2026 Case Files - Part 2

Modern banking scams are increasingly focused on manipulating people rather than simply breaking into accounts. This article looks at social engineering, remote-access scams, transaction warnings, privacy concerns, and whether smarter, more contextual protection could help customers pause before money is lost.

The Situation

Over the last few years, banking scams have changed dramatically. The old image of a “hacker breaking into a bank account” is no longer the most common threat many people face.
Increasingly, the situations being seen in IT support environments involve social engineering scams where customers are manipulated into moving their own money, installing remote-access software, or following instructions from someone pretending to help.
At Techmedics, we regularly speak with customers who have experienced scams, remote-access incidents, compromised devices, or suspicious banking activity. Many of these situations involve less technically confident users, and in most cases the attacks rely far more on persuasion and panic than on advanced technical compromise.
This article is not intended as criticism of any particular organisation or person. Financial institutions are under enormous pressure to reduce fraud, protect customers, and respond to increasingly sophisticated scams. Instead, this article is intended as a practical discussion around the balance between security, privacy, customer education, and trust.

The Shift Toward Behavioural Security

Banks are increasingly introducing advanced fraud detection systems designed to analyse how customers interact with online banking platforms.

These systems may look at things such as:

• Typing patterns
• Scrolling and swiping behaviour
• Device trust and usage patterns
• Signs of remote access software
• Transaction anomalies

The goal is understandable. Modern scams often involve criminals convincing customers to install remote-access software, share access, or authorise payments while under pressure. Traditional protections such as passwords, PINs, and one-time codes are no longer enough on their own.
From a cybersecurity perspective, behavioural analysis can help identify situations where something about a session appears unusual or risky.

The Real-World Scam Problem

However, one thing that stands out from real-world remediation work is that many successful scams are not purely technical events.
They are human manipulation events.

A common pattern seen repeatedly looks something like this:

1. A scammer phones the victim on their mobile phone.
2. The victim is persuaded to install remote-access software or follow instructions.
3. The victim remains on the phone while accessing internet banking
4. The victim is coached through the transfer process.
5. The scammer keeps the victim calm, pressured, or confused throughout the interaction.

In many cases the victim is not being “hacked” in the traditional sense. They are being manipulated.
This is an important distinction. The move toward higher numbers of social engineering scams may actually show that many current authentication systems are working. Passwords, multi-factor authentication, and device checks can make it harder for criminals to simply break into an account. So instead, scammers work around the technology by targeting the person using it.
One particularly important issue is that bank intervention calls do not always work effectively anymore. We have seen situations where a bank contacted a customer during a suspicious transaction, but the customer, while still on the phone to the scammer, repeated exactly what the scammer instructed them to say.
At that point, the challenge is no longer just authentication.
It becomes coercion, pressure, and social engineering.

The Growing Role of Remote Access and Money Transfer Platforms

Another pattern becoming increasingly common involves customers being persuaded to create accounts with overseas transfer or remittance services.

Interestingly, in several cases we have seen:

• Customers who had never previously sent money overseas
• Customers who rarely or never shopped online
• Customers suddenly creating international transfer accounts
• Large or unusual transfers occurring rapidly afterward

In some cases, the transfer platform itself detected the unusual behaviour, froze the transaction, and returned the funds to the customer.
This raises an interesting question for the banking industry:
Should more focus be placed on transaction anomaly detection and contextual warnings, especially around new payees, overseas transfers, and unusual customer behaviour, rather than broad behavioural or device-level monitoring?

The Privacy and Trust Conversation

One area that has sparked discussion recently is the level of information some fraud systems collect from customer devices.

Customers are generally comfortable with:

• Passwords
• Multi-factor authentication
• Face ID or fingerprint login
• Transaction alerts
• Suspicious activity monitoring

However, broader device-level collection, particularly around installed applications, can create concern for some users.
Part of the challenge is not necessarily the technology itself, but the clarity of communication around it.

