Scam messages about parcel delivery on the rise: CERT NZ

Dec 20, 2023

Cyber security agency CERT NZ has seen a rise in the number of fake messages claiming to be from NZ Post in the weeks leading up to Christmas and New Year.

Two people on a farm leaning against a gate looking at an ipad or device

CERT NZ is advising New Zealanders to be cautious about any messages claiming to have an undelivered parcel requiring attention.

“As Christmas and New Year draw closer, we are seeing an uptick in the number of phishing messages being reported to us,” CERT NZ Threat and Incident manager Jordan Heersping says. 

“Since it's a time of year when a lot of people are actually expecting parcels, these messages appear all the more credible.” 

‘Phishing’ refers to messages pretending to be from a credible source, that aim to make the recipient give away personal details, passwords or bank logins.

Over the last four months the number of phishing messages claiming to be from NZ Post rose 66%. The current December figures, indicate that the upwards trend is continuing.

New Zealanders can use the following guidelines to identify a phishing message:

NZ Post’s emails will always be sent from If it's different, even by one additional character, be very cautious. 

Scammers use links that are close to the official one. In this case they may use words like "nz-post" or "nzpostal" to make them look legitimate.

NZ Post does use an official 'short link" which is always

With text messages, large organisations like NZ Post use short codes to send messages – usually four or five digits long. If the message comes from a full mobile number, especially with an international code, treat it as phishing.

Most of the messages CERT NZ has seen claim a parcel could not be delivered and the receiver needs to click on a link.

Be aware that the exact messaging may change over time. If you do click the link, it will take you to a page asking for your information, including credit card details.

“Any details you enter, including any passwords, can be used to hack into your other accounts, especially if you use the same password across accounts,” Heersping warned.

“Sometimes this type of scam can also result in lost funds as well, as the scammers may claim there needs to be a Customs fee paid for release of the delivery.”

For more information on what to do when you encounter these messages, see CERT NZ's website: Own Your Online and NZ Post's website.

Scams & fraud | NZ Post

Phishing scams - Own Your Online

Text message scams - Own Your Online