Deep fake investments – our banks should be worried

The first time I reported a fake investment to Netsafe and the Financial Markets Authority, it was a particularly clumsy looking one.

The headline: “Bank of New Zealand sues Jenny-May Clarkson for what she said on live TV”.

It wasn’t the use of a New Zealand bank or TV presenter that annoyed me the most. It was the fake Radio New Zealand website using respected journalist Hamish Cardwell’s byline which caused the angry frown. The minute you add media authenticity to a scam, the higher the hit rate.

The grinning Clarkson with her “loophole to riches” and co-host Ryan were looking at his phone in wonder. In seven minutes on live TV he'd just made $76, claimed a grammatically challenged Cardwell.

Another media outlet had a Special Report: “Jenny-May Clarkson’s latest investment has experts in awe and big banks terrified”. With breathless disbelief New Zealand citizens were raking in millions of dollars.

The links were quickly taken down by Netsafe, which appeared to have a direct line to the social media gods hosting these criminals. No doubt they sprung back with different celebs minutes later, but it was a good effort.

AI ups the stakes

This week in the UK well-known Antiques Roadshow presenter Fiona Bruce appeared in a deep fake investment scam video generated by AI. Her “depiction” encouraged people to sign up. Technology companies that monitor fraud believe AI is being used to write documentation and increase the accuracy of language in fake offers. Fraudsters have upped their game once more.

No more clowning around

In the world of professional fraud, the real and fake merge so closely, we can’t tell the bad actor from the genuine.

Criminals cloning financial institutions and impostors using names of real staff, are rife. Fraudsters are going one step deeper and designing websites which compare the best returns. You leave your contact details and they get back to you with well-branded cloned documentation, often meticulously copied and presented by people impersonating real employees. Look them up on LinkedIn and they exist.

I’m currently asking Citibank to convince one of their senior staff to come off LinkedIn temporarily and hve shown them evidence of his fake moonlighting with an Auckland telephone number. It’s perplexing and enabling more fraud, that the police, banks, regulator and fraud agencies operate as silos.

Many big financial brands targeted

Fraudsters are getting audacious when you look at the big brands they’re impersonating. And they can afford to when our banks run on technology years behind offshore peers.

In 2022 we had a flurry of fake bonds being offered by specialist names such as BNP Paribas, Rabobank and Macquarie Asset Management.

But the big shaker was US household name Citibank. It is a registered settlement bank in New Zealand, a member of the Banking Association and a shareholder in Payments New Zealand. But it does not sell retail deposits. The regulator advised criminals were targeting New Zealand with fake Citibank offers in July 2022, but we know of cases that invested as early as February.

Since then, 2023 has seen the jaws of term deposit scammers open wide. The Citibank case morphed slightly and another warning was issued in May. These criminals must be wringing their hands in glee as millions of dollars flow through our payments system to them. An entire year of running essentially the same scam in a country where account number and name matching on our payments is nowhere in sight. That one capability would stop the onslaught.

The last four months have been lit up with big name fake term deposit warnings; SBS (Southland Building Society), Citi N.A, HSBC NZ, Suncorp, BT Funds Management and a second HSBC warning, making 2022 look like a mere warm up.

But are our banks and regulator clowning around?

Two comparison websites which lure people in are still live. The site ratesfinder.co.nz and comparefixedtermdeposits.net’are on the FMA website as known scams. How on earth is this possible?

It’s party-land for fraud and our banks have failed. Even when their customer enters a branch, talks about Citibank and tells staff they’d like help to make a six-figure payment, they fail to intercept it. Despite being on notice of the scam for a full year from their own regulator, there’s apparently nothing particularly suspicious about these situations. The bank receiving the proceeds of crime has much to answer for as well. The fraud alerts on these accounts will have been going off like disco lights all year.

These days a banker is able to have no knowledge of authorised retail deposit-takers in New Zealand, or the latest fraud alerts. I’m nothing short of embarrassed they believe their payment system is fit for purpose. They’re not breaching their terms and conditions of reasonable care and skill, not breaching the banking code of practice to provide safe and secure systems and don’t believe they were legally on notice to intervene. At the after-party receiving banks are ignoring their fiduciary duty to operate accounts appropriately with regard to money mules.