Photo of Asian man with black glasses spooning food into his mouth
KUA HURAINA

EXPOSED

Go from exposed to secure online

We live our lives online. We run our businesses and connect with friends. We purchase items and find jobs. And every day we’re at risk of a cyber attack.

Our EXPOSED campaign aimed to raise the importance of being secure online by showing what’s at stake when we don’t get cyber security right.

Below are stories of New Zealanders who have been targeted by attackers while going about their lives. They wanted to share their stories to encourage New Zealanders to go from exposed to secure online.

First-hand advice on how to own your online

Read and watch the stories below to find out how everyday New Zealanders were targeted online. They’re sharing their stories to help keep others secure online.

Photo of a woman in red resting her chin in her hand

Not a winner

Subject name: Tiana
Incident Type: Phishing through social media

Tiana was the target of a phishing scam through social media. She was so excited when she was tagged in a post that said she had won $1,000 through an online competition. This would help her and her whānau out in a big way. To redeem her prize, she was asked to register with the company and provide her bank details. Without thinking, she did what was asked. A few days later, Tiana noticed $340 gone from her account. Tiana was panicked and anxious - $340 went a long way for her whānau. She was unable to get her money back and felt embarrassed. She didn’t report the incident as she felt she was at fault for not recognising all the signs.

Watch: Tiana was exposed to a phishing scam through social media

View transcript

[Visual]: The scene opens with a woman seated behind a counter. She's in a kitchen and central in the frame. Her name [Tiana] pops up in the right-hand side of the screen with the text [Social media scam victim] underneath. Throughout the video, she remains seated. Her phone is face down on the counter next to her.

Audio starts immediately – with Tiana talking direct to camera.

[Audio] 'I had a notification on Facebook'

[Visual]: The camera shot changes. Mid-shoulder close-up with more of a 45-degree angle. Name and description removed from screen.

[Audio] 'saying I had won a thousand dollars.'

[Visual]: Camera shot changes back to the first setup. Tiana's head is slightly blurry with pixilated detailing. You can still make out her features. She moves her hands as she's speaking imitating typing on a keyboard.

[Audio] [voice has been distorted to a low level] 'And then I clicked on this link and I registered all my bank details.'

[Visual] Camera shot changes back to side on mid-shoulder shot. Pixelation around the head – small squares. 

[Audio] [voice remains distorted to a low level] 'and then later on found out that I had… it was all a scam.'

[Visual] Camera shot changes back to straight on shot. Head is further pixelated. Features are less obvious with detail being more of a mixture of colour. Built in subtitles appear across the bottom of the screen: "What I learnt from that experience is… to always do my research."

[Audio] [voice distortion gets slightly stronger] What I learnt from that experience is, um, to always do my research.' 

[Visual]: The shot changes back to the side close-up. Pixelation looks more intensified – face is unrecognisable. Subtitles along the bottom of the screen "and putting my information on private." Tiana holds up her phone as she says information and waves it in her hand.

[Audio]: [voice distortion further intensifies] "and putting my information on private." Tiana draws out the word 'information' with a slight pause after saying the word.

[Visual]: The shot changes back to head on view but is shot from chest height. Head is further pixelated and aligned on the right of the screen. Subtitles across the bottom of the screen: 'I feel way more secure online, because hackers can't see me.' 

[Audio]: [voice distortion continues to get deeper - unrecognisable] 'I feel way more secure online, because hackers can't see me.' 

[Visual]: Own Your Online green and purple branded circles close in over the frame. Tiana's head is kept in a circle with the rest of the screen containing block colouring. The writing appears to the left of the screen 'Go from exposed to secure online.'

[Audio] Small jingle plays

[Visual]: End frame pulls up block colour teal with darker [forest] text: Own Your Online logo with 'Learn how to protect yourself online at ownyouronline.govt.nz.' The CERT NZ logo is in the top right corner. 

[Audio] Jingle continues to play and fades out.

Photo of a man with a beard looking away from the camera

The job seeker

Subject name: Nish
Incident Type: Job scam

Nish was the target of an online job scam. He was job searching when he came across a position that looked ideal. He applied and got an email confirmation including identity documentation forms he was required to fill out. Soon after filling in and submitting the forms, he was told they wanted to interview him and shortly after received a call on WhatsApp. The call flashed up from an international number and Nish started to wonder why they hadn’t just called him normally on his mobile. He became suspicious. He called the police and his bank, deleted his profile on WhatsApp, and saved himself from potential identity theft. The experience has had an emotional toll on Nish at an already very vulnerable time. He’s taken a lot of precautions to stay secure online since then.

Watch: Nish was exposed to an online job scam

View transcript

[Visual]: The scene opens with a man sitting on a couch shot from the waist up. He's in a living room setting and sitting slightly to the left of shot. His name [Nish] pops up in the bottom right-hand side of the screen with the text [Job scam victim] underneath. Throughout the video, he remains seated with minimal movement. 