Uncertainty and mistrust naturally increase if customers do not clearly understand:

• What is being collected
• When it is collected
• Whether it only applies during banking sessions
• Why it is considered necessary
• How long the information is kept
• Who it may be shared with

During discussions around these systems, it has emerged that some people are now considering the use of separate “banking-only” phones to limit what information their primary device exposes.
Ironically, this may actually reduce some of the behavioural and device-context information these systems rely upon.

Is There a Middle Ground?

The challenge for banks is genuine. Scam losses are real, and financial institutions are under increasing pressure to protect vulnerable customers.

At the same time, customers increasingly expect:

• Transparency
• Choice
• Privacy
• Proportionality

There may be value in considering a more layered or adaptive approach to banking security.
For example:

Standard Protection

• Strong passwords
• Multi-factor authentication
• Device biometrics, such as Face ID or fingerprint login
• Transaction anomaly detection
• Contextual warnings

Enhanced Protection

This could be optional, risk-based, or applied during higher-risk activity.

• Additional behavioural monitoring
• Higher-risk transaction checks
• Enhanced verification for overseas transfers
• New-payee warnings
• Trusted-contact verification for vulnerable customers
• Additional checks when remote-access software is detected

This type of model may help create a better balance between fraud prevention, customer choice, privacy expectations, and user trust.

The Importance of Customer Education

One thing is clear: many people still do not fully understand how modern scams operate.

In particular, there appears to be an opportunity for stronger public education around:

• Remote-access applications
• “Safe account” scams
• Impersonation calls
• Overseas transfer scams
• Social engineering techniques
• Banking coercion scams

Simple, contextual warnings during high-risk transactions may sometimes be more effective than technical monitoring alone.
For example:

• Has someone told you that your money is unsafe, at risk, or about to be lost?
• Are you currently on the phone to someone who is directing this payment?
• Are you making this payment as part of a remote support call? Genuine remote support should not require access to your bank account.
• Are you being asked to make a purchase, transfer money, or buy gift cards urgently?
• Has someone told you not to speak to your bank, family, or usual IT support person about this transaction?

These types of prompts may interrupt the scam process at the exact moment a customer needs to pause and reassess the situation.
They also speak more directly to what is actually happening in many real-world scams: pressure, urgency, secrecy, and control.

Final Thoughts

There is no perfect solution to modern banking fraud.
Banks, customers, cybersecurity professionals, and regulators are all trying to navigate a rapidly changing landscape where social engineering, remote access scams, and psychological manipulation are becoming more common.
Behavioural security systems may absolutely have a place within that environment.
However, trust, transparency, customer education, proportionality, and meaningful communication remain just as important.
The goal should not simply be more monitoring.
The goal should be smarter protection that customers understand, trust, and feel comfortable using.

This article is intended as a general discussion piece based on practical IT support and scam remediation observations. It is not legal advice, financial advice, or a criticism of any specific organisation. Scam prevention systems and banking security controls continue to evolve across the financial industry.

Need Help?

If you are unsure what is happening with your computer, laptop, phone, or online accounts, Techmedics can help with practical advice, scam-related checks, diagnostics, and repair options from our Kaiapoi workshop.

Ask us about your device

Back to Case Files list

A MacBook Air came in with an unusual fault. It would power on, reach the login screen, and accept the customer’s password, but after login the screen went black with only the mouse pointer visible.
Because the fault appeared after the laptop had been dropped, both hardware and software causes had to be considered.

Why It Came In

• The MacBook powered on normally.
• The login screen appeared as expected.
• The customer’s password was accepted.
• After login, the desktop did not load.
• The screen stayed black, with only the pointer visible.
• The issue started after the laptop had been dropped.

This was not a simple “no display” fault, because the login screen was visible and the Mac was clearly getting partway through the startup process.

What We Checked

We started with the safest checks first. Disk Utility First Aid was run from macOS Recovery against the internal volumes, APFS container, and internal SSD. These checks passed, which meant the drive structure was not reporting an obvious repairable file-system fault.

