“It couldn’t happen to me”

Across New Zealand, almost 9,000 cyber-crime incidents were reported in 2021, with a total loss of just under $17 million. This was up 13% on 2020, and that number is only expected to rise every year. 

At OneChoice, we work hard to make sure your personal information is secure. But no matter what processes and technology we have in place to help keep you safe, awareness will always be the best way to protect yourself against the rising threat of scams.

Okay, but what exactly is a scam?

An online scam could be disguised as an offer of easy money, a great bargain, exclusive knowledge or even a new relationship, all designed to trick you out of your hard-earned money or steal your personal information.

Scams can find their way to you in an email, SMS or instant messaging, on a dating website or social media platform like Facebook or Instagram, video calls such as Skype or FaceTime, online surveys, or even a USB drive posted to your address.

Have you been contacted by someone out of the blue? Have they promised you something, or asked you to do something for them? Be careful, it could be a scam.

Most scams fall into the following categories:

  • Buying or selling scams are designed to trick you into handing over your money for fake products or services, usually through fake websites that look like the real thing or by sending you authentic-looking bills or invoices for things you’ve never ordered.
  • Dating and romance scams lure people who are looking for a romantic partner with fake profiles, then use emotional triggers to trick or guilt them into providing money, gifts, or their personal details.
  • Fake charity scams often impersonate genuine charities, asking for donations that are linked to natural disasters such as the Christchurch earthquake of 2010/11.
  • Investment scams offer potential victims an opportunity to make money, such as fake property or business deals or a gambling system that “can’t-miss”.
  • Jobs and employment scams are designed to trick you into paying for exclusive training or guaranteed access to a dream role that you don’t have the qualifications or experience for.
  • Threats and extortion scams are often originated by scammers who pretend to be from the police or government, threatening to release sensitive information about you, imprison you, or even threaten your life if you don’t hand over money or your personal information.
  • Unexpected money scams involve promises of a large sum of money, such as an inheritance from a distant relative, but require you to hand over your personal information or pay a fee to release the funds.
  • Remote access scams convince potential victims to hand over control of their computer or other device, with scammers often pretending to be from your electricity or gas company, or internet or phone provider.
  • Unexpected win scams trick you into handing over money or your personal information in order to receive a prize from a lottery or competition that you have never entered.

More on cyber security

Hints and tips to help protect yourself

When it comes to your online security, make sure you follow these hints and tips:

  • Never share your PIN, security codes or passwords with anyone.
  • Never write your password down and leave it where someone else might find it, such as your computer or on the fridge.
  • Never click on any links in unsolicited emails or text messages. Known as phishing, clicking on these links can give scammers access to your electronic device, allowing them to steal personal information such as your passwords, bank details and credit card numbers. These links often look legitimate but take you to a fraudulent website.
  • At any time, be aware that the accounts of your friends or other contacts could be compromised and controlled by a third party. Before clicking on any link, no matter who it’s from, always move your mouse over the link to see where the link will take you to. If anything looks suspicious, confirm with the sender by contacting them through a different channel of communication.
  • Never reply to an email or text message that asks for your personal information. Verify any request with the sender by contacting them directly through a different communication channel.
  • Never give anyone access to your computer remotely, especially if you have been contacted out of the blue by someone you don’t know.
  • Ensure your electronic devices are secured using biometric features such as Two-Factor Authentication (thumbprint or facial recognition), and always make sure your anti-virus software is up to date.
  • Never use an obvious password, such as your birthday or your pet or child’s name, as a scammer can easily work these out by searching your social media accounts. Consider using a password generator to create unique, complex passwords for your devices and accounts. Change your passwords regularly and don’t reuse the same password on more than one account or device.
  • Never store your passwords on a browser. Use a password manager to store them securely instead.
  • Avoid connecting to a public Wi-Fi network. If you must use public Wi-Fi, never conduct any banking or login to websites that require your personal details.
  • Never use a USB drive unless you know where it came from.
  • Don’t answer calls from any phone numbers that you don’t recognise.
  • Be wary of any business that requests an unusual payment method, such as direct fund transfer, money order, pre-loaded card, wire transfer, gift cards, or cryptocurrency. Confirm the request with the sender by contacting them directly through a different communication channel.
  • Be wary of any new friend requests or potential romantic partners who ask for money or gifts soon after meeting them.
  • Avoid any offer that pressures you into making a decision.
  • If you’ve received an offer that seems too good to be true, it probably is — this could include things like high-end fashion or popular electronic devices at bargain-basement prices, or a once-in-a-lifetime return on investment.
  • If we send you an SMS or email, it will clearly identify us and provide a contact number. If you are ever in doubt about any message you receive from us, always go directly to our website by typing onechoice.co.nz into a new browser window rather than clicking on any links in an email or SMS. It’s always better to safe, rather than sorry.

