top of page


Online scams are intended to manipulate or trick people into giving away their personal details, financial details, or money.

"Scam" is derived from scamp (“swindler, cheater”) or Irish cam (“crooked”). More than $600,000,000 is lost to scams each year. March is the most common month for scams - in fact more than double any other month.

People over 65 receive more than twice the number of scams than any other age group - they are perceived to be more gullible. Females receive more than males by almost a factor of three!

A scam becomes fraud when a scammer gets someone’s personal or financial details and uses them for their own gain, or receives money from their target under false pretenses. Fraud is a criminal offence.

While some scammers will simply ask their target directly for money, others will be more subtle about what they want. They can trick you into parting with personal or business details that they can use to:

  • get access to your finances

  • steal your identity

  • buy goods or services

  • access your business networks or systems.

  • Phishing is a type of email scam, where the sender pretends to be a trustworthy organisation — like a bank or government agency — in an attempt to get you to provide them with personal information, like your internet banking login details.

  • Social media scams are where the scammer pretends to be someone you know and ask you for money. For example, they’ll say that the money is to help them get home as they’re stuck somewhere with no access to funds, or that they need to pay for unexpected medical costs. Social media scams prey on people’s good nature and their desire to help others.

  • Invoice scams affect both businesses and individuals. Scammers send fake invoices requesting payment for goods or services that you didn't ask for or receive. They often say that the due date for payment has passed, or that your credit rating will be affected if they’re not paid.

  • Tech-scam calls are where scammers call people at home pretending to be from a well-known tech company like Microsoft. They often request remote access to your PC or device claiming they need to repair an issue or install a software update. They do this to try and gain access to your private and financial information. 

  • Money scams are common online. They include 'get rich quick' schemes like the Nigerian prince scam, unexpected prizes, fake auctions and any other number of scams intended to part people with their money — or with personal details that the scammer can use for their own gain.

  • Romance scams are where a scammer takes advantage of someone looking for a relationship online. Scammers will use dating sites and apps or social media to build a relationship with someone. Once they’ve gained the person’s trust, the scammer will start to ask for money, gifts or personal details that can be used to commit fraud. They often use fake profiles to make it harder to track them down.

  • The URL name is unusual. Imagine you're shopping online for a specific pair of designer sunglasses and you stumble upon a website called, let's say, ''. Clicking on it, the website name suddenly changes to something else entirely, perhaps ''. While the website may look legitimate with the brand's logo at the top, products featured and secure payment options available, the reality is it's likely a scam or the sunglasses are fake. Scammers may use a URL that is very similar to a known legitimate website but with small, easy-to-miss differences. A legitimate retail website always has a clear and common URL name, without variations in brand or company spelling.  Scammers may use a URL that is very similar to a known legitimate website but with small, easy-to-miss differences such as an extra dash, underscore, a capital I instead of lowercase L or an extra letter – so pay attention to detail

  • The price is too good to be true. We all love a good bargain. But before you press the 'buy now' button, consider the possibility that your cut-price dream item might just be too good to be true. From expensive jewelry to in-demand electronics, brand clothing to designer sunglasses, there's no bargain in losing your money or disappointingly receiving inferior counterfeit products. So, how can you tell whether that unreal deal is actually 'unreal'? Red flags for deals that seem 'too good to true' include product advertising at an unbelievably low price or which feature amazing magical benefits, as well as the seller creating a sense of urgency to purchase the product as it's a one-time only offer so you don't miss out.

  • It's missing information and has spelling errors and poor phrasing. A website may look like the real thing, but how does it read? Scam websites are often riddled with poor grammar and spelling errors.  In addition, essential user privacy information, the website's terms and conditions of use, and seller contact details may appear generic, very limited or missing entirely. Check if the website has a 'Contact us' page and if it does, that the information is actually provided. Consumers need to be cautious when a website only offers customers an online contact form – businesses offering goods or services should list a phone number or email address and a place of business where consumers can contact them. It's also worth checking they have a returns policy and that it sounds fair – if not, it could be a red flag.  A legitimate company would never publish copy on their website that is sloppy or filled with errors. So if you read the fine print and discover it's not as professional as it should be, it may be wise to steer clear.

  • It has damning reviews. Before you buy anything from an unfamiliar website, check out the reviews previous users have left about their experiences. If there are regular issues around a website's customer service or legitimacy, it's more than likely someone has already been burned – so you may be able to learn from their mistakes to save yourself the hassle. Websites such as Trustpilot, ProductReview and Google provide user reviews on businesses and websites. If the website has social media channels, you can check for reviews there, too. However, not all the reviews you read online will be legitimate. Reviews are also highly subjective, which may not be reflective of the experiences of the majority of consumers who have not bothered to share an online review. Watch out for fake reviews. Some tell-tale warning signs are, if multiple reviews are written word-for-word or by the same user it could be a sign of a scam. If the review is not describing the product that is being sold, it may not be legitimate. Also look at how old the reviews are – if they're all relatively recent and are overwhelmingly positive or lacking in information, they could be fake.

  • It has unusual payment methods. One of the biggest red flags for a scam website is how it accepts payment. If a website demands you pay using a money order, preloaded money card, virtual currencies such as Bitcoin, direct bank transfer, wire transfer or direct debit to an unusual account, alarm bells should start ringing. Scammers sometimes steer you to pay using unusual methods such as money order, pre-loaded money card or wire transfer. Some scammers will use traditional payment options, and if this is the case, you may be able to claim your money back. However, this depends entirely on which payment option you used. Generally, credit cards don't offer the same level of buyer protection as other payment methods such as credit cards or PayPal, which has a buyer protection system in place. 

