On Wednesday night you heard the Managing Director of Heritage Bank sound a public warning to his customers about phishing scams targeting Heritage customers. But even though the public advisory went out - customers continued to be duped, by clicking on links in phishing mails. That exposed their account information to fraudsters. And, on Thursday, when Duncan and his bank's IT team saw the trend continuing, despite the public warning - he did the unexpected: he took down all his bank's online services. He told us why and what he did next:...

Steve Duncan - Managing Director, Heritage Bank
"Yesterday, we were monitoring the situation and yesterday afternoon, I made a decision to just shut down the system."

"Shutdown which system?"

Steve Duncan - Managing Director, Heritage Bank
"Our online banking system. Just the online component. I needed to curb the activity. I needed to change the pattern. I needed to disrupt the order of things and I say let me shut it down. So I shutdown it down overnight and we decided to get our international processors, service providers to put another layer of verification on top of it for us. So that when you login now with your password, it immediately generates a code that you will use to access your account. That code is unique and you can't use it a second time. It won't be good. So I am comfortable now with this additional layer of security that in fact the validation process, the fraudster, wherever they are, as you say they operate electronically, they will not be able to get that code. So even if they have somebody's password, they can't get in now, because you got that additional code."

The system of using a token code is also in effect at Scotia and Atlantic Banks - whose customers have been targeted in a similar fashion by phishing scams. Duncan says all his bank's online services are back up as of 3:00 pm today.

He explained that - through this phishing attacks - customers have been affected by fraudsters who clean out their accounts - transfer their funds to another account - and then send a Belizean agent to pick up the cash from this new account. They then take the Belize dollars and wire transfer them to Nigeria via Moneygram or Western Union - while taking a cut for themselves.

Channel 7