Whangārei woman Pat Fowler is urging others to be vigilant after narrowly avoiding falling victim to a sophisticated email scam.
The 82-year-old opened an email on Monday which appeared to be from Vodafone and was "very professionally done".
Fowler, who is a Vodafone customer, said she had recently been speaking with the real company about changing her phone plan.
The email said she had answered their survey and was a lucky winner of a flash new cellphone.
"It all fitted perfectly and I had to pick out which colour I wanted for a phone."
She said the email said she only had to pay for shipping, which was $3.
Fowler said she clicked on the link and began filling out details such as her name and address.
She said the page had the little padlock icon and a message saying it was a secure site at the top of the page, which made her believe it was legitimate.
But it was when she got to filling in her card details that she hesitated.
While she still had the page open, she decided to call Vodafone and ask them. She said after "a bit of waiting" on the phone, the company told her it was definitely a scam.
Fowler wants to warn others after seeing how easily she could have been caught.
"It just would be so easy to get sucked in," she said.
"These things are so professional. Just be careful because it doesn't matter whose name's on the top of it people just take it on."
She said she is normally quite cautious "but this one was really very good".
Fowler said things like television adverts for legitimate competitions to win things like vouchers can complicate matters.
"I'm working on the policy if it sounds too good to be true it most probably is."
In a statement, Vodafone said different types of scams pop up from time to time.
"An important one to watch out for is an unsolicited email where someone asks for your personal details. In these cases you should treat the email in the same way you treat an unsolicited call of this nature - simply don't engage with them."
The company said it cannot stress enough how important it is to always be on your guard with calls or emails from people you don't know. Typically they will contact you from overseas - but sometimes be spoofing off a New Zealand number - and are either trying to sell you something or asking you for money.
"As always, Vodafone urges customers to always be vigilant about communications of this nature - if something seems a bit off or too good to be true, it usually is."
Netsafe chief executive officer Martin Cocker said this type of scam is called an email phishing scam and is very common.
"Phishing is when a scanner sends an email to a large group of people and tries to get personal information such as bank account numbers and passwords, so they can use it to impersonate or defraud people."
He said usually the email addresses have been obtained in a data leak.
"Scammers use a variety of tactics to get details, such as the fake competition prize used in this particular scam. These emails can look very real, and some will even use the branding of a legitimate organisation to make the email seem genuine."
Cocker said it's very common to use telecommunications company branding.
He said anyone who has given bank or credit card details to the scammers should contact their bank immediately. Anyone who has given away any passwords to online accounts should change their passwords immediately.
"If you think you've received a phishing email that is pretending to be from a legitimate brand, you can forward the email to them so they are able to keep track of scam emails using their branding."
Netsafe Email Phishing 101 Guide
• Be cautious about emails asking you to update or verify your details online.
• Be cautious of emails saying you've won prizes from competitions that you don't remember entering.
• Be cautious of emails that try to get you to act quickly by threatening you with legal action or loss of an account.
• Ignore any emails asking you to provide personal information like passwords, or banking information.
• Remember legitimate organisations like banks will never ask you to send them your password.
• Only open email attachments when you're expecting them, even if you know who the sender is.
• You can also try an internet search using the names or exact wording of the email to check for any references to a scam – many scams can be identified this way.
• If you're unsure if an email is from a legitimate organisation, you can contact them to ask. If you do contact them, make sure you go through their official contact channels – don't use the phone numbers, websites or email addresses included in the email.