  • It's missing a padlock and trust seal. There should be a padlock icon on the URL bar at the top left of your browser window. If it's not there, it's not a secure site and you should not provide your personal or financial details. The padlock is there to advise users of the website's coding and security. Webpages that have a secure sockets layer (SSL) properly installed have a green padlock next to the URL and also have the more secure https:// prefix instead of http:// (without an 's'). But that's not to say that all websites with that little padlock can be trusted. Scammers are incredibly smart and have ways to get fake security certificates and get those little URL padlocks on their websites, regardless. So even if it's there, you should still remain sceptical.


  • Contact details are suspicious. It's worth checking the street address of the email or website - often it can be an abandoned building, does not actually exist or is in the process of being sold. These are all red alerts! Check that the phone number matches the country code. A common error by scammers is to locate the business in, say Australia, but the phone number is a 1-800 number (U.S.A.).

  • Don’t give out  personal information online, whether on social media or by email.

  • Never, never, never give out passwords on-line. 

  • Put privacy settings on your social media accounts and don’t add too many personal details to your profile.

  • If a friend asks you for money on social media, call or email them to confirm their request is legitimate — don’t pay without checking first.

  • Turn on multifactor authentication for your online accounts.

  • Choose unique passwords for your online accounts — don’t use the same password for every account you have.  

  • Never store usernames and passwords on your computer! Do not use password manager software or apps.

  • Never use a regular credit card for on-line purchases. Instead use a debit card (and better if from a different bank to your regular one)

  • Don’t click on web links sent by someone you don’t know, or that seem out of character for someone you do know. If you’re not sure about something, contact the person you think might have sent it to check first.

  • Don’t pay invoices for any goods or services that you didn’t ask for or receive. Be wary if a company you often deal with changes their account payment details unexpectedly. If you’re unsure about an invoice, call the business directly to check the details before you pay.

  • Always check your bank statements.

  • Get a regular credit report to check that no accounts have been opened in your name without your knowledge.

  • Try to remember that if something seems to be too good to be true, it probably is.

Phone scams are a common problem, and with scammers becoming increasingly sophisticated in their approaches, it can be difficult to recognise a scam call.

A scam call may have one or more of these common characteristics:

  • Unexpected contact from someone claiming to be from a trusted organisation, such as a bank, utility provider or even a charity.  


  • The call could come from a blocked or foreign number, but scammers can also disguise the number to look local using a method called number spoofing.

  • Requests for money or personal information such as credit card details or passwords over the phone.

  • Pressure to make a decision quickly or face negative consequences.

  • Telling you that there is a problem with your computer and that they can help you fix it. 

  • Telling you something that you think is too good to be true such as winning a prize in a competition that you don’t remember entering.

Be wary of 'out of the blue' contact.


  • A telecommunications company would never call a customer out of the blue and request remote access to their device/s. If this happens to you, it is a scam, and the best action you can take is to hang up.

  • It is only when a customer has requested assistance to troubleshoot a technical issue, that a provider will suggest remote access.  So the request will always be initiated by the customer and additional security measures will be in place. 

  • Similarly, a telco would never ask for credit card details over the phone to fix or diagnose a problem.

  • Ignore the calls and caller’s instructions.

  • Do not provide any personal details at all including your name, your spouse or relative names, driver licence details, passport details, contact details, credit card details, bank details, or transfer of money over the phone or through Cryptocurrency (Bitcoin, Ethereum, Litecoin, Monero etc.) or gift vouchers or cards (iTunes etc.)

  • Scammers may use caller ID spoofing technology to mask the phone number the call is coming from, and display a different number. Calls that appear to be from a local number, or number that belongs to someone you know, may not be originating from New Zealand at all. If you receive a suspicious call from a local number, hang up, wait five minutes, then call the number back to check the validity of the request (this step does not provide 100 per cent guarantee as scammers may purchase NZ numbers and use them to funnel calls overseas, but provides good verification in case they are spoofing spouse/friend/relative or NZ government agency/company numbers).

  • If you think you may have shared credit card or bank details with a scammer, call your bank immediately. If you may have shared a password, change it along with any other accounts that use the same login information. It can also be worthwhile to scan your computer for viruses if a scammer may have accessed your computer.

  • Report any incidents of scam calls, including Wangiri calls, to your service provider. If you are the victim of a targeted scam where the callers have access to your personal information, also contact NZ Police or CERT NZ.

  • Switch off the device (phone or computer) if you’ve followed any instructions given by the scammer and take it to an authorised technician.

  • Change any passwords on a different device to the one that has been accessed by scammers.

  • If you receive an unexpected phone call that seems suspicious, the best action to take is to hang up. Do not share any personal information with the caller. 

  • If the caller has told you they are from a particular company, ring the company (find their number elsewhere, don’t call back the number they called you from) and alert them to the call you have just received. They will let you know if it was a legitimate call. 

  • Please also report any instances of suspected scam calls to your telecommunications provider so they can investigate the matter and block the number if necessary.  It is helpful if you can provide your telecommunications provider with:

  • Your name
  • Your account number  

  • Your contact number  

  • The number you received the call on 

  • The number you received the call from (if this is available) 

  • The time and dates that the calls were received 

  • A description of what happened on the call


  • All scams should also be reported to Netsafe, regardless as to whether it was an internet, phone or other type of scam, and regardless of whether or not you were tricked by the scam. 

bottom of page