AN Auckland doctor lost $300,000 after a Nigeria-based fraudster hacked into his father's email account and, posing as the father, asked for the transfer of family money.
The doctor, who works in emergency medicine, is fighting to get the cash back and wants to warn others to be vigilant about online security.
Speaking to the Herald about his ordeal during International Fraud Awareness Week he was angry and frustrated that he had been so easily duped.
The doctor, who spoke on the condition of anonymity, was holding just over $300,000 of family money in an account in New Zealand. The money had been earmarked to buy property in Auckland or Britain where the doctor's parents live.
A decision was made to make an offer on a property in England and the doctor spoke to his father on the phone about transferring the money to a UK account.
"He told me verbally to send the money over, but later sent an email saying not to do it as the offer had been rejected," the doctor told the Herald.
"Twelve hours later I got another email sounding like it was continuing on from that conversation. It said good news, the offer has been accepted so send the money through. I had an ongoing conversation with who I thought was my father."
The doctor transferred the money to a bank account that appeared to have been set up in his father's name. As he was communicating with his father from his legitimate Yahoo.co.uk email address, he had no reason to suspect anything was amiss. When he spoke to his father days later he realised he had been scammed.
He believes the fraudster used a phishing technique to gain access to his father's email account in which a fake password prompt was sent to "confirm" the user's personal details.
The fraudster then used those details to access the email account and monitor the father and son's conversation before stepping in and pretended to be the older man.
The doctor contacted both his bank and the one that he transferred the money to, as well as the police. He is waiting to find out if there is any way he can recoup his loss.
"My main error was that I didn't make the telephone call to my dad for confirmation. But I'm pretty busy, I don't have the time to speak to my parents on the phone all the time. I think I should have though," he said.
"We are all frustrated, it's a massive chunk of money. I feel somewhat stupid, but when I go and read back through the email chain [the scammer] was pretty convincing."
He wanted to warn others about phishing and transferring money overseas.
Detective Senior Sergeant Aaron Pascoe said the scam appeared to be Nigeria-based.
Consumer Affairs warned that scams succeed because they look like the real thing.
"Scams are constantly evolving and becoming more and more sophisticated so that they can fool even the most tech-savvy amongst us."
5 ways to stay scam safe
If you think you have received a scam email, text or other message:
1 Do not reply. A reply only serves to confirm that your email address is active.
2 Notify your own ISP or IT support.
3 Do not forward hoax emails.
4 Unless the email is from a known and trusted source, do not open attachments or click on links.
5 Do not send money or give personal information to anyone you do not know.
Update your news preferences and get the latest news delivered to your inbox.