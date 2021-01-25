BNZ has warned customers of a phishing scam asking for personal details in text messages.

The text messages, claiming to be from BNZ, said a payment had been made to a new payee, and directed the recipient to a link to cancel the payment if this was not made by them.

Another text message doing the rounds claimed there had been a suspicious login, and also included a link.

BNZ confirmed the text message was fake on its Facebook page, and asked recipients to not click the link and delete the message.

READ MORE:

* ASB warns customers about scam text message asking for personal details

* BNZ leak shows uncomfortable reality of many KiwiSaver schemes

* ANZ warns of message, text phishing scam



ASB warned of a similar scam earlier this month.

The web address in the BNZ scam text was https://bnz-accountsecurity.com.

The bank asked anyone who had clicked the link to contact BNZ and report the issue with Cert NZ.

SCREENSHOT BNZ warns of a text message phishing scam currently doing the rounds.

BNZ’s scam report showed, during the first Covid-19 lockdown, there was a 313 per cent increase in scams.

Figures from Cert NZ’s third quarter report found cybersecurity incidents were at an all-time high.

Between July 1 and September 30​, 2610​ reports were made to the government agency, resulting in a total loss of $6.4 million.

That’s a 255 per cent​ increase in losses from the previous quarter.

A BNZ spokesman said the bank would never contact people out of the blue and ask for personal details, passwords, Internet banking details or urge them to click or tap on a link.

The website is a phishing scam, designed to look like the BNZ login page to trick people into entering their login details. If a customer receives this text, the best thing to do is delete it immediately, the spokesman said.

If a customer had clicked it we urge them to call us as soon as possible and we can help them with securing their account, he said.

Like with all scams, the sooner you’re able to talk to your bank if you think your account has been compromised the better chance we have of recovering any money that might be stolen.

Cert NZ incident response manager Nadia Yousef said displaying a padlock did not indicate whether the website was legitimate or not.

“You could be privately sending information to an attacker who has created a web page that looks like the website you were expecting,” Yousef said.

“If you received a request to log into your account or share information over email or SMS, it’s best to go directly to the organisation’s website through your browser or their official app.”

Yousef said it was best to contact the company that sent a text message to confirm whether it was legitimate.