Safe Mode was also tested, but the Mac still did not load the desktop properly after login. Apple Diagnostics was run and returned no detected hardware issues. Because the fault had started after a drop, external display output was also tested using different adapters and monitors, although no external signal was detected during that testing.

At this stage, the fault appeared to be happening later in the startup process, around the point where macOS tried to load the user’s desktop environment.

What We Found

The internal storage was almost completely full. There was very little free space available, which can stop macOS from behaving normally because it needs working space for temporary files, user sessions, updates, caches, and system processes.

Further investigation found that the customer’s Photos Library was taking up most of the available internal storage. The library was very large for a MacBook with limited internal drive capacity, leaving the system with very little room to operate.

This explained part of the problem, but not all of it. Even after space was recovered, the Mac still returned to the same black screen with pointer after login.

What We Tried

We cleared safe, non-essential storage items first to give macOS enough breathing room to operate. This included removing cache data, old installer files, and other temporary or replaceable items.

The large Photos Library was then copied to an external SSD and verified before being removed from the internal drive. The remaining user data was also backed up before any destructive repair work was considered.

After freeing significant internal storage, we tested login again. The Mac still failed to load the desktop, which showed that the low-storage issue had likely contributed to the fault, but freeing space alone would not resolve it.

A non-destructive macOS reinstall was then attempted from Recovery, as this would normally refresh the operating system while keeping the user data in place. However, Recovery would not complete the reinstall process correctly, so an over-the-top repair was no longer a reliable option.

At that point, with the customer’s data already backed up, a clean erase and reinstall became the safest practical repair path.

Key Insight

The important turning point was that the Mac’s storage problem was real, but it was not the complete fix.

• The internal display could show the login screen.
• Disk First Aid passed.
• Apple Diagnostics found no issue.
• The drive was critically full.
• The Photos Library was the main storage issue.
• Freeing space did not restore the user session.
• A non-destructive reinstall could not proceed cleanly from Recovery.

Once the customer’s data was protected, a clean erase and reinstall became the safest and most reliable repair path.

The Outcome

The customer’s Photos Library was backed up to an external SSD and verified. The remaining user data was also backed up before the internal drive was erased.

macOS was then installed cleanly. After installation, the MacBook was activated, updated, and tested. The customer was contacted and advised that the Photos Library would be kept on or copied to their external drive rather than being restored directly back to the MacBook’s internal storage.

This avoided putting the Mac straight back into the same low-storage condition that had contributed to the original problem.

What This Means

A Mac that reaches the login screen but goes black after login is not automatically suffering from a failed screen or dead storage drive. In this case, the Mac was getting through the early boot process, but the user environment was failing to load.

Very low storage can cause serious macOS problems, especially when the system does not have enough room to create temporary files or load the user session correctly. If the system then crashes, is interrupted, or has already become unstable, freeing space may not be enough to repair the damage.

Large Photos libraries are a common reason smaller MacBooks run out of space, particularly when the library is stored locally rather than optimised through iCloud or kept on external storage.

Key Takeaway

This case was a good example of a Mac that looked more mysterious than it first appeared. The black screen after login suggested a deeper problem than a simple storage warning, but the investigation showed that critically low free space was a major part of the story.

The safest repair path was to protect the customer’s data first, then complete a clean macOS install rather than continuing to force a damaged system to work.

• Macs need enough free storage to load and operate reliably.
• A black screen after login can be caused by macOS or user-session failure.
• A large Photos Library can quickly overwhelm a small internal SSD.
• Data should be backed up and verified before erase/reinstall work.
• Restoring everything back to the internal drive can recreate the original problem.

In this case, the best long-term fix was not just reinstalling macOS, but also changing how the customer’s photo library was stored so the Mac had enough space to operate properly.

Need Help?

If your device is behaving strangely, Techmedics can help diagnose the issue and explain your repair options in plain English.

Ask us about your device

Back to Case Files list