4 sneaky cyberscams to know about before it’s too late

From fake job ads to romance scams, there is no end to the ways cybercriminals will trick you into stealing your money. Citro explains the sophisticated scams you need to know about so you don’t fall victim.

By Alex Brooks

Nearly all of us store data about our nearest and dearest – as well as our bank accounts – on our smartphone, so it’s wise to protect your digital treasure trove from cybercriminals.  

Financial crime and fraud is getting ever-more sophisticated, with a big increase in ‘social engineering’ tactics that gaslight or trick you into transferring money. 

Scammers use credible stories of great investment offers, exciting work-from-home jobs or even romance to lure you into their traps.

And it works. Kiwis reported losing $200 million last year to scams.

‍BioCatch – a fraud technology company that helps banks – says there are even underground ‘fraud universities’ where older retiring fraudsters share their malware, phishing and other skills to a younger generation. 

“It’s pretty despicable, but it happens,” says Richard Booth, Asia Pacific vice-president at BioCatch.

Your KiwiSaver is on the hit list: secure it to check

Did you know there’s been a big leap in people’s retirement stash being targeted for theft? 

The Te Ara Ahunga Ora Retirement Commission warned people to stay alert to 2 common scams:

1. Invest your KiwiSaver with us scams: Criminals could be circling when it comes to encouraging you to invest your retirement nest egg. Many of these types of scams have fake websites and may even speak to you over the phone for months to groom you into transferring all your money. Always do your due diligence to check that they are legitimate providers. Check whether a provider is licensed on the Companies’ Office Financial Service Providers Register. Also, ask for the person’s details and credentials and say you’ll call them back after you’ve contacted the company they claim to be from.‍
2. Transfer your KiwiSaver funds to new operators: Same goes for anyone encouraging you to transfer your KiwiSaver to a different operator. Always take your time, do your research and tell them you'll give them a call back.‍

You should check that your online banking has multi-factor authentication for security and regularly login to check your account to look for scam warning signs like:

• Transactions you don’t recognise
• Legitimate notifications from your institution that there have been repeated attempts to access your account
• Changes to your personal information that you didn’t make – for example, your address, email or name
• Being suddenly locked out of your account

If you’re concerned someone is trying to break into your account, contact your institution immediately. If you notice any money missing, contact police as well.

Investment trading scams - crypto could be a no-no

Investment scams that appear legitimate or use social media ads with photos of famous people – like Citro’s Nicole Pedersen-McKinnon – are rife.

Many of these ‘investment opportunities’ trick you by giving you a specialist account manager to talk with over the phone and convince you to add more and more money over time. Some promise tax-free returns, others promise lucrative property windfalls.

Many companies spruiking investments online or through social media ads and emails are designed only to steal your money. Once you’ve handed over money, your ‘account manager’ demands you pay more money or fees. They may even lock you out of your account.

Fraud investigator Dan Halpin – formerly from ASIO and NSW Police – says cryptocurrency trading is always high risk.

“Scammers are increasingly sophisticated, and even established exchanges aren’t without their issues, as we've seen with FTX's collapse and recent legal troubles at Binance. It’s safest to stick with trusted platforms like CoinSpot, Coinbase and Independent Reserve, but even then, only invest what you can afford to lose,” he says.

Job and romance scams: beware of becoming a mule

Remember those ‘work from home and earn a thousand dollars a week’ ads that we once saw on telegraph poles or supermarket notice boards? Well now they are on digital job boards like LinkedIn, Seek and Facebook Marketplace.

Sometimes you get a text or even a direct message on WhatsApp, Signal or Telegram. Usually, the ‘recruiter’ demands some form of your identity or even a payment to get this lucrative job (that likely does not even exist).

When these jobs do exist, employees are tricked into believing they work for a payroll or accounting firm and asked to transfer money through their own bank accounts. In reality, they are transferring scammed and stolen funds on behalf of criminals.

Romance scams work in the same way. The love interest usually needs money and the unwitting victim begins transferring funds. Once the victim is well and truly in love, the scammer tricks them into regularly making online transfers from their other victims to ‘place and layer’ the money, which is also known as money laundering. 

These are classic ‘social engineering’ scams that hoodwink victims into helping hide the proceeds of bigger and bolder frauds, which the big fish further up the criminal chain profit from but remain legally and financially distant from.

Scam recovery scams: the lowest of the low

If you’ve been a scam victim once, the evil criminals circle back and try to tell you they can recover your money, only to steal from you again.

“We have victims that are 4-5 years later being contacted by different types of scammers,” says Dan, whose own mother has been scammed 3 times.

Another variation of the recovery scam is someone receiving a phone call from ‘their bank’ – who is actually a scammer – telling them their account has been compromised and they need to login and secure their account together.

This is all a trick to get your account details and withdraw all your money. Watch this video by Jim Browning – a tech security expert who hacks the scammers – to learn techniques to disrupt this type of scammer. 

Protect your identity and privacy

Keep your personal and health information secure. Regularly change passwords or use a paid-for service like LastPass or OnePassword. Never give out usernames, PINs, security questions or one-time codes to anyone.

Take your time

Don’t trust anyone rushing or hurrying you to transfer money or take a job. You can also double check people’s identity by asking them to connect with you on LinkedIn or pasting their number into WhatsApp to check they have a legitimate profile. Most scammers hang up if you ask for their details!

Stay informed

Read your bank’s latest fraud, scam and security alerts regularly.

Stay up to date with New Zealand government warnings.

Always pause and assess. If you’re not sure, hang up, don’t open, don’t engage.

Feature image: iStock/Prostock-Studio

You might also like:

• 5 things to know about life expectancy to make the most of your money (and time)
• How to save money when you make big purchases
• 5 ways to save money on your car (that don’t involve catching the bus)