incidents have more than doubled for every age bracket over 24 since the start of the year. Those aged 35-44 were targeted most, followed by the 25-34 age bracket.
While scammers will eagerly pursue any amount of money regardless of the victim’s wealth, the majority have reportedly lost up to $500 per incident, while 50 people lost over $1000 and 25 over $10,000. Those aged 35-44 cumulatively lost the most – $1.7m – while those aged 65 and over lost $1.3m.
Defending against scams
Because the scammers are almost always based outside of New Zealand and beyond the jurisdiction of authorities here, it seems as though they can operate with impunity. However, Groot says the best way to protect yourself against them is to bring someone else into the fold.
“The fraudsters will play the confidentiality card, so ignore their plea to keep it quiet and always talk to a trusted person before sending money.”
She says the number one rule is to never send money to someone you haven’t met in person before.
“Even if they try every trick in the book, do not send. If you get caught up and realise it’s a scam, report it. First to your financial institution and then to the police using the 105 number.”
Above all, Groot advises people to take their time when they’re confronted with a suspicious scenario and remember to never to act impulsively or be pressured to do something out of the ordinary.
“Just breathe,” she says. “Give yourself time to think it through.”
The Spinoff Weekly compiles the best stories of the week – an essential guide to modern life in New Zealand, emailed out on Monday evenings.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.