A 38-year-old man, who lost $663 after falling for an elaborate road toll text, wants people to be aware of such scams.
The IT Engineer, who does not wish to be named, drove through the toll road in Tauranga on Easter Saturday.
The following day he received a text indicating he could pay the toll by clicking on a link and inputting his credit card on what he thought was the real Waka Kotahi website.
“It makes sense because I have paid tolls before, they have my licence plate and they have my phone number,” he said.
The scam text message was purportedly from Waka Kotahi. Image: supplied.
He saw the website looked like Waka Kotahi’s and so he went forward with the transaction.
After entering his credit card information, he received a text from Westpac with a confirmation code, and after entering the code, a transaction text popped up showing $663 had been taken from his account.
Only after that text popped up did he realise he had been tricked.
“It was very early in the morning, I was having my breakfast, and I wasn’t paying attention,” he said.
“The website was a clone of the real one.”
Waka Kotahi spokesman Andy Knackstedt told the Herald this is “smishing” - a portmanteau of SMS and phishing - a scam that tells people they owe Waka Kotahi money.
He said the company doesn’t send text message reminders.
“If the text comes from a +61 (Australia) or another overseas number, says your driver’s licence or vehicle registration needs renewing, or your tolls have not been paid and are overdue, it’s a scam.”
The scam and fake Waka Kotahi websites side to side. Photo: supplied.
The man immediately blocked his card and contacted his bank, however, by then, the transaction had already gone through.
Westpac said it will refund the $663 out of a gesture of goodwill.
“Sometimes it could be hard to tell what is real or not.”
CERT NZ spokesman Hadyn Green said scammers obtain huge lists of phone numbers via the dark web.
“These numbers are taken from online forms or data leaks or previous phishing campaigns and they then send out messages to all of these numbers hoping that a percentage of people will fall for it,” he said.
“These sorts of attacks are cheap and fairly simple to undertake.”
The organisation strongly urges people to avoid clicking links in text messages.
“Even if they seem legitimate, only click a link if you were expecting to be sent one and can verify where it was sent from,” said Green.
“A link sent to you out of the blue is most likely to be a scam.”
Take your Radio, Podcasts and Music with you