GrownUps New Zealand

Avoid holiday scams – fight back against phishing! Tips from CERT NZ

‘Tis the season… for lots of thieving! The season of goodwill is often a bumper time for scammers as we all are busier, more stressed and a perhaps a bit too keen for those too-good-to-be-true offers, so says CERT NZ – Cybersecurity NZ scammers.

Over the holidays, they see an increase in scammers trying to trick us into buying non-existent items or accidentally giving away our personal information by simply clicking a button.

Scammers are always looking for a chink in the armour – and one unguarded place they often find is how much we trust the businesses we deal with every day, often using a technique called phishing.

Nothing to do with rods and reels, this is where the scammer sends you an email or letter, or gives you a call pretending they’re from a familiar company – your bank, telco or even the IRD. When it seems like it comes from a trustworthy source, you’re far less likely to worry when giving out your password, or letting someone have remote access to your computer.

Phishing consistently ranks as one of CERT NZ’s top reported categories, with over 3,000 phishing incidents reported to date.

“We know that phishing can be hard to spot, and easy to fall for. At CERT NZ we recommend putting simple cybersecurity steps in place so that if you do experience a phishing incident, you can recover quickly. The CERT NZ team is also here to help. If you receive a phishing email, or if you’re just not sure, report it online at www.cert.govt.nz/report,” advises CERT NZ Director Rob Pope.

Phishing attacks can be difficult to identify, but knowing a bit more about what to look for can help you spot them and send the scammers packing.

Spotting a phishing email

A phishing email is where a scammer sends an email pretending to be from a legitimate organisation. It might look like it’s from your bank or a government agency and can be really convincing – it will use the same fonts and logos and will be sent from an email that looks really (but not quite!) legitimate.

This email will ask you to do something – usually open a link or download an attachment, which will either infect your computer with a virus or give the sender access to your personal or financial information.

A really common phishing email that preys on that lovely Christmas spirit is one that looks like it’s from a courier company. Oh, a present that’s to be delivered – how nice! That seems harmless enough, but click on a link to ‘claim’ the parcel and you’ll be giving the sender your personal information. This is then used to access your finances or other attacks. You could also be asked to pay to have the parcel delivered.

What to look for

Scammers are really clever – they prey on your emotions, whether that’s excitement, loneliness, fear or openheartedness! It’s best to assume every email is suspicious until proven innocent! Here’s what to look for:

Spotting a phishing website

Phishing websites will offer you gifts, rewards or amazing bargains – and they look really real. The aim is to get you to click a link and provide personal or financial information. Phishing websites might also make you pay for products or services that don’t actually exist.

What to look for

When you’re cash-strapped over the holidays, a good deal is especially hard to pass up – but if it seems too good to be true, it probably is! Before you make a purchase or enter your details, check on a few things.

Think you might have been phished? Here’s what to do

If you think you might have been phished, report it to CERT NZ. They can help you work out what to do next.

If you’ve given out personal and financial details, all’s not lost! Move quickly and you’ll minimise any fallout:

You can learn more about cybersecurity here at CERT NZ.