How to spot a scam email.............and protect yourself
Think before you click..
🛡️ How to Spot a Scam Email in New Zealand – And Protect Yourself
With the rise of digital communication, scam emails—also known as phishing—are becoming more sophisticated and harder to detect. In New Zealand, CERT NZ (Computer Emergency Response Team) has reported a steady increase in cybercrime, including email scams targeting individuals and businesses alike. Whether it’s a fake invoice, a phony courier notification, or a message pretending to be from IRD, knowing how to identify and protect yourself from these scams is more important than ever.
🚩 Common Signs of a Scam Email
Scam emails often impersonate trusted organisations—like NZ Post, Inland Revenue (IRD), or your bank—to trick you into handing over personal or financial information. Here are the top red flags to look out for:
1. Suspicious Sender Address
Look closely at the sender's email. It might look legitimate at first glance, but often includes odd domains or misspellings (e.g. n0reply@ird-nz.com instead of a verified IRD domain).
2. Urgent or Threatening Language
Scammers create panic to rush your judgment. Common phrases include “Your account will be suspended” or “Last chance to claim your refund.”
3. Unexpected Attachments or Links
If you receive an email with attachments or links you weren’t expecting—especially if the message urges you to open them immediately—be cautious. These could install malware or lead to phishing websites.
4. Requests for Personal or Financial Information
Legitimate organisations will never ask for your passwords, bank details, or verification codes via email.
5. Poor Grammar or Spelling Mistakes
Many scam emails are written quickly or translated poorly, so keep an eye out for awkward phrasing or typos.
🧰 How to Protect Yourself
✅ 1. Use Multi-Factor Authentication (MFA)
Enable MFA wherever possible—especially for email, banking, and cloud accounts. This adds an extra layer of security even if your password is compromised.
✅ 2. Don’t Click—Verify First
If something feels off, don’t click any links. Instead, contact the organisation directly using official contact details from their website.
✅ 3. Install Security Software
Use reputable antivirus and anti-malware software, and keep your operating system updated to protect against new threats.
✅ 4. Report Scams
Forward suspicious emails to CERT NZ at report@cert.govt.nz and delete them. If you’ve already clicked a link or shared personal information, act quickly and contact your bank and CERT NZ for next steps.
✅ 5. Educate Yourself and Others
Talk to friends, family, and coworkers about scam tactics. Scammers often target vulnerable individuals, including the elderly and new migrants.
📊 Real Scams Reported in New Zealand
According to CERT NZ’s latest quarterly report, email scams impersonating NZ Post and Inland Revenue were among the most common. In many cases, the scams included fake tracking links or tax refund offers. In 2024 alone, Kiwi businesses lost millions to invoice scams and business email compromise attacks.
🚨 What to Do If You’ve Been Scammed
- Change your passwords immediately.
- Contact your bank to freeze any suspicious transactions.
- Report the incident to CERT NZ at www.cert.govt.nz.
- Check your credit report via services like Centrix or Equifax NZ to ensure your identity hasn’t been misused.
Final Thoughts
Scam emails are becoming more common—and more convincing—but with vigilance and the right tools, you can protect yourself. In New Zealand, CERT NZ is your first line of defence. Stay alert, think before you click, and spread the word to help others stay safe online.
