Source: Banking Ombudsman Scheme
16 June 2026 – An increase in scam complaint numbers has prompted the Banking Ombudsman to urge customers to read and act on security alerts from banks.
Scam complaints to the scheme rose 18 per cent in the first quarter of the year, the first rise since late 2024. Banking Ombudsman Nicola Sladden said messages or notifications from banks were often a warning that something may be wrong, as well as a chance to stop a scam before any money was lost.
Banks send messages through apps, texts and emails to alert customers when access to their bank account is being set up on a new device, passwords are being changed or when transactions are being made.
Ms Sladden said, if a customer has already clicked a phishing link, they may think the messages are part of a legitimate transaction, such as confirming a delivery or paying a toll.
“Some people may overlook a notification or not read a full message, especially if they’re busy or distracted,” she said. “But taking a moment to read the full message could make the difference between keeping or losing money to a scam.”
In one recent case , a customer was selling items on an online marketplace when they received a link from the buyer to arrange postage. They clicked on the link to a website and entered bank account details to confirm details for the payment. Soon after, they received email and text messages containing codes to set up a banking app on a new device. The messages stated that the customer should contact the bank if they were not setting up the app. However, the customer did not read the messages and entered codes into the website. The following day, $16,700 was transferred from their account.
Ms Sladden said sharing codes or approving actions in banking apps could allow scammers to use the account as if it were their own.
“Banks may consider whether messages were read and acted on when deciding whether to reimburse a loss.”
In another case , a customer received an email appearing to be from the Inland Revenue Department (IRD). The customer clicked a link that took them to a website resembling IRD, then to another resembling their bank, where they entered their banking details. The scammer used these details to log into the customer’s account, triggering a genuine security code from the bank. The customer, believing the code was prompted by their own activity, entered it into the website. A few days later, $60,000 was transferred from the customer’s account.
Ms Sladden said customers should be especially careful with messages that included a code or asked them to approve activity – and should always check that the message matches what they are trying to do.
“When you receive a message from your bank, stop and read it carefully. If something doesn’t seem right, contact your bank using the phone number on its website or app, never through a number or link in a message.”
She said sharing a code was one of the most common ways scammers gained access to bank accounts.
“Security notifications are there to protect customers. A brief pause to read a message and act on it is a simple way for customers to keep their bank account safe and prevent a loss.”
Related links: