2026 Case Files - Part 2

Four Techmedics workshop case files from 2026, including repair investigations, insurance assessments, unusual faults, and practical information for customers.

Privacy note: All Techmedics Case Files are anonymised before publication.

Case Files in this collection

Case File #005: Security, Privacy, and Banking Scams in 2026: Finding the Middle Ground

Modern banking scams are increasingly focused on manipulating people rather than simply breaking into accounts. This article looks at social engineering, remote-access scams, transaction warnings, privacy concerns, and whether smarter, more contextual protection could help customers pause before money is lost.

The Situation

Over the last few years, banking scams have changed dramatically. The old image of a “hacker breaking into a bank account” is no longer the most common threat many people face.
Increasingly, the situations being seen in IT support environments involve social engineering scams where customers are manipulated into moving their own money, installing remote-access software, or following instructions from someone pretending to help.
At Techmedics, we regularly speak with customers who have experienced scams, remote-access incidents, compromised devices, or suspicious banking activity. Many of these situations involve less technically confident users, and in most cases the attacks rely far more on persuasion and panic than on advanced technical compromise.
This article is not intended as criticism of any particular organisation or person. Financial institutions are under enormous pressure to reduce fraud, protect customers, and respond to increasingly sophisticated scams. Instead, this article is intended as a practical discussion around the balance between security, privacy, customer education, and trust.

The Shift Toward Behavioural Security

Banks are increasingly introducing advanced fraud detection systems designed to analyse how customers interact with online banking platforms.

These systems may look at things such as:
  • Typing patterns
  • Scrolling and swiping behaviour
  • Device trust and usage patterns
  • Signs of remote access software
  • Transaction anomalies

The goal is understandable. Modern scams often involve criminals convincing customers to install remote-access software, share access, or authorise payments while under pressure. Traditional protections such as passwords, PINs, and one-time codes are no longer enough on their own.
From a cybersecurity perspective, behavioural analysis can help identify situations where something about a session appears unusual or risky.

The Real-World Scam Problem

However, one thing that stands out from real-world remediation work is that many successful scams are not purely technical events.
They are human manipulation events.

A common pattern seen repeatedly looks something like this:
  1. A scammer phones the victim on their mobile phone.
  2. The victim is persuaded to install remote-access software or follow instructions.
  3. The victim remains on the phone while accessing internet banking
  4. The victim is coached through the transfer process.
  5. The scammer keeps the victim calm, pressured, or confused throughout the interaction.

In many cases the victim is not being “hacked” in the traditional sense. They are being manipulated.
This is an important distinction. The move toward higher numbers of social engineering scams may actually show that many current authentication systems are working. Passwords, multi-factor authentication, and device checks can make it harder for criminals to simply break into an account. So instead, scammers work around the technology by targeting the person using it.
One particularly important issue is that bank intervention calls do not always work effectively anymore. We have seen situations where a bank contacted a customer during a suspicious transaction, but the customer, while still on the phone to the scammer, repeated exactly what the scammer instructed them to say.
At that point, the challenge is no longer just authentication.
It becomes coercion, pressure, and social engineering.

The Growing Role of Remote Access and Money Transfer Platforms

Another pattern becoming increasingly common involves customers being persuaded to create accounts with overseas transfer or remittance services.

Interestingly, in several cases we have seen:
  • Customers who had never previously sent money overseas
  • Customers who rarely or never shopped online
  • Customers suddenly creating international transfer accounts
  • Large or unusual transfers occurring rapidly afterward

In some cases, the transfer platform itself detected the unusual behaviour, froze the transaction, and returned the funds to the customer.
This raises an interesting question for the banking industry:
Should more focus be placed on transaction anomaly detection and contextual warnings, especially around new payees, overseas transfers, and unusual customer behaviour, rather than broad behavioural or device-level monitoring?

The Privacy and Trust Conversation

One area that has sparked discussion recently is the level of information some fraud systems collect from customer devices.

Customers are generally comfortable with:
  • Passwords
  • Multi-factor authentication
  • Face ID or fingerprint login
  • Transaction alerts
  • Suspicious activity monitoring

However, broader device-level collection, particularly around installed applications, can create concern for some users.
Part of the challenge is not necessarily the technology itself, but the clarity of communication around it.

Uncertainty and mistrust naturally increase if customers do not clearly understand:
  • What is being collected
  • When it is collected
  • Whether it only applies during banking sessions
  • Why it is considered necessary
  • How long the information is kept
  • Who it may be shared with

During discussions around these systems, it has emerged that some people are now considering the use of separate “banking-only” phones to limit what information their primary device exposes.
Ironically, this may actually reduce some of the behavioural and device-context information these systems rely upon.

Is There a Middle Ground?

The challenge for banks is genuine. Scam losses are real, and financial institutions are under increasing pressure to protect vulnerable customers.

At the same time, customers increasingly expect:
  • Transparency
  • Choice
  • Privacy
  • Proportionality

There may be value in considering a more layered or adaptive approach to banking security.
For example:

Standard Protection
  • Strong passwords
  • Multi-factor authentication
  • Device biometrics, such as Face ID or fingerprint login
  • Transaction anomaly detection
  • Contextual warnings
Enhanced Protection

This could be optional, risk-based, or applied during higher-risk activity.

  • Additional behavioural monitoring
  • Higher-risk transaction checks
  • Enhanced verification for overseas transfers
  • New-payee warnings
  • Trusted-contact verification for vulnerable customers
  • Additional checks when remote-access software is detected

This type of model may help create a better balance between fraud prevention, customer choice, privacy expectations, and user trust.

The Importance of Customer Education

One thing is clear: many people still do not fully understand how modern scams operate.

In particular, there appears to be an opportunity for stronger public education around:
  • Remote-access applications
  • “Safe account” scams
  • Impersonation calls
  • Overseas transfer scams
  • Social engineering techniques
  • Banking coercion scams

Simple, contextual warnings during high-risk transactions may sometimes be more effective than technical monitoring alone.
For example:

  • Has someone told you that your money is unsafe, at risk, or about to be lost?
  • Are you currently on the phone to someone who is directing this payment?
  • Are you making this payment as part of a remote support call? Genuine remote support should not require access to your bank account.
  • Are you being asked to make a purchase, transfer money, or buy gift cards urgently?
  • Has someone told you not to speak to your bank, family, or usual IT support person about this transaction?

These types of prompts may interrupt the scam process at the exact moment a customer needs to pause and reassess the situation.
They also speak more directly to what is actually happening in many real-world scams: pressure, urgency, secrecy, and control.

Final Thoughts

There is no perfect solution to modern banking fraud.
Banks, customers, cybersecurity professionals, and regulators are all trying to navigate a rapidly changing landscape where social engineering, remote access scams, and psychological manipulation are becoming more common.
Behavioural security systems may absolutely have a place within that environment.
However, trust, transparency, customer education, proportionality, and meaningful communication remain just as important.
The goal should not simply be more monitoring.
The goal should be smarter protection that customers understand, trust, and feel comfortable using.

This article is intended as a general discussion piece based on practical IT support and scam remediation observations. It is not legal advice, financial advice, or a criticism of any specific organisation. Scam prevention systems and banking security controls continue to evolve across the financial industry.

Need Help?

If you are unsure what is happening with your computer, laptop, phone, or online accounts, Techmedics can help with practical advice, scam-related checks, diagnostics, and repair options from our Kaiapoi workshop.

Ask us about your device

Back to Case Files list

Case File #006: The MacBook That Logged In to a Black Screen

A MacBook Air came in with an unusual fault. It would power on, reach the login screen, and accept the customer’s password, but after login the screen went black with only the mouse pointer visible.
Because the fault appeared after the laptop had been dropped, both hardware and software causes had to be considered.

Why It Came In

  • The MacBook powered on normally.
  • The login screen appeared as expected.
  • The customer’s password was accepted.
  • After login, the desktop did not load.
  • The screen stayed black, with only the pointer visible.
  • The issue started after the laptop had been dropped.

This was not a simple “no display” fault, because the login screen was visible and the Mac was clearly getting partway through the startup process.

What We Checked

We started with the safest checks first. Disk Utility First Aid was run from macOS Recovery against the internal volumes, APFS container, and internal SSD. These checks passed, which meant the drive structure was not reporting an obvious repairable file-system fault.

Safe Mode was also tested, but the Mac still did not load the desktop properly after login. Apple Diagnostics was run and returned no detected hardware issues. Because the fault had started after a drop, external display output was also tested using different adapters and monitors, although no external signal was detected during that testing.

At this stage, the fault appeared to be happening later in the startup process, around the point where macOS tried to load the user’s desktop environment.

What We Found

The internal storage was almost completely full. There was very little free space available, which can stop macOS from behaving normally because it needs working space for temporary files, user sessions, updates, caches, and system processes.

Further investigation found that the customer’s Photos Library was taking up most of the available internal storage. The library was very large for a MacBook with limited internal drive capacity, leaving the system with very little room to operate.

This explained part of the problem, but not all of it. Even after space was recovered, the Mac still returned to the same black screen with pointer after login.

What We Tried

We cleared safe, non-essential storage items first to give macOS enough breathing room to operate. This included removing cache data, old installer files, and other temporary or replaceable items.

The large Photos Library was then copied to an external SSD and verified before being removed from the internal drive. The remaining user data was also backed up before any destructive repair work was considered.

After freeing significant internal storage, we tested login again. The Mac still failed to load the desktop, which showed that the low-storage issue had likely contributed to the fault, but freeing space alone would not resolve it.

A non-destructive macOS reinstall was then attempted from Recovery, as this would normally refresh the operating system while keeping the user data in place. However, Recovery would not complete the reinstall process correctly, so an over-the-top repair was no longer a reliable option.

At that point, with the customer’s data already backed up, a clean erase and reinstall became the safest practical repair path.

Key Insight

The important turning point was that the Mac’s storage problem was real, but it was not the complete fix.

  • The internal display could show the login screen.
  • Disk First Aid passed.
  • Apple Diagnostics found no issue.
  • The drive was critically full.
  • The Photos Library was the main storage issue.
  • Freeing space did not restore the user session.
  • A non-destructive reinstall could not proceed cleanly from Recovery.

Once the customer’s data was protected, a clean erase and reinstall became the safest and most reliable repair path.

The Outcome

The customer’s Photos Library was backed up to an external SSD and verified. The remaining user data was also backed up before the internal drive was erased.

macOS was then installed cleanly. After installation, the MacBook was activated, updated, and tested. The customer was contacted and advised that the Photos Library would be kept on or copied to their external drive rather than being restored directly back to the MacBook’s internal storage.

This avoided putting the Mac straight back into the same low-storage condition that had contributed to the original problem.

What This Means

A Mac that reaches the login screen but goes black after login is not automatically suffering from a failed screen or dead storage drive. In this case, the Mac was getting through the early boot process, but the user environment was failing to load.

Very low storage can cause serious macOS problems, especially when the system does not have enough room to create temporary files or load the user session correctly. If the system then crashes, is interrupted, or has already become unstable, freeing space may not be enough to repair the damage.

Large Photos libraries are a common reason smaller MacBooks run out of space, particularly when the library is stored locally rather than optimised through iCloud or kept on external storage.

Key Takeaway

This case was a good example of a Mac that looked more mysterious than it first appeared. The black screen after login suggested a deeper problem than a simple storage warning, but the investigation showed that critically low free space was a major part of the story.

The safest repair path was to protect the customer’s data first, then complete a clean macOS install rather than continuing to force a damaged system to work.

  • Macs need enough free storage to load and operate reliably.
  • A black screen after login can be caused by macOS or user-session failure.
  • A large Photos Library can quickly overwhelm a small internal SSD.
  • Data should be backed up and verified before erase/reinstall work.
  • Restoring everything back to the internal drive can recreate the original problem.

In this case, the best long-term fix was not just reinstalling macOS, but also changing how the customer’s photo library was stored so the Mac had enough space to operate properly.

Need Help?

If your device is behaving strangely, Techmedics can help diagnose the issue and explain your repair options in plain English.

Ask us about your device

Back to Case Files list

Case File #007: The Domain Trap: Who Actually Owns Your Website?

Many businesses assume they own their website because they paid for it. Years pass and then they need to move provider, fix email, update their site, or recover a login, they may discover the domain, web-hosting or email accounts are not fully under their control.

The Situation

A website is not just “the website”.

Behind it are several important parts: the domain name, DNS records, website hosting, email hosting, website logins, and registrar account.
If those pieces are not under the business owner’s control, moving or fixing the website can become much harder than it needs to be.

Everything Works Until It Doesn’t

Often this problem does not appear straight away. The website works. The email works. Invoices get paid. Customers keep using the same web address.
Nobody thinks to ask who actually owns the domain, where the website is hosted, or who has the login details.

Then, years later, something changes. Maybe the business wants a new website or needs to be moved. The old web provider stops replying or the domain simply does not get renewed in time.

That is when the hidden problem appears.

  • nobody knows where the domain or website is hosted
  • nobody has the correct login details
  • the domain name is not registered in the business owner’s name
  • the website hosting is controlled by someone else and the email setup is tied to the same hosting
  • the DNS records are sitting in an old account

The business has discovered that although they have paid for a website they do not actually hold the keys.

Paying for It Is Not the Same as Controlling It

This is more common than most people realise.

We have seen situations where a customer paid for the domain, paid for the website, paid for the designer’s time, and still did not properly own or control the domain. The domain had been registered under the web designer’s name instead of the business owner’s name.

That might not seem like a problem while everyone is getting along.
But if the relationship breaks down, the business can suddenly find itself in a very weak position. The provider may refuse to release the domain, delay the transfer, or demand a large payment before handing it back.

A Real-World Warning

There have also been publicly reported cases in New Zealand where a business relationship with a website provider broke down and the business discovered that important parts of its online setup were not properly under its control.

One Canterbury case reported by Stuff in 2011 involved a business and a dispute over web addresses connected with the business. The article reported that traffic and search visibility became part of the problem, and the Domain Name Commissioner at the time said the case highlighted the importance of businesses making sure websites developed on their behalf were registered in their own name.

That is the part every business should pay attention to. The argument afterwards is almost beside the point. Once the domain, website, email, or traffic path is controlled by someone else, the business is already in a vulnerable position.

Why It Matters

Your domain name is your online address. If you do not control the domain, you do not fully control where your website points or where your email goes.

Your Domain Controls More Than Your Website

Domain names are not just for websites.
They also control important background records, including DNS. DNS tells the internet where to send your website traffic and, in many cases, where to send your email.

If the wrong person controls the domain or DNS, it can turn into:

  • emails suddenly going to the wrong place or stopping altogether
  • lost access to website hosting
  • trouble resetting passwords for important business accounts
  • trouble moving to a new provider
  • extra cost recovering or rebuilding the site as well as delays going live

A disagreement with a web provider can quickly become more than just a website problem.

Your Email Is Often the Master Key

For a business, email is often more important than the website itself. Missing a website enquiry is frustrating, but losing access to business email can mean missed jobs, missed invoices, unhappy customers, and a whole lot of unnecessary stress.

There is also another risk many businesses forget: password resets. Supplier portals, finance software, Microsoft 365, Google accounts, software subscriptions, social media accounts, website logins, cloud services, and other online tools are often connected to the company email address.

If the business loses access to its domain or email, it may also lose the ability to recover those accounts. You may still know which supplier, software, or service you need, but if the reset link goes to an email address you no longer control, getting back in can become slow, stressful, and sometimes very difficult.

Business email should never be treated as “just email”. It is often the master key for the rest of the business.

You Can Lose Years of Online History

There is also the long-term search engine problem.
If a business has used the same domain for years, that domain may have built up search history, backlinks, customer bookmarks, directory listings, printed advertising, vehicle signage, business cards, email signatures, and word-of-mouth recognition.

Yes, a new domain can be created. Yes, a new website can be built. But the new domain starts from a weaker position. Customers may still search for the old name. Old links may stop working. Search engines may take time to understand the new setup. Emails sent to the old address may never arrive.

If the business loses their domain, it does not just lose a web address, it can lose a large part of its online history.
Domain ownership is not just a technical detail. It is a business continuity issue.

What We Recommend

The first step is to find out who controls each part of the setup. Do this before there is a problem.

Know Where It Is and Who Can Access It

Every business should know where its important digital services live and how to access them.

That includes:

  • where the domain name is registered, and who it is registered to
  • who controls the DNS records
  • where the website is hosted, and how to access the hosting account
  • where business email is hosted, and whether it is bundled with the website
  • how to log in to the website admin area
  • how to log in to Microsoft 365, Google Workspace, or the business email admin account
  • where key backup, security, software, and account details are recorded

The domain should be registered to the business owner or business entity, not the web designer, not the previous IT provider, not an ex-staff member, and not “someone who set it up years ago”.
A web designer, IT provider, or marketing company can still help manage the domain. That is normal. But managing it is not the same as owning it.
Those details should be recorded safely, kept up to date, and available to more than one trusted person.

One person leaving, retiring, changing provider, or forgetting a password should not put the whole business at risk.

Do Not Cancel Anything Blindly

If the setup is messy, do not start cancelling things blindly. That can break the website, email, domain renewal, or account recovery process.
Before changing anything, check the email setup carefully. If professional email addresses are involved, losing the domain can affect both current and future email. That means invoices, customer enquiries, supplier messages, password resets, security alerts, and Microsoft 365 or Google Workspace records may all be affected.

Work out what is safe to move, what needs to be recovered, and what can be rebuilt.

Fix the Ownership First

A practical recovery plan starts with working out what the business actually controls, what can be recovered safely, and what needs to be rebuilt or moved. This may include:

  • confirming who legally controls the domain
  • recovering registrar access and moving the domain into the business owner’s name if possible
  • checking DNS before changing hosting
  • separating email from old website hosting if needed
  • backing up the old website before any move or rebuild
  • redirecting old pages where possible to protect search history
  • checking which business accounts rely on that email address
  • updating important account recovery addresses

In some cases, recovering the old website is not worth the time or cost. If the site is small, outdated, broken, or has poor search value, a cleaner and safer option may be to register a new domain under the business owner’s name, build a fresh website, set up hosting and DNS properly, handle email safely, and recover the old domain if possible.

The goal is not just to get a website online. The goal is to make sure the business owns and controls its own digital setup.

What This Means

In simple terms, your website is not really yours unless your business controls the important parts behind it. You can pay for a website, use it for years, and still find that someone else controls the domain name, hosting, DNS, or email records.

Your domain name is one of the most important digital assets your business has. It controls where your website goes and, in many cases, where your email goes too. If someone else controls the domain or DNS, your business may not have full control over its own online presence.

Business email is also more than just a mailbox. It is often the recovery address for supplier accounts, financial tools, software licences, website access, cloud services, social media, AI accounts, and other important systems. If your domain or email access is lost, the damage can quickly spread from missed messages to password resets, account recovery, invoices, customer contact, and business reputation.

Key Takeaway

It’s not about being paranoid. It is about making sure your business owns and controls the digital assets it depends on. A domain problem can quickly become a website problem, an email problem, a customer problem, and a reputation problem.

  • Make sure your business is the registered owner of its domain name.
  • Do not assume paying for a website means you own the domain.
  • Know who controls your domain, website hosting, and business email.
  • Keep all admin logins and recovery details recorded safely.
  • Know where your domain name, website and email are registered and hosted.
  • Treat your business email as a master key (i.e password resets), not just a mailbox.

The important thing is to check now, not when a provider dispute, domain renewal problem, website rebuild, or email failure forces you to find out who actually holds the keys.

The best time to check ownership and access is before something goes wrong.

Need Help?

If your device is behaving strangely, Techmedics can help diagnose the issue and explain your repair options in plain English.

Ask us about your device

Back to Case Files list