Audio starts immediately – with Nish talking direct to camera.

[Audio] 'I was looking for a job and I found one which was ideal.'

[Visual]: The camera shot changes. Mid-shoulder close-up with more of a 45-degree angle. Name and description removed from screen.

[Audio] 'Good perks. And it was a total win.'

[Visual]: Camera shot changes back to the first setup, but with a wider shot. There is more of Nish - shot from the knees up and more is included in the lounge scene. His head is slightly blurry with pixilated detailing. You can still make out his features.

[Audio] [voice has been distorted to a low level] 'So I applied for the job, and then they came back asking…' 

[Visual] Camera shot changes back to side on mid-shoulder shot. Same pixelation around the head. Looks more prominent as it's a closer shot.

[Audio] [voice remains distorted to a low level]  '…for details like IRD and bank accounts.'

[Visual] Camera shot changes back to wide knee-level shot. Head is further pixelated. Features are less obvious with detail being more of a mixture of colour. 

[Audio] [voice distortion intensified – sounds low and gravelly] 'That's when I realised it was a scam.' 

[Visual]: The shot changes back to the side close-up. Pixelation remains as is.

[Audio]: [voice distortion further intensifies] 'I got really really scared.'

[Visual]: The shot changes again back to wide angle. Head is further pixelated. On the screen built in subtitles appear across the bottom of the screen: 'I went on Instagram, private my account. Facebook, all of those things.' 

[Audio]: [voice distortion continues to get deeper - failly unrecognisable] 'I went on Instagram, private my account. Facebook, all of those things.'

[Visual]: The shot changes back to the side close-up. Pixelation remains as is. Built in subtitles appear across the bottom of the screen: So I would advise everyone to be just extra careful.

[Audio]: [Voice continues to get deeper] 'So I would advise everyone to be just extra careful.'

[Visual]: The shot goes back to the wide angle. Pixelation is at highest level with no obvious features or likeness. Subtitles 'and make sure it's legit.'

[Audio]: [Voice continues to get deeper] 'and make sure it's legit.'

[Visual]: The shot goes back to side angle but is a shot of just the face. Full pixelation over the head – completely unrecognisable. Subtitles: 'Now I've gone from exposed to secure.'  

[Audio]: [Voice continues in deepest distortion] 'Now I've gone from exposed to secure.'

[Visual]: Own Your Online green and purple branded circles close in over the frame. Nish's head is kept in a circle with the rest of the screen containing block colouring. The writing appears to the left of the screen 'Go from exposed to secure online.'

[Audio] Small jingle plays.

[Visual]: End frame pulls up block colour teal with darker [forest] text: Own Your Online logo with 'Learn how to protect yourself online at ownyouronline.govt.nz.' The CERT NZ logo is in the top right corner. 

[Audio] Jingle continues to play and fades out.

Photo of woman looking anxious

None of their business

Subject name: Bren
Incident Type: Unauthorised access attack

Bren was the target of an unauthorised access attack. One Sunday evening, Bren noticed she’d been removed as an admin on her online retail company’s social media business account. Something didn’t seem right, so she put a hold on her company credit card - just in case. She contacted her marketing agency in the morning to see if they had made this change – turns out their account had been compromised but not before fake ads and the respective charges for them appeared on their account.

Because Bren was no longer an admin, she could no longer advertise her business on the two social media platforms which were her best source of customers and income. After almost a year of endless auto response emails and going round in circles with different advisors and referrals she decided to cancel her social media business account and start afresh.

She lost a lot of her followers as a result and critical marketing data in this restart - not to mention over a year’s worth of potential full income.

Watch: Bren was exposed to an unauthorised access attack

View transcript

[Visual]: The scene opens with a woman sitting on a chair shot from the waist up. She's in a living room setting and sitting central in the shot. Her name [Bren] pops up on the right-hand side of the screen with the text [Unauthorised access attack] underneath. Throughout the video, she remains seated with minimal movement. The video chops and changes between two different shots throughout – this first one and the second is a 45 degree angle mid-shoulder shot. 

Audio starts immediately – with Bren talking direct to camera.

[Audio] 'I had my social media business account hacked.'

[Visual]: The camera shot changes. Mid-shoulder close-up with more of a 45-degree angle. Name and description removed from screen.

[Audio] So the first thing I did when I was a little suspicious was to go into my bank account.'

[Visual]: Camera shot changes back to the first setup.

[Audio] 'and I put a hold on my business credit card.' 

[Visual] Camera shot changes back to side on mid-shoulder shot. 

[Audio] 'it really wasn't until later down the track that I understood the implications of it.'

[Visual] Camera shot changes back to original shot.

[Audio] I felt like I learnt an important lesson early on.' 

[Visual]: The shot changes back to the side close-up. 

[Audio]: 'Trust your intuition if you feel like anything's a little strange.'

[Visual]: The shot changes again back to wide angle. 

[Audio]: 'Then check it out straight away. Better safe than sorry.'

