An authentic recording of a scammer extracting a confirmation code from a customer demonstrates the sophistication and believability that fraudsters are now able to portray.
The call – just one example of the hundreds of scam attempts taking place each day – was obtained by Westpac NZ’s Financial Crime team.
The customer has kindly allowed the call to be used to alert others to the danger scammers pose.
What was the outcome of the call? Did the scammer manage to get anything?
Westpac’s fraud monitoring system picked up this payment and blocked it so there was no loss to the customer.
What code appeared on the customer’s phone? What was the scammer trying to do at this point?
The code that appeared on the customer’s phone was a confirmation code required to verify an online purchase. The scammer had the customer’s credit card details and needed the code to validate his fraudulent payment. He tried to trick the customer by saying it was a cancellation code, to fool her into giving it to him so he could authorise the payment on her card.
Does Westpac use “cancellation codes” when cancelling credit cards or payments?
No! There is no such thing as a Cancellation Code and Westpac would never send one to a customer and ask them to read it back.
Are there any other codes that could be sent to a customer’s phone?
Sometimes the code scammers ask people to read out are for password resets as well. They can use these to hack into and take control of a bank account. Customers should carefully read any code sent to them to see what they pertain to. In this case, the code the customer received looked like this:
The scammer refers to the phone number on the back of the card. What was he talking about there?
The scammer had “spoofed” the number he was calling from, making it appear he was calling from a real westpac phone number. This number is printed on the reverse of our cards.
What red flags pointed to the call being a scam?
- Unexpected call
- Identifying himself using the phone number on her card
- Excessive use of “ma’am / madam”
- Mention of “ZIP code” instead of “Post Code”
- Repeated use of “Fraud Prevention Team” and telling the customer he has verified himself.
- Use of a cancellation code – our team wouldn’t send a code to cancel payments if a customer confirms payments are fraudulent.
- The actual text message received read: “Use this password to complete your online purchase...” This was inconsistent with what the scammer told the customer.
What was the best course of action for the customer to take?
Don’t read out the code or give any information. End the call then contact Westpac on their official line at 0800 400 600.
The customer may have been able to spot the scam if she had carefully read what the text message said – i.e., that they are completing a purchase and not cancelling a purchase. Though it is the scammer’s skill that gets the customer to read this back without looking too closely at it.
What is best practice for anyone who might receive the same call?
- Be extremely vigilant for any unexpected or suspicious phone calls.
- If you're unsure if it’s genuine, end the call.
- If the caller claims to be from a legitimate entity (such as your bank), you can call back using the number on their official website but don’t request a call back.
- Carefully read any messages or emails with verification codes.
- Never share your online banking passwords, phone banking or card PINs. Westpac will never ask for them.
- Don’t allow remote access to your devices or download software at the request of a caller.
- If you believe you've been targeted by a scam, contact your bank immediately.
Various types of frauds and scams are on the rise. To help New Zealanders stay safe, Westpac maintains a list of latest scams and frauds.