EXPOSED
Go from exposed to secure online
We live our lives online. We run our businesses and connect with friends. We purchase items and find jobs. And every day we’re at risk of a cyber attack.
Our EXPOSED campaign aimed to raise the importance of being secure online by showing what’s at stake when we don’t get cyber security right.
Below are stories of New Zealanders who have been targeted by attackers while going about their lives. They wanted to share their stories to encourage New Zealanders to go from exposed to secure online.
First-hand advice on how to own your online
Read and watch the stories below to find out how everyday New Zealanders were targeted online. They’re sharing their stories to help keep others secure online.
Not a winner
Subject name: Tiana
Incident Type: Phishing through social media
Tiana was the target of a phishing scam through social media. She was so excited when she was tagged in a post that said she had won $1,000 through an online competition. This would help her and her whānau out in a big way. To redeem her prize, she was asked to register with the company and provide her bank details. Without thinking, she did what was asked. A few days later, Tiana noticed $340 gone from her account. Tiana was panicked and anxious - $340 went a long way for her whānau. She was unable to get her money back and felt embarrassed. She didn’t report the incident as she felt she was at fault for not recognising all the signs.
The job seeker
Subject name: Nish
Incident Type: Job scam
Nish was the target of an online job scam. He was job searching when he came across a position that looked ideal. He applied and got an email confirmation including identity documentation forms he was required to fill out. Soon after filling in and submitting the forms, he was told they wanted to interview him and shortly after received a call on WhatsApp. The call flashed up from an international number and Nish started to wonder why they hadn’t just called him normally on his mobile. He became suspicious. He called the police and his bank, deleted his profile on WhatsApp, and saved himself from potential identity theft. The experience has had an emotional toll on Nish at an already very vulnerable time. He’s taken a lot of precautions to stay secure online since then.
None of their business
Subject name: Bren
Incident Type: Unauthorised access attack
Bren was the target of an unauthorised access attack. One Sunday evening, Bren noticed she’d been removed as an admin on her online retail company’s social media business account. Something didn’t seem right, so she put a hold on her company credit card - just in case. She contacted her marketing agency in the morning to see if they had made this change – turns out their account had been compromised but not before fake ads and the respective charges for them appeared on their account.
Because Bren was no longer an admin, she could no longer advertise her business on the two social media platforms which were her best source of customers and income. After almost a year of endless auto response emails and going round in circles with different advisors and referrals she decided to cancel her social media business account and start afresh.
She lost a lot of her followers as a result and critical marketing data in this restart - not to mention over a year’s worth of potential full income.
These stories help to raise the importance of being secure online, by showing what’s at stake when we don’t get our cyber security right.
Sam Leggett, CERT NZ
Things you need to know
Why online security is important
Five quick steps to online security
Hostage in Manila
Subject name: William
Incident Type: Impersonation scam
William was the target of an impersonation scam. He was on holiday in Malaysia when he received a text from a friend who travels regularly, saying he was being held hostage at his hotel in Manila. The hostage takers wanted $800 before they would release him and his passport. The texts kept coming, sounding more and more desperate each time so William transferred the money. As soon as the money was gone, he realised he had been scammed. His friend was safe at home, and he was out of pocket. He regrets not picking up the phone and calling his mate first.
Not a brand ambassador
Subject name: Dolly
Incident Type: Social media scam
Dolly was the target of a social media scam. She was asked to become an ambassador for an online brand, that turned out to be fake. Giving up her personal details to accept goods from their website, she unwittingly allowed these scammers to take her funds without her ever receiving the products she ‘purchased’. She was charged over $3,000. Thankfully, with the help of her bank she got her money back. Although she got her money back, the experience had an emotional toll on her.
Real-ity romance scam
Subject name: Thea
Incident Type: Romance scam
Thea was the target of an online romance scam. She started chatting online with a man, he was Italian. So sweet and caring. They had everything in common and made plans for their future together – from exploring Aotearoa to retiring. Suddenly, the next message came, he was stuck in Singapore with his accounts locked. Thea didn’t think twice when he then asked her for money.
This scammer had played the long game with Thea which only made it more devastating. She was left heartbroken and embarrassed.
Taken for a ride
Subject name: Jaelyn
Incident Type: Phishing scam
Jaelyn was the target of a phishing scam. She was sent a text saying she needed to log into her ride sharing app to authenticate the account. It seemed simple enough. So, she clicked on the link and provided the required details. Within a week she was charged over $1,000 worth of food and ride transactions through the app, which she never ordered. Instead of authenticating her account, which she thought she was doing, she had actually provided full details allowing someone else access to her account. After much back and forth, Jaelyn got some of her money back – but lost her online confidence.
We live our lives online. We run our businesses and connect with friends. And every day we’re at risk of a cyber attack.
Jane O'Loughlin, CERT NZ
The sophisticated scam
Subject name: Anonymous
Incident Type: Investment scam
Anonymous was the target of a sophisticated investment scam. They thought they were purchasing bonds through a legitimate, reputable bank. Unfortunately, it was actually a scammer who had gone to great lengths to impersonate the bank – even creating their own online banking portal. Anonymous asked their brother who works in finance, and he said the bank was reputable. So Anonymous started ‘investing’ with this bank, initially transferring $100,000. The money showed up on their online dashboard: it all seemed legit. So they transferred another $100,000, and then another $100,000. Over multiple payments, they ‘invested’ and lost $300,000. Once they realised it was a scam, their heart dropped. They will never get their money back.
In real time scam
Subject name: Glenis
Incident Type: Phone scam
Glenis was the target of a scam phone call. She was contacted by a woman who claimed to be from the bank. They told Glenis they were investigating her account due to a few interesting transactions, all the while discussing specific and accurate account information. Glenis panicked and gave up way too much information too quickly. She had been a target of a scam before and wanted to cooperate. She then watched in distress as her money was transferred from one account to another and then go out of her account completely, all in real time. For Glenis, the emotional toll has been far worse than the financial one.
Selling your soul
Subject name: Megan
Incident Type: Marketplace scam
Megan was the target of a marketplace scam. She was trying to sell a jacket online and the buyer asked if she could reduce the price and include shipping. They also asked if she’d be open to pay through the site itself, which she’d never heard of before. She clicked on the link they sent and she provided her bank account username and password. She immediately received a payment alert saying that money had been taken out of her account. Fortunately, her bank messaged her to say the payment had been blocked and she didn’t lose any money. She could have lost so much more.