Online Scam Protection
Phishing, fake websites, romance scams, and investment fraud — protecting people from digital deception.
What is Online Scam Protection?
Online scams are the fastest-growing form of fraud, with $3 billion lost in 2025 alone. Scams include phishing emails and texts, fake investment platforms, romance and relationship scams, online marketplace fraud, and impersonation of banks, IRD, or government agencies. Unlike card fraud, scam losses are harder to recover because victims voluntarily authorise the payment.
When you are tricked into sending money to a scammer, banks may not automatically refund the loss — because you authorised the payment. We are working toward a Scam Code similar to the UK's voluntary code, but currently there is no mandatory reimbursement obligation. Prevention, reporting to Netsafe and Police, and acting quickly to try to reverse transactions are your main options.
What Online Scam Protection Involves
- Phishing emails and text messages (smishing)
- Fake investment platforms and cryptocurrency scams
- Romance and relationship scams
- IRD, bank, and government impersonation scams
- Online marketplace and payment fraud
- Courier and package delivery scams
How to Protect Yourself
- 1Never click links in unexpected emails or texts — go directly to the official website
- 2Verify investment opportunities independently — check the FMA register
- 3Be very cautious of online relationships that quickly request money
- 4The IRD, banks, and NZ Police will never ask for your password or full card number
- 5Research sellers on Trade Me and online marketplaces before paying
- 6Report scams to Netsafe (0508 638 723) and NZ Police (105)
What Are Online Scams?
Online scams are fraudulent schemes conducted primarily through digital channels — email, text messages, social media, fake websites, and phone calls — designed to trick people into handing over money, personal information, or access to their accounts. They range from opportunistic mass-targeting (phishing emails sent to millions of recipients) to highly personalised, long-running deceptions (romance scams, pig butchering). Phishing: Emails that appear to come from trusted organisations — your bank, IRD, NZ Post, a major retailer — directing you to a fake website designed to capture your credentials or payment details. Phishing is the most common form of online scam by volume. Smishing: The text message equivalent of phishing. Common smishing pretexts include NZ Post parcel delivery notifications (with a fake tracking link), bank fraud alerts, and toll notices. Smishing is growing rapidly because many people instinctively trust text messages more than emails. Vishing: Voice phishing — phone calls from scammers impersonating banks, IRD, government agencies, or technical support. AI voice synthesis is now used to impersonate known individuals convincingly. Fake Websites and Online Marketplaces: Fraudulent e-commerce sites, fake marketplace listings (on Trade Me or similar), and clone websites that mimic legitimate retailers. Victims pay for goods that are never delivered. Impersonation Scams: Criminals impersonate known organisations (banks, IRD, NZ Police, FMA) or known individuals (family members, friends, executives) to extract money or information. Government agency impersonation scams are particularly effective because they create fear and urgency. Investment and Crypto Scams: Fake investment platforms and cryptocurrency trading sites that show fabricated returns to encourage larger and larger deposits, then disappear.
The Most Common Online Scams Targeting New Zealanders
Based on Netsafe reporting data and FMA warning notices, these are the most prevalent online scams targeting New Zealanders in 2025-2026. IRD Tax Refund Phishing: Emails and texts purporting to be from Inland Revenue, offering a tax refund and directing recipients to a fake IRD website to "claim" the refund by entering banking details. IRD never sends unsolicited links to claim refunds — any refund owed is credited directly to your bank account on file. NZ Post Parcel Scams: SMS messages claiming a parcel is waiting for delivery and requiring a small fee to be paid via a link. The link leads to a fake payment page capturing card details. NZ Post does not request payment by text message. Bank Impersonation Scams: Phone calls from "bank fraud teams" claiming suspicious activity on your account and requesting you move money to a "safe account" — which is the criminal's account. No legitimate bank will ever ask you to move money to a new account to protect it from fraud. Tech Support Scams: Pop-up warnings on computers claiming a virus infection, directing victims to call a number where "Microsoft" or "Apple" technicians request remote access and ultimately access to banking apps. Romance-to-Investment Pipeline: An online relationship develops over weeks or months, during which the other person introduces an "amazing investment opportunity." Victims invest and lose everything when the platform disappears. Also called pig butchering (see investment scams section). Government Benefits Scams: Fake notices claiming overdue debt to IRD, NZTA, or MSD with threats of legal action unless immediate payment is made by gift card or bank transfer. Government agencies do not threaten immediate legal action by text or automated call.
