Stay alert to common scams this holiday season

Christmas and the summer holidays are just around the corner — filled with exciting activities, time with our whānau and friends, as well as that well-deserved downtime. 

It means we’re often busy and distracted while we're shopping online, and that comes with risks. Scammers may use this as an opportunity to try and hoodwink us into:

• buying items that don’t exist
• clicking on links that take us to dodgy webpages that ask for personal or financial information
• downloading malicious software.

So, as we move into the holiday season, remember —scammers don't take time off. Be aware and on the lookout for these common holiday scams. 

Online Shopping Scams

These scams often involve fake websites or non-existent goods, and shoppers are lured in by low prices. 

CERT NZ recommends you always shop from reputable sources. Make sure to check the website's authenticity, and if you’re buying from an online marketplace, it’s best to pay with cash on collection. 
Always remember to be wary of deals that seem too good to be true. Because they probably are!

How to check

A good deal is hard to pass up, but there are things to do before you click to hand over money or your details.

• Check if the URL in the address bar starts with HTTPS not HTTP. It's not a guarantee, but the lack of HTTPS is certainly a red flag.
• Also check the URL is for a legitimate site. Recently we have seen a lot of scam sites using well-known brand names in the URL, followed by *-nz.com or *-newzealand.com instead of *.co.nz.
• Check the Contact Us page of the website. Scam sites will often have little to no information on their contact us page, usually just an email form to fill out.
• Check out independent online reviews to check whether a shopping site is real, and people are happy with the service.

Phishing Scams

Phishing is where a scammer sends an email or a text message pretending to be from the likes of a bank, government agency or other legitimate organisation or business, usually asking the recipient to click on a link or open an attachment.

To protect yourself:

• Check where the message has come from. The part of the email after the @ should be the same as the company or agency's website (for example, @nzta.govt.nz).
• For text messages, check the mobile number. Most big, reputable organisations will send messages to customers via short code numbers that are only 3 or 4 digits long. Be wary of any messages sent from a full phone number, especially an international number.
• If the message is asking you to click on a link, the webpage should be on the genuine website of the organisation (for example, nzta.govt.nz). In general CERT NZ advises New Zealanders to never click unsolicited links in text messages.
• Does the message content make sense? Do you have a car that needs a new rego? Have you recently travelled on a toll road? Do you have a parcel you are waiting to be delivered? If it doesn’t make sense for you, it may be a scam. Even if it does sound realistic, still treat it with caution.

The Holiday Shipping Scam

During this time of year, you might be waiting for packages to arrive with your gifts. Scammers take advantage of this by impersonating delivery and package services to get you to give up personal or bank details.

These emails and texts claim to come from courier companies, and claim you have a pending parcel delivery. The message will ask you to click a link or open an attachment to accept delivery, except it’s all false. The attacker may want to get our personal information to use for other attacks, or to trick us into making a payment to have the non-existent parcel delivered.

How to check

• If you’re not expecting a delivery, don’t click the link or open the attachment.
• Call the courier company through their official number to check that the delivery notice is legitimate.