The current scam is an automated phone message regarding calling someone back, and you will be prompted to select an option.
If you receive one of these calls – please just hang up the phone.
If you think you may be receiving a vishing call, or are interested in hearing about more phone scams, you can always check the ‘Spark scam alerts’ page: https://www.spark.co.nz/scamalerts
Here is what Spark is advising on this particular scam:
Spark automated messages
Sometimes, instead of a real
person on the line, scammers will use a pre-recorded message pretending to be
The message will often threaten to disconnect your broadband. It may also tell you to press a number on your keypad to speak to an operator, or for more options.
This would then redirect you to a scammer. This is not a legitimate call from Spark. Anyone who receives these calls should hang up immediately.
Here is some general advice from Spark which will help protect you from vishing calls in future:
Vishing General Advice
Scammers are always changing their approach, so when we become aware of a new and reoccurring type of scam or a new tactic scammers are using, we’ll add info about it below.
While this list can help you identify scam activity, there may be other scams that aren’t listed here. Always try to protect yourself from scams by remembering these key things:
- Spark will never contact you out of the blue and do the following:
- Request your password
- Request your credit details
- Threaten to disconnect your broadband
- Tell you that you’ve been hacked
- Request access to your personal computer or laptop
- Avoid calling back numbers you don’t recognise
- If you’re unsure whether the call is genuine, the best thing to do is hang up
Over the last few months general public have been repeatedly targeted by a callers claiming to be from Microsoft IT. This practice is known as “Voice Phishing” or “Vishing” where callers impersonate legitimate companies to steal money, personal/corporate financial information.
In this instance the purpose of the call is to gain access to your workstations that they claim are full of viruses. This is not a new scam and is usually targeted at residential phone numbers. The caller is said to have a foreign accent and it was noted that there was a significant delay in their response suggesting that they are calling from another region.
If you suspect you are talking to one of these scammers or are suspicious that the person you are talking to is running a scam:
• Record the incoming number, time and date of the call.
• Do not give them any information about your operations, network or devices.
• Suggest them to ring your IT Support person .
• End the call as soon as possible.
Please note that Microsoft does not make unsolicited phone calls to help you fix your computer.
This is a story about a highly successful phishing scam which was later named as the ‘fake president incident’. This scam is an example of a BEC (Business Email Compromise) attack, more commonly referred to as ‘CEO fraud’.
In a ‘CEO fraud’ attack, attackers impersonate an executive or finance official inside a company in order to trick the victim into transferring a large amount of money from the company’s accounts to accounts controlled by the attackers. The fraudsters will typically spoof the domain name of the target company and ask the victim to make an ‘urgent’ transaction.
The victim of this scam was a company called FACC – an Austrian based aerospace parts manufacturer.
FACC, an Austrian-based aerospace parts maker fired its then CEO, suffered a cyber-attack in which NZ$78 million dollars were stolen.
The attack was in the form of a phishing email. The email sender details were faked to make it look as though it was coming from the CFO (Chief Financial Officer) of FACC. The request in the (fake) email was for multiple large payments to be made for an ‘acquisition project’. These payments were to be made to various accounts in Slovakia and Asia. This email was sent to a team member of FACC.
Since FACC did not have any security protocols in place for such a request, the transfer was put through. The company was able to stop a transfer of NZ$13 million dollars, however by that time it was already too late – NZ$78 million dollars had already been transferred.
This phishing attack is a good example of what is now known as a BEC (Business Email Compromise) attack, more commonly referred to as ‘CEO fraud’. The attackers’ email impersonated the CFO (Chief Financial Officer) of that company. The domain name of the company was spoofed as well.
Despite any evidence that the CEO and CFO was involved in the attack, this incident resulted in the CEO at the time being fired from his job. The CFO was also later released form his role.
By targeting a successful company, the attackers stood to make large financial gains in the event that they successfully duped a member of the company that had the ability to transfer money.
How Can We Avoid this Scam?
In order to avoid this scam, all unusual payment requests should be verified by calling the sender and verifying that the email request is legitimate.
‘CEO Fraud’ is becoming increasingly popular with sophisticated organized cyber criminals. Statistics compiled by the FBI show that the CEO Fraud phishing scam cost American businesses US$246 million in 2015 alone. However that number is likely well below the actual monetary losses, as it only represents losses that were reported to the FBI. Many companies don’t report these kind of crimes, as they don’t want the information to become public.