“ Avoid the worst. Put safety first.
― Anonymous

Scams & Fraud

Online scams are intended to manipulate or trick people into giving away their personal details, financial details, or money.

Internet scams continue to evolve, and can vary widely. The term generally refers to someone using internet services or software to defraud or take advantage of victims, typically for financial gain.

Cybercriminals may contact potential victims through personal or work email accounts, social networking sites, dating apps, or other methods in attempts to obtain financial or other valuable personal information.

Many successful internet scams have similar endings: Victims either lose their own money or fail to receive funds the fraudster promised.

A scam becomes fraud when a scammer gets someone’s personal or financial details and uses them for their own gain, or receives money from their target under false pretences. Fraud is a criminal offence.

While some scammers will simply ask their target directly for money, others will be more subtle about what they want. They can trick you into parting with personal or business details that they can use to:

  • get access to your finances
  • steal your identity
  • buy goods or services
  • access your business networks or systems.

Most Common Types of Online Scams

Phishing: The top online scam today is Phishing. Internet thieves prey on unsuspecting users by sending out phishing emails. In these emails, a cybercriminal tries to trick you into believing you are logging into a trusted website that you normally do business with. This could be a bank, your social media account, an online shopping website, shipping companies, cloud storage companies and more. 

Another type of popular phishing scam is the Nigerian Prince, or 419 scam.  These are phishing emails in which you’re asked to help bring large sums of money into the country, cash phony money orders or wire money to the thief. The trick is that the scammer first asks you for a small fee because the larger sum of money is “tied up” whether it be in wire transfer fees, processing fees or some other tall tale.

Fake AV: One close to our industry is fake security software, which is also known as scareware. These start with a pop up warning saying that you have a virus. Then the popup leads the user to believe that if they click on the link, the infection will get cleaned up. Cybercriminals use the promise of “Free Anti-Virus” to instead implant malware on a victim’s device.

Social Media Scams: Social media scams are a variety of posts you will see in your news feeds- all with the goal of getting you to click on a link that could potentially be hosting malware. 

Mobile Scams: Mobile scams can come in many forms, but the most common are phishing apps. These apps are designed to look like the real thing, just like phishing emails. It is exactly the same premise, however, instead of emails, the malware is passed through a fake app. 

Social Engineering Scams: Social engineering is a way that cybercriminals use human-to-human interaction in order to get the user to divulge sensitive information. Since social engineering is based on human nature and emotional reactions, there are many ways that attackers can try to trick you- online and offline.

Money scams are common online. They include ‘get rich quick’ schemes like the Nigerian prince scam, unexpected prizes, fake auctions and any other number of scams intended to part people with their money — or with personal details that the scammer can use for their own gain.

Romance scams are where a scammer takes advantage of someone looking for a relationship online. Scammers will use dating sites and apps or social media to build a relationship with someone. Once they’ve gained the person’s trust, the scammer will start to ask for money, gifts or personal details that can be used to commit fraud. They often use fake profiles to make it harder to track them down.

Scam and fraud prevention

There’s a number of ways you can protect yourself against scams and fraud.

  • Be alert to the fact that scams exist. When dealing with uninvited contacts from people or businesses, whether it’s over the phone, by mail, email, in person or on a social networking site, always consider the possibility that the approach may be a scam. Remember, if it looks too good to be true, it probably is.
  • Know who you’re dealing with. If you’ve only ever met someone online or are unsure of the legitimacy of a business, take some time to do a bit more research. Do a Google image search on photos or search the internet for others who may have had dealings with them. If a message or email comes from a friend and it seems unusual or out of character for them, contact your friend directly to check that it was really them that sent it.
  • Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them: If unsure, verify the identity of the contact through an independent source such as a phone book or online search. Don’t use the contact details provided in the message sent to you.
  • Don’t respond to phone calls about your computer asking for remote access – hang up – even if they mention a well-known company such as Telstra. Scammers will often ask you to turn on your computer to fix a problem or install a free upgrade, which is actually a virus which will give them your passwords and personal details.
  • Keep your personal details secure. Put a lock on your mailbox and shred your bills and other important documents before throwing them out. Keep your passwords and pin numbers in a safe place. Be very careful about how much personal information you share on social media sites. Scammers can use your information and pictures to create a fake identity or to target you with a scam.
  • Keep your mobile devices and computers secure. Always use password protection, don’t share access with others (including remotely), update security software and back up content. Protect your WiFi network with a password and avoid using public computers or WiFi hotspots to access online banking or provide personal information.
  • Choose your passwords carefully. Choose passwords that would be difficult for others to guess and update them regularly. A strong password should include a mix of upper and lower case letters, numbers and symbols. Don’t use the same password for every account/profile, and don’t share your passwords with anyone.
  • Review your privacy and security settings on social media. If you use social networking sites, such as Facebook, be careful who you connect with and learn how to use your privacy and security settings to ensure you stay safe.  If you recognise suspicious behaviour, clicked on spam or have been scammed online, take steps to secure your account and be sure to report it.

  • Beware of any requests for your details or money. Never send money or give credit card details, online account details or copies of personal documents to anyone you don’t know or trust. Don’t agree to transfer money or goods for someone else: money laundering is a criminal offence.

  • Be wary of unusual payment requests. Scammers will often ask you to use an unusual payment method, including preloaded debit cards, gift cards, iTunes cards or virtual currency such as Bitcoin.

  • Be careful when shopping online. Beware of offers that seem too good to be true, and always use an online shopping service that you know and trust. Think twice before using virtual currencies (like Bitcoin) – they do not have the same protections as other transaction methods, which means you can’t get your money back once you send it. See Shopping online safely.

If you’re affected by a scam or fraud

Here’s what to do if you’ve been targeted by a scam or fraud online.

  • If you gave out some personal or financial details:
    • contact the service provider for your online accounts — like your bank or your email provider. Let them know what’s happened and ask what they can do to help.
    • change the passwords for any online accounts you think might be at risk
Visit CERT NZ for more information. 
Visit ACSC for more information.