Modern banking scams are increasingly focused on manipulating people rather than simply breaking into accounts. This article looks at social engineering, remote-access scams, transaction warnings, privacy concerns, and whether smarter, more contextual protection could help customers pause before money is lost.
The Situation
Over the last few years, banking scams have changed dramatically. The old image of a “hacker breaking into a bank account” is no longer the most common threat many people face.
Increasingly, the situations being seen in IT support environments involve social engineering scams where customers are manipulated into moving their own money, installing remote-access software, or following instructions from someone pretending to help.
At Techmedics, we regularly speak with customers who have experienced scams, remote-access incidents, compromised devices, or suspicious banking activity. Many of these situations involve less technically confident users, and in most cases the attacks rely far more on persuasion and panic than on advanced technical compromise.
This article is not intended as criticism of any particular organisation or person. Financial institutions are under enormous pressure to reduce fraud, protect customers, and respond to increasingly sophisticated scams. Instead, this article is intended as a practical discussion around the balance between security, privacy, customer education, and trust.
The Shift Toward Behavioural Security
Banks are increasingly introducing advanced fraud detection systems designed to analyse how customers interact with online banking platforms.
These systems may look at things such as:
- Typing patterns
- Scrolling and swiping behaviour
- Device trust and usage patterns
- Signs of remote access software
- Transaction anomalies
The goal is understandable. Modern scams often involve criminals convincing customers to install remote-access software, share access, or authorise payments while under pressure. Traditional protections such as passwords, PINs, and one-time codes are no longer enough on their own.
From a cybersecurity perspective, behavioural analysis can help identify situations where something about a session appears unusual or risky.
The Real-World Scam Problem
However, one thing that stands out from real-world remediation work is that many successful scams are not purely technical events.
They are human manipulation events.
A common pattern seen repeatedly looks something like this:
- A scammer phones the victim on their mobile phone.
- The victim is persuaded to install remote-access software or follow instructions.
- The victim remains on the phone while accessing internet banking
- The victim is coached through the transfer process.
- The scammer keeps the victim calm, pressured, or confused throughout the interaction.
In many cases the victim is not being “hacked” in the traditional sense. They are being manipulated.
This is an important distinction. The move toward higher numbers of social engineering scams may actually show that many current authentication systems are working. Passwords, multi-factor authentication, and device checks can make it harder for criminals to simply break into an account.
So instead, scammers work around the technology by targeting the person using it.
One particularly important issue is that bank intervention calls do not always work effectively anymore. We have seen situations where a bank contacted a customer during a suspicious transaction, but the customer, while still on the phone to the scammer, repeated exactly what the scammer instructed them to say.
At that point, the challenge is no longer just authentication.
It becomes coercion, pressure, and social engineering.
The Growing Role of Remote Access and Money Transfer Platforms
Another pattern becoming increasingly common involves customers being persuaded to create accounts with overseas transfer or remittance services.
Interestingly, in several cases we have seen:
- Customers who had never previously sent money overseas
- Customers who rarely or never shopped online
- Customers suddenly creating international transfer accounts
- Large or unusual transfers occurring rapidly afterward
In some cases, the transfer platform itself detected the unusual behaviour, froze the transaction, and returned the funds to the customer.
This raises an interesting question for the banking industry:
Should more focus be placed on transaction anomaly detection and contextual warnings, especially around new payees, overseas transfers, and unusual customer behaviour, rather than broad behavioural or device-level monitoring?
The Privacy and Trust Conversation
One area that has sparked discussion recently is the level of information some fraud systems collect from customer devices.
Customers are generally comfortable with:
- Passwords
- Multi-factor authentication
- Face ID or fingerprint login
- Transaction alerts
- Suspicious activity monitoring
However, broader device-level collection, particularly around installed applications, can create concern for some users.
Part of the challenge is not necessarily the technology itself, but the clarity of communication around it.
Uncertainty and mistrust naturally increase if customers do not clearly understand:
- What is being collected
- When it is collected
- Whether it only applies during banking sessions
- Why it is considered necessary
- How long the information is kept
- Who it may be shared with
During discussions around these systems, it has emerged that some people are now considering the use of separate “banking-only” phones to limit what information their primary device exposes.
Ironically, this may actually reduce some of the behavioural and device-context information these systems rely upon.
Is There a Middle Ground?
The challenge for banks is genuine. Scam losses are real, and financial institutions are under increasing pressure to protect vulnerable customers.
At the same time, customers increasingly expect:
- Transparency
- Choice
- Privacy
- Proportionality
There may be value in considering a more layered or adaptive approach to banking security.
For example:
Standard Protection
- Strong passwords
- Multi-factor authentication
- Device biometrics, such as Face ID or fingerprint login
- Transaction anomaly detection
- Contextual warnings
Enhanced Protection
This could be optional, risk-based, or applied during higher-risk activity.
- Additional behavioural monitoring
- Higher-risk transaction checks
- Enhanced verification for overseas transfers
- New-payee warnings
- Trusted-contact verification for vulnerable customers
- Additional checks when remote-access software is detected
This type of model may help create a better balance between fraud prevention, customer choice, privacy expectations, and user trust.
The Importance of Customer Education
One thing is clear: many people still do not fully understand how modern scams operate.
In particular, there appears to be an opportunity for stronger public education around:
- Remote-access applications
- “Safe account” scams
- Impersonation calls
- Overseas transfer scams
- Social engineering techniques
- Banking coercion scams
Simple, contextual warnings during high-risk transactions may sometimes be more effective than technical monitoring alone.
For example:
- Has someone told you that your money is unsafe, at risk, or about to be lost?
- Are you currently on the phone to someone who is directing this payment?
- Are you making this payment as part of a remote support call? Genuine remote support should not require access to your bank account.
- Are you being asked to make a purchase, transfer money, or buy gift cards urgently?
- Has someone told you not to speak to your bank, family, or usual IT support person about this transaction?
These types of prompts may interrupt the scam process at the exact moment a customer needs to pause and reassess the situation.
They also speak more directly to what is actually happening in many real-world scams: pressure, urgency, secrecy, and control.
Final Thoughts
There is no perfect solution to modern banking fraud.
Banks, customers, cybersecurity professionals, and regulators are all trying to navigate a rapidly changing landscape where social engineering, remote access scams, and psychological manipulation are becoming more common.
Behavioural security systems may absolutely have a place within that environment.
However, trust, transparency, customer education, proportionality, and meaningful communication remain just as important.
The goal should not simply be more monitoring.
The goal should be smarter protection that customers understand, trust, and feel comfortable using.
This article is intended as a general discussion piece based on practical IT support and scam remediation observations. It is not legal advice, financial advice, or a criticism of any specific organisation. Scam prevention systems and banking security controls continue to evolve across the financial industry.
Need Help?
If you are unsure what is happening with your computer, laptop, phone, or online accounts, Techmedics can help with practical advice, scam-related checks, diagnostics, and repair options from our Kaiapoi workshop.
Ask us about your device
Back to Case Files list