Scammers are not just calling or emailing Kiwis 'out of the blue' anymore; they are waiting in ambush with highly sophisticated schemes using elaborate profiles on LinkedIn, Google AdWords and legitimate looking websites to trap New Zealanders.
That's according to cybersecurity expert Daniel Watson, author of the book 'She'll Be Right (Not!), a cybersecurity guide for Kiwi business owners, expert consultant on 'You've Been Scammed' by Nigel Latta and Tech Tuesday with Daniel Watson on Radio New Zealand.
Watson says that New Zealanders researching on the internet are walking into elaborate traps.
"Somebody may be using a search engine to shop for a better interest rate. They find a website that looks legitimate, perhaps at the top of the search list via Goole AdWords and end up being scammed because they trust the process of personal research," he says.
"Cybercriminals are like trapdoor spiders. The old chestnuts like 'don't trust unexpected contacts' and 'do your research' are increasingly less relevant because cybercriminals count on you taking these steps and have well scripted counters to reasonable concerns.
"In particular, we need to stop stigmatising victims because nobody is immune anymore," Watson says.
"When we stop shaming victims, more people will come forward with intelligence that we can use to counter an all-out rapidly moving crime offensive."
Watson says it is not uncommon for Kiwis to search fixed term deposit rates, only for sponsored advertising sites to lure them into a 'rates comparison' website like comparefixedtermdeposits.net (an outed scam website), where they are offered better, but not too good, returns and terms like quick, easy access to your money and special deals that are due to expire soon.
"We tracked one site that was using Google AdWords to scam New Zealanders. The URL Kiwiinvest.com asked loads of questions about everything from driver's license to passwords, and other so-called anti-money laundering information," Watson says.
"Further investigation led us to a company called Gold Guide UK where, on further examination, we found their logo was the coat of arms for the Republic of Bulgaria, but it all looked very swish, very high-end."
He says some scammers purported to be from legitimate banks and were using the names of that banks employees. Scammers use the correct language; they have websites, local phone numbers and social media profiles.
"As a result, you expect them to call you because you initiated contact; it's certainly not out of the blue."
Watson offers the following advice to help investors and businesses mitigate exposure as much as possible:
1. Call the Financial Markets Authority
"If they are not registered as Financial Advice Providers with the Financial Markets Authority (FMZ), they should be avoided."
2. Call the institution itself, not a mobile or direct line
Watson says that if somebody purports to be from a recognised financial institution or bank, call the organisation directly and ask to be put through to that person.
"Bearing in mind that they impersonate bank employees and advisers, make sure you talk to the actual person to establish their credentials," he says
3. Just because it is a referral doesn't mean you should trust it
Watson says there have been instances where friends or family have referred victims.
"Maybe a friend 'invests' her money with this organisation, where she even has access to a dashboard that shows her how well her money is doing. Without trying to withdraw her money, she won't know it's been stolen. She recommends you do the same because the returns are fantastic.
"In a nutshell, check with the FMA before you buy."
4. New Zealand URLs are more likely to be legit
Watson advises investors and business owners to be particularly suspicious of overseas websites like the .coms or less mainstream suffixes like .kiwi and .net.nz because major institutions are more likely to use mainstream suffixes like .co.nz.
"Finally, if they purport to be from a well-known financial institution but ask you to transfer money via another, be suspicious."