A 38-year-old man, who lost $663 after falling for an elaborate road toll text, wants people to be aware of such scams.
The IT Engineer, who does not wish to be named, drove through the toll road in Tauranga on Easter Saturday.
The following day he received a text indicating he could pay the toll by clicking on a link and inputting his credit card on what he thought was the real Waka Kotahi website.
鈥淚t makes sense because I have paid tolls before, they have my licence plate and they have my phone number,鈥 he said.
/cloudfront-ap-southeast-2.images.arcpublishing.com/nzme/O2YMVIVDQRHJRGCATAGHPJ3AFY.png)
The scam text message was purportedly from Waka Kotahi. Image: supplied.
He saw the website looked like Waka Kotahi鈥檚 and so he went forward with the transaction.
After entering his credit card information, he received a text from Westpac with a confirmation code, and after entering the code, a transaction text popped up showing $663 had been taken from his account.
Only after that text popped up did he realise he had been tricked.
鈥淚t was very early in the morning, I was having my breakfast, and I wasn鈥檛 paying attention,鈥 he said.
聽鈥淭he website was a clone of the real one.鈥
Waka Kotahi spokesman Andy Knackstedt told the Herald this is 鈥渟mishing鈥 - a portmanteau of SMS and phishing - a聽聽that tells people they owe Waka Kotahi money.
He said the company doesn鈥檛 send text message reminders.
鈥淚f the text comes from a +61 (Australia) or another overseas number, says your driver鈥檚 licence or vehicle registration needs renewing, or your tolls have not been paid and are overdue, it鈥檚 a scam.鈥
/cloudfront-ap-southeast-2.images.arcpublishing.com/nzme/XVLKHQSY6VGDFODMYOJ2JARDPY.png)
The scam and fake Waka Kotahi websites side to side. Photo: supplied.
The man immediately blocked his card and contacted his bank, however, by then, the transaction had already gone through.
Westpac said it will refund the $663 out of a gesture of goodwill.
鈥淪ometimes it could be hard to tell what is real or not.鈥
CERT NZ spokesman Hadyn Green said scammers obtain huge lists of phone numbers via the dark web.
鈥淭hese numbers are taken from online forms or data leaks or previous phishing campaigns and they then send out messages to all of these numbers hoping that a percentage of people will fall for it,鈥 he said.
鈥淭hese sorts of attacks are cheap and fairly simple to undertake.鈥
The organisation strongly urges people to avoid clicking links in text messages.
鈥淓ven if they seem legitimate, only click a link if you were expecting to be sent one and can verify where it was sent from,鈥 said Green.
鈥淎 link sent to you out of the blue is most likely to be a scam.鈥
Take your Radio, Podcasts and Music with you
Get the iHeart App
Get more of the radio, music and podcasts you love with the FREE iHeartRadio app. Scan the QR code to download now.
Download from the app stores
Stream unlimited music, thousands of radio stations and podcasts all in one app. iHeartRadio is easy to use and all FREE
