Lockdown 2.0 has seen a rise in email phishing scams, Westpac’s Financial Crime Team says.
Financial Crime Senior Manager Tracey Brown says there has been a marked increase in phishing emails purporting to be from DHL couriers, the New Zealand Transport Agency, Paypal, TradeMe and Inland Revenue.
Phishing is the attempt by fraudsters to disguise themselves as reputable companies via email in order to gain personal information from individuals – such as credit card details and passwords.
Each variant of the scam has its own method:
- DHL-themed phishing emails claim to be for package tracking and personal information validation.
- NZTA-themed emails ask people to click on a link to renew their license.
- Paypal-themed emails ask people to click through due to unauthorised activity on a card associated with their account.
- TradeMe-themed emails ask people to click on a link as their membership has been suspended.
- IRD-themed phishing emails encourage people to click to claim their tax refunds.
“As criminals look for new ways to exploit people and gain access to their funds, we expect this to keep increasing in the current environment,” Brown says.
Westpac Financial Cyber Crime Specialist Lizel Foord encourages everyone to be more vigilant when opening emails.
“If you don’t know who the email is from, delete it and don’t click on any links if you don’t know who it’s from,” she says.
“Don’t share your information with people you don’t know.
“If you’re unsure, do some research on the company and you can also forward the email to Phishing@westpac.co.nz,” she says.
The Westpac phishing email address receives up to 150 malicious phishing emails per day.
The emails are passed on to the financial crime team to investigate wider networks of fraud.
Lizel Foord, who has more than 20 years' experience in IT security, says reporting phishing emails helps secure the bank’s network as well as ultimately protecting customers.
Foord says that criminals do their homework extensively and often incorporate corporate branding, which makes scams harder for people to detect.
So, how can you tell it’s a fake?
“If the email contains a bad link or file attached, be vigilant.
“Criminals are becoming sneakier in hiding what’s behind the URL that you’re clicking on. They make it a shorter URL which is different from the real URL,” Food says.
Graphs below show scam and fraud activity that Westpac NZ has identified from October 2019 to August 2020 under the following categories:
- Business - Phishing scams, Invoice fraud, Cheque fraud.
- Phone scams - Remote access - Spark/Telco scams, Social Engineering, Account takeover.
- Account Takeover - Phone porting.
Trust based scams - Mules, Investment scams, Romance scams, Known parties.