A scammer pretending to be from an internet service provider fleeced an unsuspecting victim of $8000, prompting warnings to computer users to be on their guard.
An AMI Insurance customer had their bank account cleared out after giving a fraudster remote access to their computer, without asking for their identification.
The victim thought the call was genuine because they had been contacted by their actual internet service provider (ISP), which was troubleshooting internet speeds in the area, shortly before they were scammed.
After gaining remote access, the culprit said he would call back a couple of days later, the victim unaware that software that could spy on computer activity - called spyware - had been installed.
When the scammer called back he instructed the victim to log onto their internet banking account under the guise that he was checking internet speed had improved.
Shortly after, the man called again, asking the victim if they had received a code via text message from their bank and to read it out loud, which they did.
This was the bank's transaction verification message.
The fraudster immediately transferred $8000 to an account in Australia before the money was moved on again.
The customer called AMI about making a claim but insurance does not cover such computer crime.
The victim's bank would not assist because the victim had voluntarily given away all the details that enabled the fraud.
"When you lay it out step by step there are three or four security doors," said Chris Kiddey, national technical specialist at AMI parent company IAG.
"And the customer, unknowingly, has held each and every one of these doors wide open."
Kiddey said contents insurance covers physical loss or damage.
"Most policies add that there is cover up to $1000 if your credit card is used to make purchases following a theft, but this requires the physical theft of that card."
However Kiddey said research is being carried out to find ways to help victims of cyber crime.
"IAG New Zealand is exploring ideas for a special product that will cover certain costs that occur as a result of cyber crime," he said.
In the meantime, the company is warning people to be on their guard against falling victim to cyber crime.
"You should treat your computer the same way you treat your home. Don't let anyone in without being absolutely sure of who they are and what their intentions are. For callers on the phone, get correct ID number, check 0800 number for their organisations and never give out or confirm your personal or financial information," said Keddey.
"Being asked to access your bank account is another red flag. At this point the customer should have said that they could have tried another website, such as YouTube, to check speeds.
"A genuine ISP would not ask a customer to log onto their online bank account. At this point the victim should have simply hung up."
The victim also could have prevented the theft by declining to pass on the bank's transaction verification message over the phone.
"In this case, no amount of online security could have helped because the customer gave everything important away," said Kiddey.
"If something doesn't feel right, it really might not be. Treat your personal information like you would treat your home. Keep it safe and IAG will continue to look for ways to help make it safer."