Russian scammers have created numerous fake NZ Herald websites in an attempt to fleece Kiwis of the credit card details through ads for $1 iPhones.
A clone of the NZ Herald website has been identified, featuring a conspicuously fake article announcing "Apple gives away free iPhones 11 Pro after fire".
An ad within the article then directs readers to a fake Apple website which purportedly allows people to buy iPhone 11s for $1, taking PINs and credit card details in the process.
• Fears as track and trace parcel delivery scam targets unsuspecting Kiwis
• Spark's scam warning: Don't give out your personal information
• Police arrest 13 for money laundering as 'sophisticated phone scam' allegedly costs Kiwis millions
• Phone scam: Hundreds of victims as thousands of dollars posted offshore
NZME, publisher of the Herald, reported the fake site to international IT security agency FraudWatch, which has have since taken down two fake websites, a fake NZ Herald Facebook profile, and numerous Facebook ads for the iPhone fire article.
NZME information security manager Patrick Blampied said the IP addresses of the fake websites were traced to Russia.
The scale and quality of the scam made it "significant", he said.
"This is a pretty good one in the sense there are a lot of phishing emails that go around but there's a bit of effort put into this. The quality's better," Blampied said.
"The quality of the website is reasonably good. The quality of the iPhone page is quite good. So the quality is there and as I assumed the scale will be there too.
"So they'll have multiple versions of these sites for multiple news media companies. It's likely to be a global campaign."
The fake article gave an account of a fire in a warehouse full of Apple products which they were unable to on sell and are giving away for free.
The standfirst for the fake article claims: "No limits in what Apple can do! The company ships the latest iPhone models to the customers absolutely free, after the largest fire occurred at a warehouse in New Zealand".
Blampied said he suspected the scam was not just isolated to NZME and New Zealand.
"I've seen one instance of this case where they've been setting up digital assets for BBC and it's very likely there will be an Australian version, an American version, a UK version. In the past that's what we've seen," Blampied said.
"When we've seen the Herald cloned previously with fake articles with John Key promoting Bitcoin we've noticed that the exact same stuff has been populated across LA Times, all sorts of sites. So it's likely a global campaign.
"I don't have the evidence on that, but I've seen one instance where they had BBC involved."
Aucklander Phoebe Simmons entered the fake site via a Facebook ad today and said she was clicks away from entering her credit card details when she wisened up to the scam.
"The second it involved money, a dollar button, the credit card details, I thought there's something not right with that, too good to be true," Simmons said.
"Honestly if it wasn't for the fact that I glanced at the URL, that made me think 'nah is that actually the site?' I would have fallen for it hook line and sinker.
"All the NZ Herald branding and everything was all over it. I think I'm pretty savvy with technology and that was the only thing."
After the fake NZ Herald sites were taken down by FraudWatch, they redirect to the official Skittles site in an apparent joke.
"Slightly amusing, with one of these fake websites it's been designed so that when it goes down it routs off to a web page for Skittles the lollies," Blampied said.
"The real homepage it seems. Why they chose that I don't know, but it's quite colourful with a silly little squirrel doing dumb things. There might be an inside Russian joke."
If readers have entered their PINs into the site there will be potentially serious consequences for them, Blampied said.
"Capturing your information can be used for impersonation or for further scams or whatever, or to add your computer to a bot net," he said.
"In the credit card form you're charged $1 and supposedly you get a phone but then really your card just ends up on the black market and it will be sold for the balance of the card.
"Black Friday sales have already started in the US. Cyber Monday is coming up soon. It's one of the biggest online retail periods of the year. It's not surprising that such scams are starting to appear. I advise people to be very wary online at this time."