Scam attempts occurring in this country are happening by the second.
With $33 million already lost in New Zealand due to scams last year and the major banks reporting fraudulent activity to have increased by more than 50 per cent this year, it is no surprise government agencies, the telecommunications industry and Netsafe are banding together in an attempt to tackle the ever-increasing issue.
Scams today are elaborate and sophisticated, many international crime rings. Some have become so big that they could be considered a business. Most are believed to be teams of 10 or 20 opportunists, and the authorities are said to be dealing with scam networks with connections as far as India.
• Phone scam: Hundreds of victims as thousands of dollars posted offshore
• Ten common travel scams and how to spot them
• New Zealanders lose $23 million to online scams
• Fears as track and trace parcel delivery scam targets unsuspecting Kiwis
Scams - tricking people into giving away their money - become fraud as soon as a scammer gets hold of a person's personal or financial details to use for their own gain, according to Cert NZ.
Scams come in a variety of forms, ranging phishing, social media and invoice scams, and PC tech support scams which are increasingly on the rise. There is also the 'get rich fast' money scams, investment scams, employment scams, romance scams and the more traditional email scam. The list goes on.
Martin Crocker, chief executive of online safety organisation Netsafe, says tens of millions of scam attempts are aimed at Kiwis each year, with phone and PC tech support scams fast becoming among the most common.
Arguably the most high-profile scam which sees opportunists pretending to be technicians from telecommunications company Spark, claiming to need to urgently fix issues with internet, is said to be on the radar of various government agencies, including Immigration NZ. Police believe there may be hundreds of victims in the ongoing scam that urges people to post hundreds of thousands of dollars in cash across the country or overseas.
Scams and fraud, phishing and credential harvesting, along with unauthorised access, have consistently been the highest reported cyber security incident categories since 2017.
Just under 2000 cyber security incidents were reported to Cert NZ in the second quarter of the year, with scams and fraud outlined as the highest reported category, making up 38 per cent of all reports.
"In 2018, over $33 million of losses was reported to Netsafe alone, and Netsafe is just one of the places people report scams," Crocker told the Herald.
"For us, that was spread across 1500 reports."
Another $23m was lost in the 2019 financial year, though experts estimate actual losses to be a lot higher.
The average amount of money lost per victim in the year was $20,000. But no agency knows the exact number of New Zealanders who are victims of scams.
Crocker estimates the number to be at least 100,000 people. Years ago, he says, what is now known as Stats NZ used to put together a survey which found about 4 per cent of the population had been directly effected by a scam, accounting for about 112,000 people.
"It's really hard to put a number on it. It's one of the things we've been constantly raising at Netsafe; there needs to be some effort made to improved coordination and centralisation of information around scams because I think the problem is a lot worse than we know."
Crocker would like to see the Government step into "coordinate scam reporting".
Two of the major four banks in New Zealand have reported a 50 per cent increase in scams and fraudulent activity in the past 12 months. The country's largest bank, ANZ, says there were $7.3 million worth of fraud attempts at the bank in the year to October. It says fraud attempts rose by 56 per cent, up from $4.6m a year earlier.
BNZ says it has seen a 54 per cent increase in scam victims. It describes the rise in scams as "a tidal wave of criminal activity". It has seen gross fraud and net customer loss increase throughout the year.
"Scams are on the rise everywhere because technology enables them," says Crocker.
"Scams are facilitated by technology so [people] can from one country extract money from victims in another country. The criminal is hugely advantaged, law enforcement is hugely disadvantaged by the technology. It is easy to commit the crime, difficult to enforce the crime, and that's the reason why scams are continuing to rise - and until a significant investment is made in reversing that inequality then scams will continue."
New Zealand was a logical target for scammers due to it being reasonably wealthy and "a small country a long way from a lot of the places the scams are born", he says.
Banks are increasingly moving to educate customers about the sophistication of scams in response to the influx in fraudulent activity.
ASB bank often sends out alert to its online and mobile banking customers outlining current scams doing the rounds. Westpac also sends out warning alerts about current scams and runs presentations and workshops to raise awareness.
Westpac NZ head of financial crime, Tiffany Ryan, says the bank has prevented about $45m in fraudulent activity in the last 12 months.
"Fraudsters and scammers are targeting New Zealanders with increasing frequency and sophistication," Ryan says. "Our financial crime team works around the clock to respond to this threat and is continuously implementing new and enhanced measures to protect our customers.
"Westpac NZ's fraud losses have increased in the past 12 months, however we also prevented approximately $45m in fraudulent activity. The number of scams, their complexity and the average loss are also increasing year on year."
Last year Westpac found that one in three Kiwis had been a victim of a scam or fraud.
Ranking the scams, Netsafe and other prevention organisations say, phone scams are some of the most common - that's because people are falling for them, says Crocker.
"We've seen surges of sexploitation scams, people telling [victims] they have video of them watching pornography and try to get you to pay a ransom basically so they won't release it. We've seen a surge of scams targeting the supermarkets which is to destroy an internal survey and exact personal and financial information, but the big loss scams by dollar value is investment scams, and romance scams."
