Amid growing reports of hacking and online scams, reporter Georgia Forrester chats to experts about which scams are hurting people the most, what to look out for, and how to keep safe online.
In the past few months, New Zealanders have lost more than $5.3 million to scammers.
Netsafe’s new quarterly report shows that although there has been a decrease in overall scam reports, the amount of money lost has increased by 21.3 per cent.
According to the online safety organisation the average loss in the past quarter was more than $6400 – an increase of 50 per cent.
* Scammers using online Steam gift cards prompts warning
* Waikato DHB ransomware attack: Half of servers restored in past four days
* 350 cyber attacks on NZ in last year, a third by state-sponsored exploitation groups
* Online trading scams prompt caution from police
* NetSafe reports ‘drastic’ jump in online fraud losses
* Scam victims out of pocket to tune of $10.1 million
“Nearly $15m has been reported as lost to scammers this year which is an alarming trend,” Netsafe chief executive Martin Cocker said.
To put this in context, about $19m was reported lost in the 2020 fiscal year, he said. The year before that, $33m was reported as being lost to scammers.
Reports of scams and fraudulent activity online, especially reports around the hacking of information and data breaches, have been making headlines around the globe recently.
Last month, Waikato DHB was the target of a cyber attack. In March a mass hack of Microsoft emails occurred, and more recently, America’s largest fuel pipeline, the Colonial Pipeline, was targeted in a ransomware attack.
According to the latest data from Cert NZ, Kiwis reported more than 1400 cyber security incidents from January 1 to March 31, 2021, which was a 25 per cent increase on the same time period last year.
A total of $3m in direct financial loss was reported over this period, which was a 7 per cent increase from the last quarter of 2020, incident response manager Nadia Yousef said.
Cert NZ is New Zealand’s government authority on cyber security. In a statement, Yousef said that during the same three-month time period, the organisation received 451 reports of scams and fraud incidents.
Types of scams to look out for
A scam or a fraud is any scheme designed to con people out of money or steal personal information. Often contact from a scammer is made over the phone, through the post, by email, on a website, in person or on social media.
Speaking to Stuff, Cocker said one of the most common scams are phishing emails.
Phishing is when someone tries to get personal information, such as bank account numbers, personal details or passwords. Often, scammers will send out a phishing email to many people in the hope that some of them will fall for it. Phishing scammers will often claim to be from a legitimate organisation, such as a bank or government agency, or have some kind of deal or prize to be claimed.
Phishing attempts can often look genuine because the scammer is impersonating a trusted organisation or person. These types of scams can also vary, with scammers using email, text or even calling to try and extract personal information from victims.
A popular phishing scam Cert NZ has seen is the $1 dollar shipping scam, where people receive an email or text saying an attempt to deliver a parcel to them had been made and it was being held a distribution centre. People are asked to follow a link and pay $1 to release the package, but Yousef said this is a known scam that attempts to get people’s credit card details.
Cocker said the scams that typically draw the most money out of New Zealander’s pockets are relationship and trust fraud, as well as consumer investment fraud.
A romance scam involves a scammer pretending to be in a relationship with someone online in order to get money out of them.
Usually these scammers pretend to be someone they’re not, using photos of people found online. Once they’ve gained the trust of the person they’ve targeted, they will use various stories to get money or details from that person.
Investment scams involve getting a person or business to part with money on the promise of a ‘financial opportunity’ which is faked. Some scams operate by sending out emails, or setting up fake websites, which advertise too good to be true deals or even cryptocurrency investment opportunities with attractive returns. Scams could also offer direct sales of cryptocurrencies which don’t result in any transfer once the victims have paid.
Data from Netsafe showed the most reported category related to relationship and trust fraud, followed by consumer investment fraud. The average loss for a romance scam was more than $28,700.
Netsafe also sees waves of fake sextortion email scams, Cocker said. This scam involves false claims that scammers have hacked a person’s device and taken intimate recordings of the person using porn websites. Often via email, the scammers threatens to release the video unless the victim pays them a sum of money.
“We know the number of losses reported to Netsafe represent only a fraction of the money lost. Sometimes people can be too embarrassed to seek help, or they simply don’t know where to go for support which can add to the harm they experience,” Cocker said.
Online shopping scams are commonly reported to Cert NZ. This includes scams with knock-off items, such as fake Gucci wallets. The items may never show up, or may be much cheaper items than what people have paid for.
Yousef said they’ve also received a number of reports of people buying new mobile phones on Facebook for a significantly low price and then not receiving them.
Invoice fraud is another type of scam. It occurs as a result of business email compromise and can incur the highest individual financial loss across all scam types, Yousef said. This is when scammers get access to email inbox of company and use the information to create fake invoices, or to change the receiving bank account number on real invoices.
Yousef said that scams vary and often change to match current events, but how they work remains the same. “If a deal, opportunity or investment seems too good to be true, it probably is.”
What to look out for
“Scams are so prevalent online and so common, that they can look like multiple different things. From fake support services – phone calls from people saying they can repair your computer – to the lottery scams where you get sent a ticket in the mail… and then told to log on to a website. There are just so many different ways that scams are delivered to people,” Cocker said.
But there are some red flags people can look out for, such as; if you don’t recognise the company name or sender of an email, if the email refers to you in a generic or odd way – for example, ‘Dear You’, or if the email contains bad grammar or spelling.
Experts Stuff spoke to recommended people double-check the website address, look out for suspicious links, or even hover over a link with your mouse to see if the address matches the place it’s saying it’ll take you.
If it looks suspicious, don’t click or open it. Don’t open a web link sent by someone you don’t know, or that seems out of character for someone you do know. If you’re not sure about something, contact the person you think might have sent it to check first, Cert NZ advises.
It also advises people to check to see how the companies you deal with – like your health care provider – will contact you, so you’re more likely to recognise what’s a legitimate request and what isn’t.
If you’re buying something online, double-check the website address and that everything is legitimate before you click pay. Being aware that things can be faked online, and having your guard up is important, Cocker said.
“There’s a key moment in every scam that should ring alarm bells and that is when you’re asked to pay for something that it is not normal to pay for, or you’re asked to provide information that’s not normal to provide,” Cocker said.
“The key for the scammer is that they’ve got you to the point where you’ve lowered your guard enough to accept the request. And so, the key for us is to never allow ourselves to get to that point when our guard is lowered and we accept a request without doing our own due diligence.”
Dr Rizwan Asghar, a senior lecturer at the University of Auckland’s school of computer science, added that people should look out for any calls or emails where an unknown sender asks for an urgent reply, and said people can also ask a friend, IT department or an expert for a second opinion.
For businesses, it was important to make sure their security measures were up to date, he said.
What to do if you find yourself in a scam
For people who are drawn into scams, it is a “horrible life experience”, Cocker said.
“Speed is of the essence,” he said. If people think they may have been involved in a scam, quickly get in touch with your bank, and speak to agencies who can offer advice, he said.
“As soon as you think you’re in a scam or someone you know is in a scam, engage with the support agencies as quickly as possible.”
To report an online incident, go to Netsafe or visit Cert NZ for more information on cyber security.