Phishing attacks catching unwary Kiwis

11:26, Sep 29 2012

Online “phishing” attacks are growing in number and becoming increasingly more sophisticated.

The Consumer Affairs Ministry received 833 reported cases last year, a 68 per cent jump from 496 in 2010.

The amount of money stolen more than doubled in the space of a year, from $35,000 to $87,000.

Phishers send spam emails purporting to be from reputable organisations such as a bank which direct people to a genuine-looking website, where they are asked to enter their password and login details.

Other scams claim to be from the Inland Revenue Department offering a tax refund, or from online consumer websites such as Trade Me.

Even the Bankers' Association, which is an industry group with no customers of its own, was impersonated by a scammer last month.


“I would like to emphasise that the New Zealand Bankers' Association, and its member banks, will never ask a customer to disclose their PIN number or account password,” said chief executive Kirk Hope.

NetSafe executive director Martin Cocker said phishers were becoming more sophisticated and creating “better fakes”.

“The cost associated with creating a convincing looking website has plummeted really. So that enables the criminals to put together very quickly fake websites and get out and do some phishing.”

Consumers knew spelling mistakes and badly made websites were a “dead giveaway”, so scammers had responded by making their sites more credible, Cocker said.

TSB Bank was hit by a phishing email last month which instructed customers to “immediately update there [sic] online service for our New Security Feature Update”.

The email linked to a website complete with the bank's livery, advertisements warning viewers to be wary of fraud, and even links back to the Consumer Affairs website.

In July, ultra-marathon runner Lisa Tamati was one of several TSB customers caught up in a phishing scam but the $10,000 stolen from her account was reimbursed by the bank.

Cocker said all the banks were periodically hit by the scams.

Phishing attacks are the third most reported category of scams, after lottery and cold-calling computer virus scams, and the fifth highest in terms of losses.