[Visual]: Own Your Online green and purple branded circles close in over the frame. Bren's head is kept in a circle with the rest of the screen containing block colouring. The writing appears to the left of the screen 'Go from exposed to secure online.'

[Audio] Small jingle plays

[Visual]: End frame pulls up block colour teal with darker [forest] text: Own Your Online logo with 'Learn how to protect yourself online at ownyouronline.govt.nz.' The CERT NZ logo is in the top right corner. 

[Audio] Jingle continues to play and fades out.

These stories help to raise the importance of being secure online, by showing what’s at stake when we don’t get our cyber security right.

Sam Leggett, CERT NZ

Things you need to know

Small device with like buttons icon

Why online security is important

Keeping our online lives secure is as important as keeping the things in our physical lives safe.
Lightbulb icon

Five quick steps to online security

Find out the top things you can do to protect yourself online
Photo of Asian man with black glasses spooning food into his mouth

Hostage in Manila

Subject name: William
Incident Type: Impersonation scam

William was the target of an impersonation scam. He was on holiday in Malaysia when he received a text from a friend who travels regularly, saying he was being held hostage at his hotel in Manila. The hostage takers wanted $800 before they would release him and his passport. The texts kept coming, sounding more and more desperate each time so William transferred the money. As soon as the money was gone, he realised he had been scammed. His friend was safe at home, and he was out of pocket. He regrets not picking up the phone and calling his mate first.

Photo of a woman looking in the mirror, taken from below looking up at her

Not a brand ambassador

Subject name: Dolly
Incident Type: Social media scam

Dolly was the target of a social media scam. She was asked to become an ambassador for an online brand, that turned out to be fake. Giving up her personal details to accept goods from their website, she unwittingly allowed these scammers to take her funds without her ever receiving the products she ‘purchased’. She was charged over $3,000. Thankfully, with the help of her bank she got her money back. Although she got her money back, the experience had an emotional toll on her.

Photo of woman in yellow top wearing glasses

Real-ity romance scam

Subject name: Thea
Incident Type: Romance scam

Thea was the target of an online romance scam. She started chatting online with a man, he was Italian. So sweet and caring. They had everything in common and made plans for their future together – from exploring Aotearoa to retiring. Suddenly, the next message came, he was stuck in Singapore with his accounts locked. Thea didn’t think twice when he then asked her for money.
This scammer had played the long game with Thea which only made it more devastating. She was left heartbroken and embarrassed.

Photo of young blonde woman looking down at camera

Taken for a ride

Subject name: Jaelyn
Incident Type: Phishing scam

Jaelyn was the target of a phishing scam. She was sent a text saying she needed to log into her ride sharing app to authenticate the account. It seemed simple enough. So, she clicked on the link and provided the required details. Within a week she was charged over $1,000 worth of food and ride transactions through the app, which she never ordered. Instead of authenticating her account, which she thought she was doing, she had actually provided full details allowing someone else access to her account. After much back and forth, Jaelyn got some of her money back – but lost her online confidence.

We live our lives online. We run our businesses and connect with friends. And every day we’re at risk of a cyber attack.

Jane O'Loughlin, CERT NZ

The sophisticated scam

Subject name: Anonymous
Incident Type: Investment scam

Anonymous was the target of a sophisticated investment scam. They thought they were purchasing bonds through a legitimate, reputable bank. Unfortunately, it was actually a scammer who had gone to great lengths to impersonate the bank – even creating their own online banking portal. Anonymous asked their brother who works in finance, and he said the bank was reputable. So Anonymous started ‘investing’ with this bank, initially transferring $100,000. The money showed up on their online dashboard: it all seemed legit. So they transferred another $100,000, and then another $100,000. Over multiple payments, they ‘invested’ and lost $300,000. Once they realised it was a scam, their heart dropped. They will never get their money back.

Photo of a woman sitting in kitchen with glasses on and bone carving necklace looking downwards

In real time scam

Subject name: Glenis
Incident Type: Phone scam

Glenis was the target of a scam phone call. She was contacted by a woman who claimed to be from the bank. They told Glenis they were investigating her account due to a few interesting transactions, all the while discussing specific and accurate account information. Glenis panicked and gave up way too much information too quickly. She had been a target of a scam before and wanted to cooperate. She then watched in distress as her money was transferred from one account to another and then go out of her account completely, all in real time. For Glenis, the emotional toll has been far worse than the financial one.

Photo of a woman's face lying with her head on a pillow

Selling your soul

Subject name: Megan
Incident Type: Marketplace scam

Megan was the target of a marketplace scam. She was trying to sell a jacket online and the buyer asked if she could reduce the price and include shipping. They also asked if she’d be open to pay through the site itself, which she’d never heard of before. She clicked on the link they sent and she provided her bank account username and password. She immediately received a payment alert saying that money had been taken out of her account. Fortunately, her bank messaged her to say the payment had been blocked and she didn’t lose any money. She could have lost so much more.