Whaling, a type of phishing that deliberately targets businesses, such as intercepting emails with payment account information, is another scam with significant financial loss.
How scammers get your information
Email addresses, phone numbers, names, addresses, job titles, online activity and information willing put online, both on social media and on businesses' websites such as when shopping online.
Most scammers are getting personal information from data breaches.
Crocker says there are "huge databases" of personal information that have been stolen or breached are for sale on the dark web. Other ways are through public sources, such as Facebook, LinkedIn, Instagram and Twitter.
"We're on social media ... there's lots of information which if scammers want to take the time they can glean and it helps them to personalise scam approaches to individuals."
He warns not to over share on social media and not to save personal details on websites.
"[If you] are approached, just because somebody knows details about you it doesn't mean they are legitimate. The main things with scams is at someone point they are going to ask for something valuable, and if somebody is asking you for something valuable that's when you need to be cautious and review."
Investment scams see opportunists set up fake websites and portfolios along with business reports and other information to "back-story" their claims.
The most elaborate scam Crocker says Netsafe had seen was scammers calling a partner of a victim to extract details from one person to use it against their partner.
Crocker says many scammers operated as small or medium-sized businesses, similarly "sharing and managing clients".
Nicola Hermansson, cyber security partner at EY NZ, says education is the best way to combat the threat of scams.
"We're online everyday - scrolling and clicking is so embedded in our behaviour, that fraudsters can take advantage of this habit. In business, we know that attackers target people as they are considered the weakest link, and organisations are increasingly realising they can transform their people from the 'weakest link' to their strongest defence," Hermansson says.
"Businesses are moving away from tick box exercises and textbook training to sophisticated gamification that highlights fraudulent practices in a way that reflects the tactics and methods scammers are using. Instead of trawling through a text-heavy training guide, interactive tools help change behaviours by embedding the experience in a relatable way."
She says education and more support needed to be provided to children and the elderly who were the most vulnerable to scams.
Geoff Thorn, chief executive of The Telecommunications Forum (TCF), which is focused on stamping out phone scams, says there is no easy fix for scams.
"We see a large volume of calls coming through the networks and it is often robo-calling until the system finally finds a person at home who picks up the phone and starts talking to them," Thorn says.
"What we're trying to do identify those calls as early as possible to stop them from coming through.
"Scam texts come through, they are much harder to block because of the way they work; they come out in a burst. Some of the things the retailers are doing is that if there is a URL in the scam text then they will block the URL."
In August last year the Telecommunications Forum (TCF) created the Scam Calling Code to enable collaboration between organisations reporting scams to send scam call information to the industry for blocking.
Cert NZ, Commission for Financial Capability, Netsafe and the Inland Revenue have since adopted the code.
"Scams are becoming increasingly sophisticated and harder to stop. What that means is the industry is now working harder to stop scams getting through," says Thorn.
"It's like Whac-A-Mole, as soon as you stop one thing happening, something else pops up somewhere else. There is no single easy fix."
'Money mules' facilitating scams
Being a "money mule" - transferring illegally acquired money on behalf of a criminal - either intentionally or unknowingly - is an offense, punishable of up to seven years imprisonment.
Bronwyn Groot, fraud education manager at the Commission for Financial Capability, says money mules are part of the reason why scams were so widespread in this country. She could not say whether the majority of money mules were doing so willingly.
Some people were money mules without knowing so, but others, and increasingly international students, were "allowing their bank accounts to be used", she says.
"They are knowing [they are being used], but they don't realise the consequences behind it. They think that they are getting a quick buck but what they don't realise is there is actually a crime behind it," Groot says.
It is a growing concern, she says, and a quick fix would be account number and name matching by the banks. "If someone is caught out in a business email compromise and the account number has changed on their invoice so instead of paying ABC Builders Limited the money is actually going to Joe Bloggs who is a money mule then that could be picked up by the account number and name matching process, if the banks had the facility available."
Police recently conducted "Operation Deadwood", arresting 18 money mules, the majority of them were students on visas, and were withdrawing money from their accounts and sending cash in courier envelopes around New Zealand. This was a common example of money mules in this country, says Groot.
Money mules involved in romance scams were another example, though these were unknowingly so, she says.
"The effects of being used as a money mule are really horrible. I recently had a case whereby a gentleman was caught out in a romance scam, he received money he thought was from a person who was going to come [to New Zealand] and marry him, and he was convinced to send that money away and those funds had been stolen through business email compromises.
"It ended up that he is actually going to lose his house to repay the debt, and he is now also facing criminal charges."
How to protect yourself
• Stop oversharing on social media. Think before entering your details online
• Don't share personal information online, including through email
• Put privacy restrictions on your social media accounts
• Never give out your passwords. No legitimate company will ever ask your for your passwords or pin number
• Turn on multifactor authentication for online accounts and devices
• Don't click on web links sent by someone you don't know
• Be wary if a company you deal with changes their payment details
Source: Cert NZ, EY