Coasties, be on alert—police have cracked a sophisticated smishing scam right here in Auckland.

In a joint effort between New Zealand and Australia, Operation Orca was launched to stop a new form of phishing that had the potential to cause significant financial losses.

The Department of Internal Affairs (DIA) first noticed irregularities in late July, thanks to reports from the public and early warnings from banks and mobile networks.

A coordinated investigation quickly followed, involving the police, DIA, banking institutions, and Australia’s Joint Policing Cybercrime Coordination Centre.

On Friday, 23 August, police executed a search warrant at a central Auckland residence, where a 19-year-old man was arrested.

Authorities also seized a device called an SMS Blaster—technology never before seen in New Zealand.

This device mimics a cell tower, tricking nearby mobile phones into connecting to a fraudulent network.

Smishing is a form of phishing where scammers use text messages to deceive victims into sharing sensitive personal information.

The SMS Blaster sent out thousands of fake text messages, including around 700 in one night, falsely claiming that recipients' bank accounts were under threat of fraudulent activity.

The "SMS Blaster" seized by police.

The messages urged people to click on a link, which then redirected them to a phishing website designed to look like their bank’s official page.

“By working together, we were able to counter this technology, locate the alleged offender, and prevent what could have been large-scale financial losses for many New Zealanders,” said Detective Superintendent Greg Williams of the National Organised Crime Group.

In this case, nearly 120 people were targeted by the scam, but no financial losses have been reported, thanks to the swift response of the agencies involved.

“The device in question is believed to have sent thousands of scam text messages,” Williams added, warning stay vigilant against cyber-enabled fraud.

Joe Teo, Manager of Digital Messaging at the DIA, praised the collaboration between government and industry partners in quickly responding to this threat.

He reminded the public to report any suspicious texts by forwarding them to 7726, a free service designed to combat such scams.

Telecommunications Forum CEO Paul Brislen echoed this sentiment, noting how crucial quick action is in preventing widespread harm to consumers.

“By working closely with banking and law enforcement, we were able to identify and react quickly to this new threat,” Brislen said.

Banks involved in the investigation, including ANZ and ASB, also stressed the importance of cross-sector cooperation.

ANZ’s Head of Customer Protection, Alan Thomsen, reminded customers that the bank would never send texts asking them to log in through a link.

ASB Executive General Manager for Technology, David Bullock, urged customers to be cautious about sharing personal details in response to unsolicited messages.

The arrested man has been charged with interfering with a computer system and is due to reappear in Auckland District Court on 10 December 2024.