Kiwi bargain hunters are set to be targeted by scammers this Christmas, with a Government cyber security agency issuing a warning for online shoppers to be vigilant for bum deals.
CERT NZ director Rob Pope says cybercriminals and scam merchants siphoned more than $36 million from New Zealand victims in the last two years.
Nearly $9m was lost in the last quarter alone, the single biggest quarterly loss on record.
“It’s an unhappy record,” Pope said.
“That $8.9m of loss represents hundreds of New Zealanders and businesses out of pocket to criminals; over 90 per cent going to scams and fraud.
“While it’s easy to be overwhelmed by the large total loss figures, our data shows that most people are losing between $100 and $500, which is a real sting in the pocket for most of us.
“We want New Zealanders to take notice of these numbers and use that as motivation to do some quick, simple actions that will stop them, and their whānau, from being the next targets.”
Data released today shows a huge spike in unauthorised money transfers - where victims hand over their credit card details to pay a small fee for something like a parcel delivery, but are instead unknowingly signed up to monthly subscriptions.
Sixty victims lost a combined $4.83m on this scam in the three months from July to September, a massive jump from previous reporting periods.
Seven people who fell victim to cryptocurrency scams lost a combined $455,000 last quarter, an average loss of $65,000 each.
Another six victims lost a combined $189,000 to investment scams.
Of the 696 reported incidents of scams and fraud, more than half were for buying, selling or donating goods (375), followed by dating or romance scams (65) and tech scams (61).
Romance scam victims lost a combined $590,000 as vulnerable Kiwis parted with their cash in a doomed quest for love.
CERT NZ says there were close to 300 reports last quarter of unauthorised access to people’s bank, email or social media accounts, with a combined loss of $734,000.
The agency warns these types of scams could have devastating financial effects, but also cause significant reputational damage to businesses if confidential client information was compromised.
The number and sophistication of scams continues to rise. The Herald has reported on a Southland pensioner who lost $134,000 when fraudsters accessed his SBS Bank accounts and drained the money in 11 separate transactions to four different banks.
SBS has refused to refund the money. Both police and the Banking Ombudsman have launched investigations.
The Banking Ombudsman is also making inquiries into how Dunedin pensioner Ray Johnson had $100,000 stolen from his Westpac online accounts in July. Westpac intially refused to refund $49,000 that could not be recovered but later backed down after the Herald’s involvement.
Dunedin pensioner Ray Johnson lost $100,000 after thieves gained access to his Westpac online bank accounts. Photo / Peter McIntosh
Pope said one of the reasons behind the large reported losses was an increase in unauthorised money transfers, unauthorised access to accounts, and scams involving buying, selling and donating goods.
Other types of incidents, such as phishing, had recorded corresponding declines.
There are now fresh warnings ahead of Christmas, particularly around Facebook Marketplace transactions, fake retail websites and online shopping.
CertNZ director Rob Pope: "We know that our reporting numbers don't capture the entire picture of cyber threats in New Zealand."
“As we come into the holiday season, New Zealanders will be looking online for bargains and scammers know it. We’re asking everyone to be cautious when they’re shopping online or perusing online marketplaces and be suspicious of anything that seems too good to be true.”
Pope also warned of an increase in investment, romance and fake rental scams, and people asking for money upfront.
“The impact scams can have on individuals isn’t just financial. There’s the stress, confusion, embarrassment and, potentially, reputational damage that can also occur.”
CERT NZ says people should activate two-factor authentication to protect themselves and their money, which was still the “best way to stop baddies accessing your accounts”, both social media and banks.
TIPS TO STAY SAFE
- Use two-factor authentication for added security.
- Never give out your username, password or 2FA codes.
- Be aware of phishing attacks and think twice about clicking on suspect links.
- Report any malicious cyber attacks to CERT NZ.
Take your Radio, Podcasts and Music with you