How to Recognise an Online Scam
Scam messages and websites have consistent characteristics that, once recognised, make them easier to spot. The following indicators should trigger immediate caution. Urgency and Time Pressure: Scams almost always create artificial urgency — "act in the next 2 hours," "your account will be closed," "the police are on their way." Legitimate organisations give you time to consider and verify. Urgency is a manipulation tactic designed to prevent you from thinking clearly. Unsolicited Contact: You did not initiate the interaction. A call, email, or text appeared out of nowhere with an offer, a problem, or an opportunity. While not all unsolicited contact is fraud, it should trigger heightened caution. Too Good to Be True: Guaranteed investment returns, unexpected windfalls, prizes you didn't enter for. Legitimate financial products involve risk; legitimate prizes require genuine entry. Unusual Payment Methods: Requests for payment by gift card, cryptocurrency, wire transfer to an unfamiliar account, or cash. These payment methods are preferred by scammers because they are difficult or impossible to reverse. Grammatical and Spelling Errors: Many scam messages still contain errors that genuine communications from professional organisations would not. However, AI-generated scams are now grammatically perfect — this indicator is less reliable than it was. Suspicious Sender Domains: The email claims to be from your bank but the sender address is @bankofnewzealand-security.com rather than @bnz.co.nz. Always check the actual sender address, not just the display name. Requests for Sensitive Information: Legitimate organisations never ask for your password, full card number, PIN, or two-factor authentication codes over phone, email, or text.
What to Do If You've Been Scammed Online
If you realise you have fallen victim to an online scam, the speed and order of your response significantly affects your chances of recovery. Stop All Contact Immediately: Cease all communication with the scammer. Do not pay any more money regardless of what you are told — additional payments for "taxes," "fees," or "insurance" to release funds are always further scam payments. Contact Your Bank Immediately: Call your bank's 24-hour fraud line using the number on the back of your card or from the bank's official website — not any number provided in the scam communication. Ask them to: - Attempt to recall any transfers made - Block the accounts or cards used in the fraud - Flag your account for enhanced monitoring Every hour matters for payment recall — international recalls become nearly impossible after 24 hours. Report to Netsafe (0508 638 723 or netsafe.org.nz): Netsafe is New Zealand's online safety organisation. They can provide guidance on your specific situation and connect you with appropriate agencies. All reports help them identify patterns and warn other New Zealanders. Report to NZ Police (105): File a report with NZ Police to obtain an official crime number. This is important for insurance purposes and for any subsequent recovery action. Online reporting is available at police.govt.nz. Preserve All Evidence: Before deleting any messages or closing any accounts, take screenshots of the scam communications, websites, transaction records, and any other relevant evidence. This is essential for police investigations and insurance claims. Protect Your Accounts: Change passwords on any accounts that may have been compromised. If you provided banking credentials, change your internet banking password and PIN immediately. Enable multi-factor authentication if not already in place.
Will Your Bank Refund an Online Scam Payment?
This is the question most scam victims ask urgently, and the honest answer is: it depends — and you should not assume the bank will automatically reimburse you. The Authorised vs Unauthorised Distinction: Banks distinguish between transactions you did not authorise (where a criminal accessed your account without your knowledge) and transactions you authorised but were deceived into making (where you sent the money yourself, under false pretences). Banks are obligated to refund unauthorised transactions. For authorised-but-fraudulent transactions, the legal obligation is much less clear. When Banks Are More Likely to Refund: If the transfer was recent and the bank can recall the funds before the receiving bank disburses them. If the scam pattern is well-known and the bank had fraud warnings they failed to act on. If you reported promptly and took reasonable precautions. When Banks Are Less Likely to Refund: If you were warned during the payment process (some banks now show fraud warnings for unusual transfers) and proceeded anyway. If you deliberately moved money under instructions from a third party. If significant time has passed before reporting. Netsafe's Advice: Netsafe recommends always reporting to your bank immediately, even if you doubt you'll be refunded — banks use this data to track fraud patterns, and some cases that initially seem unlikely to be refunded are resolved in the victim's favour after investigation. The Banking Ombudsman: If your bank declines your claim, you can escalate to the Banking Ombudsman (bankomb.org.nz) for free dispute resolution. The Ombudsman has resolved many cases in victims' favour, particularly where the bank had inadequate fraud prevention measures. The UK Comparison: In the UK, banks are required by regulation to reimburse most Authorised Push Payment (APP) fraud losses — the category covering online scams where victims authorise the payment. Lobby groups and some politicians have called for New Zealand to adopt a similar mandatory code. As of mid-2026 this has not been enacted, but remains under active discussion.
