New Zealanders talk online, work online and shop online, but are they online savvy?
As we head into the Peak shopping season, online shopping activity is expected to ramp up. With Cyber Smart Week underway, it’s a timely reminder that staying cyber smart matters. Let’s help protect everyday Kiwis from scams this season.
Scams in NZ continue to be a big issue. In 2024... | ||
60% | NZ$3,104 | NZ$2.3 billion |
| Source: The State of Scams in New Zealand 2024, Global Anti-Scam Alliance (GASA) | ||
The prevalence of scams in our communities is an unfortunate reality. Online fraud or cyber fraud is increasing at an alarming rate.
What’s more, NZ Post has seen a rise in delivery-based scams, where scammers contact innocent people claiming to be NZ Post or a similar delivery company to request personal information in the hopes of obtaining money.
Quick Tip
Stay up to date with the current scam and fraud warnings on our website.
A new variation of Facebook Marketplace scams is targeting sellers by impersonating trusted delivery services, most commonly NZ Post. Scammers pose as buyers and claim to have arranged a courier pickup, then send a link to a fake website that closely mimics the official NZ Post site. Sellers are prompted to enter personal and banking details under the guise of receiving payment or confirming delivery. This tactic poses a serious threat, as it can lead to identity theft and financial loss, all while appearing to come from a familiar and reputable source.
Source: https://netsafe.org.nz/scams/facebook-marketplace-scams
A new wave of cyberattacks is using clever impersonation tactics to break into company systems. Attackers often pretend to be employees and call IT support teams, convincing them to reset passwords or give access to accounts. Once they’re in, they quietly move through different parts of the system, looking for valuable information or ways to cause disruption. They use everyday tools that don’t raise suspicion, making them harder to detect. These attacks highlight the importance of strong identity checks, staff training, and keeping a close eye on unusual activity.
Source: https://www.crowdstrike.com/en-us/blog/crowdstrike-services-observes-scattered-spider-escalate-attacks/
So as a business, what real steps can you take to keep your customers safe?
We spoke to Andrea Leask, Chief Digital Harms Officer from Netsafe New Zealand for advice on how you can keep your customers safe from scams.
Building your digital armour
1. Take stock of your setup
It’s easy to let things slide when business ramps up but making sure you are stable and secure will help you put your best foot forward this season.
Ensure you have secure payment gateways on your site, like SSL encryption and two-factor authentication. Check all your software and plug-ins are up to date, and your back-end systems have latest security patches. Lastly, a simple password is simply risky – encourage customers and admin staff to create strong passwords and have multi-factor authentication (MFA) enabled. Being wise with your digital setup helps to reduce the risk of hackers and unauthorised access.
2. Train your teams
Cyber security is a team sport, so train your teams to know what scams look like.
A common scam sees a request for help come from someone appearing to be within your business, asking for a voucher or currency with immediate action – this is a big red flag. These kind of scams are known as spoofing, where as little as one letter is different to an email address or number you would typically recognise, to look like it’s coming from a person or organisation you trust.
“The idea of 'spoofing' goes to show how easy it is to pretend to be somebody else.”
Spoofing is common and can be detected by checking the actual email address to make sure it’s what you are expecting to see. Training your teams and giving them tools to deal with scams before the occur is your best mode for success.
Hint
Run regular phishing tests to keep your team on their toes!
Our cyber security team here at NZ Post do so frequently, it’s a great way to keep our people alert and our systems safe.
3. Use the power of NZ Post branding
With scams increasing over peak shopping season, use official branding to give your customers reassurance.
We’ve built a resources hub to help you make the most of NZ Post and add a layer of authenticity for your customers when the parcels start flowing.
Take a look at our resource hub
4. Be transparent with your customers
If you’re aware of scams affecting your customers, be transparent in acknowledging them.
If it is happening frequently, one idea could be to publish communications such as an email or adding a page to your website to identify frauds and talk about them. This helps to avoid customers losing trust in online shopping and protects your brand’s reputation.
Quick Tip
Share our tips on scams and fraud in your customer communications this busy shopping season.
5. Tap into free online resources
Own Your Online is run by the National Cyber Security Centre and has a range of guides and resources available. Check it out.
How Exposed Am I? is a new tool from the National Cyber Security Centre that helps you understand if your personal information has been compromised in known data breaches. It’s a quick and easy way to check your exposure and take steps to protect yourself. Try it out.
Netsafe covers a range of Cyber Security topics, sharing knowledge to New Zealanders online for over 15 years. View the site.
NZ Post provides you with updates of any trending scams happening in NZ. See the current scam and fraud warnings.
Consumer Protection aims to help recognise, avoid and act against scams, protect personal information and prevent identify theft both online and offline. See their scam watch.
6. Remind your customers how they can stay safe
Part of keeping your business safe is keeping your customers safe.
“Young people are worried about older people, older people are worried about younger people, but really, anybody, of any age, can get caught up in a scam.”
Remind them to be cautious of sharing personal information over the phone or online, use your branding clearly, and keep your site’s security certification up to date. Make it easy for customers to report a scam so they know what to do when they see a scam.
Read more guidance from NZ Police.
7. Build up your cyber immune system
Cyber resilience, like your immune system, is how well we can bounce back after something goes wrong.
It's important to lessen the impact on our business, including financial repercussions and regulatory compliance failures. Make sure you are up to date with how you can build your immunity online.
Find more information on the CyberCX site.
More information regarding scams and frauds can be found on the Government scams and fraud site.
