Good luck to Police Minister Stuart Nash getting his money back after more than $1000 worth of bills from Apple were charged to his wife's credit card.

My "bad Apple" fraud experience was a little less - a few hundred dollars. And Apple were empathetic but it was a case of rotten Apple luck for me.

The money had been taken incrementally over a year, and Apple being the global behemoth that it is, we didn't notice.

Ironically, Nash's family's experience was before a speech he was giving on cyber security, and he related the fraud to the audience at the launch of Mastercard's new cyber safety guide in Wellington yesterday.


It is Cyber Smart Week - and Nash admitted he was "a little bit blasé" when it came to cyber security, and didn't regularly change his passwords.

The irony of the hack that I experienced, is that the Apple password is the one password our family can never remember.

Somehow, in trying to sort the fraud out, we ended up with an Apple account in my name, but with security questions that pertained to my wife.

My wife and I did not have the same first car, so I ended up frustrated and unable to access the account and activate whatever Apple device was tempting me to hurl it out the window at the time.

Similarly, I pumped more than A$20 into a coin-operated phone in a motel foyer on the Gold Coast a few years ago, trying to access our bank account after I was locked out of internet banking.

Turns out I had been using my wife's sign in and password for a decade. And again, I failed the security questions while trying to access money, because I did not know the name of my wife's cat when she was 5.

READ MORE: Editorial: Orphaned lamb happy in a nappy, and loved
READ MORE: Opinion: 'Indigenous gangs' and organised crimes; same in Hawke's Bay?
READ MORE: Māori Language Week: Keep the reo alive and a culture survives

Nash pointed to one of the people in the audience and asked when he had last changed his passwords.


"Well, minister, as it happens I also got hacked in the last week. So last week," the man replied.

It's a good point. Many of us don't change them or use the same password and pin number for multiple devices.

I now have my own online password, and I don't get frustrated when my bank occasionally checks in with me to make sure it is indeed me, before letting me proceed.

Top tips from the guide that Nash helped launch include updating security software, changing passwords, and backing up data regularly - storing it offsite and offline.

By the way, when you change your passwords or pins, avoid numbers related to your street and your birthdays, and passwords that feature pets or your kids.

Don't use "Qwerty" or "123456789" or Password1. Or "Letmein".

Anything that uses the current year is dodgy and so is "Forgodssake". With or without an uppercase G.

It is worth doing. It used to be that the only certainty was change. Add to that, "being hacked". Because sooner or later, it will probably happen to you.