Protecting Yourself from Online Scams
Online scam prevention combines digital hygiene habits, a healthy scepticism toward unsolicited contact, and knowing where to verify information independently. Never Click Links in Unexpected Messages: The cardinal rule of online scam prevention. If you receive an email or text claiming action is needed on your bank account, IRD assessment, or parcel delivery — go directly to the organisation's official website by typing the address yourself, or use your existing app. Never use the link provided in the message. Two-Factor Authentication (Not SMS): Enable two-factor authentication on all important accounts. Use an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) rather than SMS where possible — SMS 2FA can be intercepted through SIM swap attacks. Verify Financial Services on the FSPR: Before dealing with any financial adviser, investment platform, or financial services provider, check the Financial Service Providers Register at fspr.govt.nz. All legitimate financial advisers in New Zealand must be registered. Absence from this register is a significant red flag. Check the FMA Scam Warnings: The Financial Markets Authority maintains a list of known investment scams and unregistered operators at fma.govt.nz/consumers/scams/. Check this list before investing with any unfamiliar platform. Use Netsafe Resources: Netsafe provides free resources for New Zealanders at netsafe.org.nz, including guides on recognising specific scam types, reporting tools, and the online safety helpline (0508 638 723). Talk to Someone You Trust: One of the most effective scam prevention measures is simple: before sending money or providing personal information in any unusual situation, talk to a trusted family member or friend first. Scammers specifically try to prevent this — urgency and secrecy are hallmarks of scam pressure. A brief conversation with someone you trust can provide the reality check that prevents a significant loss.
Key Contacts: Online Scam Support in New Zealand
If you have been scammed or suspect a scam attempt, these are the key contacts and resources. Netsafe — 0508 638 723 (netsafe.org.nz): New Zealand's online safety organisation. Provides free advice, support, and reporting for online scams of all types. Available weekdays and many weekends. CERT NZ (cert.govt.nz): The government's Computer Emergency Response Team. For scams with a cyber or technical element — phishing, account compromise, malware — CERT NZ provides technical guidance and collects incident data. NZ Police — 105 (police.govt.nz): Report financial crimes including online scams. File online for non-urgent reports or call 105 for non-emergency matters. Emergency situations (you are at immediate risk) — call 111. Financial Markets Authority (FMA) — 0800 434 566 (fma.govt.nz): The regulator for financial services. Report investment scams, unlicensed advisers, and clone firm impersonations. Check their warning list before investing. IDCARE — 0800 432 273 (idcare.org): If personal information was compromised as part of the scam — providing identity documents, IRD number, or banking credentials — contact IDCARE for specialist identity theft recovery support. Consumer NZ (consumer.org.nz): For scams involving goods or services, Consumer NZ provides guidance on your rights and how to escalate disputes. Banking Ombudsman — 0800 805 950 (bankomb.org.nz): If your bank declines to refund a scam loss and you believe they should, escalate to the Banking Ombudsman for free dispute resolution. Sorted.org.nz: The government's financial guidance website includes resources on scam prevention and investment fraud. Useful for checking whether an investment opportunity is legitimate.
Frequently Asked Questions
Only 36% of scam victims who report to their bank recover their funds, according to 2025 data. Banks distinguish between "authorised" payments (where you sent money, even under false pretences) and "unauthorised" payments (where a fraudster accessed your account without permission). Unauthorised transactions are generally refunded; authorised scam payments are much harder to recover. Act immediately — the faster you report to your bank, the better chance of a recall.
Related Fraud Guides
Where to Get Help
Immediate Assistance
Business Owner?
Get commercial crime, fidelity, and cyber insurance through our business section.
Business Protection →Protect Your Business Too
Personal fraud awareness is the first step. If you run a business, commercial crime and cyber insurance provide critical financial protection.
Get a Business Insurance Quote →