Stay alert to common scams this holiday season

The holiday season is hectic, and we aren't always aware of red flags.   

We do a lot more shopping – buying and selling – online and that comes with risks. Cybercriminals use the season as an opportunity to try and trick us into: 

• buying items that don’t exist,
• clicking on links to webpages asking for personal or financial information, or
• downloading malicious software, like viruses or spyware. 

Marketplace Scams 

This can happen with both buying and selling goods.  

When selling, scammers will pretend to show interest in buying something you're selling. They will try to convince you they have paid – for example by showing you a fake screenshot of a bank transfer – so you will send the items, but the money will never arrive, and they will stop communicating. 

Another common scenario is the scammer asking to organise their own shipping. They send you a link to a website that may look like NZ Post, for example, asking you to enter your financial or personal information. Money is then taken from your credit card.  

A scammer may also pretend to be selling something on social media. You pay for the item, only for it to never show up or you receive the wrong item. 

How to protect yourself 

• If you’re buying from an online marketplace, it’s best to pay with cash on collection
• If the buyer or seller’s Facebook profile was set up recently be cautious as this is one of the signs for a scam account
• Do not click on any links sent you by the buyer or seller. And if you do, do not enter any personal or financial information, no matter how legitimate the site may seem.  
• Don't send the product until you verify the payment in your account. 

Online Shopping Scams

These scams often involve fake websites or non-existent goods, and shoppers are lured in by low prices.  
We recommend you always shop from reputable sources. Make sure to check the website's authenticity.  
Always remember to be wary of deals that seem too good to be true. Because they probably are! 

How to check

A good deal is hard to pass up, but there are things to do before you click to hand over money or your details.

• A good deal is hard to pass up, but there are things to do before you click to hand over money or your details.
• Check if the URL in the address bar starts with HTTPS not HTTP. It's not a guarantee, but the lack of HTTPS is certainly a red flag.
• Also check the URL is for a legitimate site. Recently we have seen a lot of scam sites using well-known brand names in the URL, followed by *-nz.com or *-newzealand.com instead of *.co.nz.
• Check the Contact Us page of the website. Scam sites will often have little to no information on their contact us page, usually just an email form to fill out.
• Check out independent online reviews to check whether a shopping site is real, and people are happy with the service. 

Phishing Scams

Phishing is where a scammer sends an email or a text message pretending to be from the likes of a bank, government agency or other legitimate organisation or business, usually asking the recipient to click on a link or open an attachment. 

To protect yourself:

• Check where the message has come from. The part of the email after the @ should be the same as the company or agency's website (for example, @nzta.govt.nz).
• For text messages, check the mobile number. Most big, reputable organisations will send messages to customers via short code numbers that are only 3 or 4 digits long. Be wary of any messages sent from a full phone number, especially an international number.
• If the message is asking you to click on a link, the webpage should be on the genuine website of the organisation (for example, nzta.govt.nz). In general CERT NZ advises New Zealanders to never click unsolicited links in text messages.
• Do not click on any link in a text message even if it looks genuine. Instead, you can go to the company’s website and look for more information there. For example, you can look up where a parcel’s at on the postal agency’s website. If the message is about an unpaid toll or a pending rego, you can search NZTA’s website with your car registration number. 

The Holiday Shipping Scam

During this time of year, you might be waiting for packages to arrive with your gifts. Scammers take advantage of this by impersonating delivery and package services to get you to give up personal or bank details.

These emails and texts claim to come from courier companies, and claim you have a pending parcel delivery. The message will ask you to click a link or open an attachment to accept delivery, except it’s all false. The attacker may want to get our personal information to use for other attacks, or to trick us into making a payment to have the non-existent parcel delivered. 

How to check

• If you’re not expecting a delivery, don’t click the link or open the attachment.
• Even if you are expecting a delivery, don't click the link. Go to the website and search for your tracking number yourself. 
• Call the courier company through their official number to check that the delivery notice is legitimate.