Stronger together

According to CERT NZ’s 2019 Cyber Security Plan, one of the New Zealand government’s top five priorities is making sure all Kiwis are cyber aware. This includes creating a culture where we can all feel safe online, and know what to do if something goes wrong.

While it’s almost impossible to protect yourself from falling for a scam, you can greatly reduce your risk of becoming a victim by knowing how scammers work. To help educate yourself, CERT NZ and the National Cyber Security Centre (NCSC) provide up-to-date information on how you can identify and avoid scams. You can also follow CERT NZ on Twitter for up-to-date alerts.

What to do if you’ve been scammed

Even when you have the best information, you can still fall victim to a scam. To help minimise further damage, follow these simple steps: 

  1. Hang up – As soon as you realise you’ve been scammed, hang up the phone or shut down your browser window.
  2. No payments – Don’t send any more money, even if someone promises they can retrieve your lost money for a fee.
  3. Let your bank know – Ask your bank or credit union to put your accounts and credit cards on hold, or cancel them if necessary.
  4. Security – Change the passwords on all your accounts and devices, creating a unique password for each. Update your anti-virus software.
  5. Log it – Report the incident to CERT NZ to help them crack down on any illegal activity.
  6. Tell others – Scammers rely on us being secretive, so telling your friends and family about the scam helps make sure everyone you talk to will be better prepared to avoid scams in the future.

For more detailed information on what to do if you fall victim to a scam, the New Zealand government’s Consumer Protection website has a host of invaluable resources and a complete list of organisations that you can speak to if you need more help.

If you’re concerned that you’ve been scammed by someone impersonating OneChoice, please contact us immediately. The sooner we know about your situation, the sooner we can take steps to minimise any further damage.

What should I do if my personal information is impacted by a data breach?

Data breaches occur when information being held by a bank, medical facility, educational institution, government department or commercial business has their online security breached, exposing confidential records and databases to hackers and other criminals.

Hearing that your personal information has been involved in a data breach can be stressful, but you can minimise any damage by taking the following steps:

1. Confirm – When hearing about a breach, either directly or on the news, contact the affected party directly to make sure you aren’t being targeted by a scam. One easy way to learn if your phone number or email address has been involved in a data breach is to use a tool like Have I Been Pwned?

2. Scan – Once you’ve confirmed that your information has been exposed, scan for malware on your phone, computer and other devices to make sure they aren’t infected with a virus.

3. Assess – Next, you need to determine what sensitive information has been exposed. Depending on the type of breach, this can be confirmed by contacting the breached party for more information or reading related news stories. For example, if the breach occurred at your bank, it would be safe to assume that your financial information (account details, identifying information, etc.) is at risk, and you should take steps to secure it.

4. Reset – You will also need to change the passwords for all your online accounts, even those that haven’t been involved in the breach. If any account uses your email address, name or other sensitive information to identify you, you should change the password.

5. Observe – After your passwords have been changed and you’ve performed a virus scan on all of your devices, keep monitoring your accounts at least every few days for suspicious activity.