Suspicious spam calls or texts, and how to deal with them
Often it's easy to spot a scam or bogus message a mile off. We've all received those emails announcing that you've won Lotto in a country you've never been to, or that you're set to inherit money from royalty.
But that's no reason to get complacent, as sometimes they can be pretty convincing!
Here's some helpful info around protecting yourself from scam attempts - which is crucial to keep your identity and your finances safe.
Jump to section: Tips to avoid getting duped | Knowing whether you're being scammed | Common scams | Phishing, what's that? | Reporting a scam attempt
Tips to avoid getting duped
- Think twice before giving out your personal details, make sure you can trust both where it's going and who it's going to.
- Use separate passwords for your online accounts, and think about enabling two-factor authentication.
- Steer clear of using insecure passwords like birthdays, addresses, kid's or pets' names, and sequences like 1111 or 1234.
- Keep your computers anti-virus, web browsers and any other devices (like your phone) up to date.
- If an email looks a bit dodgy, trust your gut - delete it and don't ever click a link if you don't 100 percent trust it.
- Be wary about any contact out of the blue - even if it's they're saying they're from an organisation you deal with/trust. For instance Electric Kiwi will never call you asking for personal info like your password or login details.
- Even if a company you do recognise calls you, if you're not completely sure if it's legit just hang up and contact them via an official channel like their website or call centre.
- Multiple missed calls from an ‘unknown’ number or a number you don’t recognise? Ignore it and don't text back. Better to be safe than sorry.
Knowing whether you're being scammed
Generally scam attempts fit into two categories. Either something that sounds too good to be true like a great deal or prize win, or something a little more serious like an overdue account or computer virus.
Whichever angle they take - a scammer's plan is to make you trust them. Just because they know your full name, address and date of birth, doesn't mean they are legit.
As a general rule, if they tick all four of the below boxes - you're being scammed
- Someone you don’t know contacted you unexpectedly
- They're promising you something great for little time or money
- They're asking you for personal information or to do something
- When you say you're going to hang up and call an official number, they are desperate to either keep you on the line, or provide you a number to call.
That's not to say they need to tick all four boxes!
There's some great info on the Government's Consumer Protection NZ website around different types of scams and how to navigate the, and the NZ Telecommunications Forum (TCF) has a bunch of stuff their website too.
Common Scams
Technical Support
This one involves calling you unexpectedly explaining that they need to "fix" your computer or modem - often asking to install software to "get rid" of a virus or resolve internet issues.
They may even suggest taking control of your computer or providing ‘remote access’ support. It's likely they'll sound very convincing and claim to be from a respected or well known company - but this is almost certainly a scam.
Microsoft, Apple or any other large provider will not call out of the blue and offer ‘technical support’ for your computer. Do not give access to your computer or share your login details.
Unknown (usually) international calls
These can be difficult to spot, but often start with a missed call from an international number you're not familiar with.
The Wangiri ‘one ring’ scam is one of the more well known versions. Scam callers will ring (often from overseas) and hang up before you get a chance to answer. The end goal is to trick you into calling back - as the number they call from will charge you a premium calling fee when you return the favour.
We'd recommend ignoring any calls from overseas if you don't recognise the number, aren't expecting a call or it's not a country you're familiar with - wait until they leave a message so you can make an informed decision (it will cost them to leave a voicemail which will help you gauge the legitimacy).
If you keep receiving these types of calls, contact us to report it.
The online pop-up
Ever been looking at a website and have a message appear saying that you’ve won a prize? Unfortunately as tempting as they can be, they aren’t real - even if they look like they’re from a company you have an account with. Don’t click the link or give any personal details.
Fake social media pages or competitions
Scammers will sometimes create fake social media pages using the details from a legitimate brand, company or public figure. Once again this is in an effort to trick users into giving information, or even to spread malware (software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system). Look out for warning signs like unrealistic prizes, poor spelling or grammar, if they send you suspicious links, or if they are asking you for personal details. Check for official verification badges, such as the blue checkmark on platforms like Facebook and Instagram. If you do stumble across one of these pages, make sure to report and block it via whatever platform you're using.
The FluBot scam
This harmful app that only impacts Android phones currently is circulating via text message (iPhones can also receive the FluBot message but can’t be infected). They may look harmless like an update from a courier, a banking notification or even a security warning.
These are just a handful of examples - it’s best to stick to the rule of not clicking on any link if you don’t recognise the sender. These messages contain a link and ask you to click. Clicking the link will ask you to download software onto your phone. Your phone is only infected with the FluBot if you accept and download the software they request.
Once infected by the FluBot, your phone will start sending spam messages to multiple people at random. These messages don’t show in your messaging app history.
- Just received one of these messages?
Please report the message by forwarding it free-of-cost to 7726. Once you’ve reported - you can delete it. - Clicked the link in the message?
If all you’ve clicked the link but didn’t install the software, your phone should still be safe. You should still forward the message to [7726 and then delete it. -
Clicked the link and downloaded the app?
Unfortunately you’ll need to factory reset your phone. Bear in mind doing this will delete all apps, photos, emails, messages, and contacts stored on your phone.If you restore your phone from a backup, use a backup taken before you installed the FluBot malware. Before you factory reset your phone, you should still forward the message to 7726 and then delete it.
Then you'll need to check with your bank there hasn't been any suspicious activity on your account, change all your online passwords, and report the incident to CERT.
More info on scams
Consumer Protection NZ, Netsafe and NZ Telecommunications Forum (TCF) are all great ways to keep updated on the latest scams doing the rounds.
Phishing, what's that?
Phishing is a type of online scam where attackers try to trick you into giving them your personal info. This could be anything from your user name and passwords, credit card details, bank details or even other personal info. They often do this by pretending to be someone you trust, like your bank, a popular website, or even a friend.
A common tactic involves sending you an email that on face value, looks legit. The email may say there’s an issue with your account and that you need to click a link to fix it. When you click the link, you’re taken to a website that looks real. When in reality it’s a fake - set up by the scammer to steal your information.
Phishing can also happen through text messages, social media, and phone calls. Scammers are always finding new ways to get you to trust them and hand over your personal info. As with other scams, they might pretend to offer you something too good to be true.
Always be sceptical of these sorts of messages. Don’t click on links or download attachments if you don’t know or trust who they are from. If in doubt, go directly to the website or contact the company through a method you trust.
Oh, and in case you were wondering - it’s pronounced the same as “fishing”. Phishing attempts are unfortunately getting more sophisticated - so don’t get baited!
Reporting a scam attempt
All scam attempts, successful or otherwise should be reported to Netsafe. They accept reports of all scams — it doesn’t matter if they are via the internet, phone or even another method.
Netsafe receives reports each year that add up to tens of millions of dollars lost to scams and fraud. When you report a scam, it helps Kiwis and strengthens our collective security - so it’s worth reporting even if you didn’t fall for it yourself.
Reporting scam calls
If you’re receiving suspicious phone calls, report them to our team via live chat on our website or by sending us a PM on Facebook. If possible we’ll investigate the source further, and if the calls are coming from a New Zealand number, it’s possible for us to block these numbers.
It’s super helpful if you can provide us with the time, date and number that called you - as well as some details on the call itself.
Reporting phishing or scam texts
Don’t reply to these messages as it often will indicate to the scammer they have a ‘live’ connection. As well as this, some scammers use a premium-rate number which costs you to respond.
Forward the message free of charge to the Department of Internal Affairs on 7726 (SPAM) to report it. This can also be reported to Netsafe.