The end of the financial year brings about tax season and with it, a rise in enterprising scammers attempting to steal money by impersonating Inland Revenue.
In a recent case, a customer lost $41,500 after receiving an email purporting to be from the IRD advising her of a tax refund and to verify her bank details. The customer was due a tax refund at the time so followed a link to a page that looked like the IRD where she was asked to input her contact details and name her bank.
Upon selecting BNZ from the list of New Zealand Banks, she was redirected to a BNZ login page where she was directed to enter her BNZ Access Number, Password, and upload a copy of her NetGuard card.
This information was sent in real time to the offenders who then logged into Internet Banking using the customer’s credentials and made three unauthorised payments totalling $41,500 which were unable to be recovered.
BNZ Head of Financial Crime, Ashley Kai Fong, says, “This seasonal scam starts now and hits its peak in the middle of the year when Inland Revenue are sending out legitimate notices about tax returns.
“The scammers rely on the victim being in a rush, not noticing the discrepancies compared to a legitimate tax return process, and tempting them with a believable and desirable amount of money,” he says.
Kai Fong says this scam has all the hallmarks of a regular phishing scam.
“Scammers know that tax returns are necessary and can be bit of a hassle, but also a chance to get an unexpected cash windfall. By making things appear easy and straightforward, combined with the lure of a payoff, they tempt their victims into using a bogus site.
“But there are signs everyone should look out for. The email comes from an address that isn’t Inland Revenue’s, sometimes the English is poor and there are spelling mistakes, and while the site they ask you to visit looks legitimate, the URL is wrong.
“It’s important to always check whether the link in the email and the sender’s address is legitimate. If you feel like you’re being hurried to take action, take a step back and consider the situation. It also pays to be wary when the spelling and grammar is off.
“Most importantly though, remember that tax returns are always completed in the secure online MyIR portal and you’ll never get emails with sensitive information such as the return amount specified in the body of the email,” says Kai Fong.
Kai Fong encourages anyone who thinks they may have been a victim of a scam to get in touch with their bank immediately.