Are scammers targeting staff at your business?

Here are some pointers to identify unwanted visitors at your digital doorway…

The popular narrative of the cashed up prince in some foreign land needing assistance to free up a fortune is less likely to be believed nowadays, but scams are still big business.

Text, email and phone calls are all used with increasing sophistication and a number of recent cybercrimes show that New Zealand is being targeted more and more.

Costing businesses an estimated $250 -$400 million in the last year alone, the recent New Zealand Crime and Victims Survey showed that almost 400,000 people experienced one or more attempts at cybercrime or fraud in the past 12 months.

Phishing – the term used to illegally access passwords and access databases using email – is a big earner for criminal networks and devastating for businesses that fall prey to their strategies.  It can be very effective.

Here are some of the more prevalent methods to watch out for:

Fake emails with malicious links

An email with a legitimate looking address and company letterhead – sometimes from the company CEO – arrives in your inbox requesting information or directing you to a survey or some other seemingly innocuous action via a link on the page. On closer inspection, the company email address it came from may have a slightly tweaked spelling or a ‘.nz’ or other domain following the company name. It may even have some legitimate links included along with one that could hack the company system and cause havoc.

Here’s a recent one…anyone had some good news from the tax man lately? Might want to look again! Note the key aspects to look for. A legitimate looking email but it contains a suspicious link as well as a few other inaccurate details such as a non-existent date and, of course, the irresistible lure of easy money.  The warning about scams at the bottom is a nice touch, possibly even scraped off the IRD site itself.


Phone call from an authoritative sounding ‘IT contractor’

This can be quite believable as the person on the end of the phone may have legitimate technical skills and the right jargon. A common ploy is to ask to check for ‘bugs’ by opening your system settings. In your systems history there are often error messages or notifications which can convince you there is an issue. Once you allow them to share a screen or provide your password to ‘fix’ the problem the hacker can access your system and plant their malicious software without you being aware. Then you may be getting a rather urgent call from the real IT department and probably your boss…

Text Messages

In 2019 Countdown had almost a dozen scams, including several in text messages, offering prizes or asking ‘valued customers’ to do a quick survey. Clicking on the link would open your phone up to being hacked and if you were on a work phone, potentially provide access to the company system as well.

Fake text messages are often successful because people sometimes just click on them without much forethought. Your phone beeps, you’re on your way to a meeting, quickly see a message and boom! You’ve just caught a nasty malware virus and spread it through the company intranet before your morning coffee. With the integration of devices over the past few years, your phone has become a valuable portal for yourself and criminal harvesting methods alike.

How can you spot and stop a cyber scam?

 The first step is to educate yourself and staff about what security measures and protocols are already in place and find out who is the go-to tech support person or department and know how to contact them.

If you get a phone call asking about your computer system, or requesting information that you consider private or commercially sensitive, such as a PIN number or password ask for their number or other contact details and suggest you will get back to them. If they hang up, contact IT support and alert them. If they do provide details, make a note of what they tell you and follow up with IT to check if it is legitimate.

With emails and text messages, once again, check before clicking on any of the links you have been sent or replying with any requested information.

Cert NZ (go on, google it first before you click) provides substantial information on safe protocols, examples of scams you may be exposed to and a place to report them.

Look before you leap

 Check emails for:

With a bit of practice, checking first will be as instinctive as doing up your seatbelt before driving away. Remember, it’s not just your money they’re after…your company database is worth harvesting as well.


Cnr Leven and Leet Streets

Phone: 03 214 2323


Level 3 Queens Building 109 Princes Street

Phone: 03 474 9943