eCommerceNews New Zealand - Technology news for digital commerce decision-makers
Story image

​Should insurance cover cyber crime theft? Another Kiwi duped

Fri, 3rd Mar 2017
FYI, this story is more than a year old

Kiwi computer users are being warned to stay on guard after an unsuspecting victim was scammed out of $8000 by a conman pretending to be an internet service provider.

According to insurance firm IAG, a customer of its AMI brand was tricked into handing over remote access to their computer, which led to a chain of events resulting in the clear out of their bank account.

IAG says the victim had thought the call was genuine because, shortly before they were defrauded, they had been contacted by their actual ISP, which was trouble shooting internet speeds in the area.

However, when the conman called they were not asked for, and did not provide ID.

Once they had the confidence of their then-potential victim, the fraudulent caller convinced them to grant remote access to their computer.

After gaining remote access, the culprit then said he would call back a couple of days later, the victim unaware that software that can "spy" on their computer activity – called spyware – had been installed.

The fraudster duly called back and told his victim to log onto their internet banking account under the guise that he was checking internet speed had improved.

Shortly after, the conman again called back to ask the victim if they had received a code via text message from their bank and, if so, could they read it out loud down the phone, which they did. This was the bank's transaction verification message.

The fraudster immediately transferred $8000 to an account in Australia before the money was moved on again.

IAG says it is attempting to raise awareness of such crimes as fraud and cyber-crime losses are generally not covered by home contents polices across the industry.

The victim of the scam had called AMI about making a claim but, unfortunately, the industry does not cover such incidents, IAG says.

The victim's bank would also not assist because the victim had voluntarily given away all the details that enabled the fraud.

"Contents insurance provides cover for physical loss or damage. Most policies add that there is cover up to $1000 if your credit card is used to make purchases following a theft, but this requires the physical theft of that card," explains Chris Kiddey, National Technical Specialist at IAG New Zealand.

"This fraud was committed with the willing – albeit innocent – co-operation of the customer.

Kiddey says research is being carried out into finding ways to help cyber crime victims.

"IAG New Zealand is exploring ideas for a special product that will cover certain costs that occur as a result of cyber crime," he says.

In the meantime, Kiddey says it's important for people to be on their guard against falling victim to cyber conmen.

"In the above incident, when you lay it out step by step there are three or four security doors," he says.

"And the customer, unknowingly, has held each and every one of these doors wide open.

The first of these was not checking the identification of the person on the other phone.

"You should treat your computer the same way you treat your home. Don't let anyone in without being absolutely sure of who they are and what their intentions are," says Kiddey.

"For callers on the phone, get correct ID number, check 0800 number for their organisations and never give out or confirm your personal or financial information," he explains.

"Being asked to access your bank account is another red flag. At this point the customer should have said that they could have tried another website, such as YouTube, to check speeds," Kiddey suggests.

"A genuine ISP would not ask a customer to log onto their online bank account. At this point the victim should have simply hung up," he states.

The other point at which the victim could have prevented the theft from their account is by declining to pass on the bank's transaction verification message over the phone.

"In this case, no amount of online security could have helped because the customer gave everything important away," says Kiddey.

"If something doesn't feel right, it really might not be. Treat your personal information like you would treat your home. Keep it safe and IAG will continue to look for ways to help make it safer.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X