Protect your money from scams

Your safety and security are our top priority.

We're here to empower you with the knowledge you need to protect yourself and your money from scams and fraud.

Protect your money from scams

Your safety and security are our top priority.

We're here to empower you with the knowledge you need to protect yourself and your money from scams and fraud.


Thousands of scams are reported in New Zealand each year, and they can take many forms. This guide will help you identify common scams and provide tips to keep your bank accounts and personal information safe.


Here we'll cover:

  • Types of scams and fraud
  • Keeping yourself safe online
  • Keeping yourself safe on social media
  • Protecting your devices
  • Making sure you have backups
  • Safety features at Unity
  • Keeping kids, teens and whānau safe online

Download our helpful guide

To keep this information on hand, download our "protect your money from scams" guide here:

Scams Guide

You can also jump to these sections:

Types of scams and fraud


Scammers can impersonate banks, well-known companies, or law enforcement to trick you into revealing personal information or sending money. Here are some common examples:

Catch the hackers scam

Have you received a call from someone claiming to be from your financial provider or the Police? They might say your device or accounts have been hacked and need your help to catch the bad guys.


Here's how to protect yourself:

  • Don't share personal information: Never give out passwords, PINs, or account details.
  • Don't transfer money or download apps: Legitimate organisations won't ask you to do this.
  • Hang up immediately: If you suspect a scam, end the call.

 

Cold call phishing scam

Don't fall victim to these common tactics:

  • Urgent requests: Scammers often pressure you to act quickly.
  • Impersonation: They may pretend to be from your bank or a trusted company.
  • Personal information: They'll ask for sensitive details like passwords and 2FA codes.
  • Remote access: They might try to gain control of your device.


Here's how to protect yourself:

  1. Hang up: Don't engage with the caller.
  2. Verify: Contact your bank or the company directly using a known number.
  3. Never share personal information: Protect your sensitive data.
  4. Be cautious of unexpected calls and emails: If it seems suspicious, don't respond.
  5. Avoid unusual payment methods: Don't buy gift cards or use third-party transfer services.

Remember, your bank or a legitimate company will never ask you to share sensitive information over the phone.



Computer tech support scam

Have you received a call from someone claiming to be from a tech company like Spark or One NZ? They might say there's a problem with your computer or internet and ask you to download a remote access app.


Here's what to do:

  • Hang up: Immediately end the call.
  • Don't give remote access: Never allow anyone to control your device remotely.
  • Disconnect: If you've already given access, shut down your device and disconnect from the internet.
  • Change passwords: Use a different device to change all your passwords.
  • Scan for malware: Run a full security scan to check for malicious software.

Legitimate tech support will never call you out of the blue and ask for remote access.


Email or text message phishing/smishing scam

Scammers can impersonate organisations you’re familiar with and send unexpected emails or text messages. These could appear to be from Unity, another bank, a courier service or phone provider.

These messages usually contain a link to an imposter website.


Look out for:

  • A text asking for your banking information or payment when you are not expecting it (for example, a text to pay a toll bill when you haven’t been through a toll location).
  • A very low standard of message (check for low-quality design and bad grammar.
  • A website or email that is not directly from the real organisation.
  • A scam that is well known and well publicised.

Phishing or smishing can seem legitimate as they use the same logos and designs of the companies or organisations they’re pretending to be.



Remote access scam

Be wary of unexpected calls and emails claiming:

  • Your account is compromised: Scammers may pretend to be from your financial provider or a tech company.
  • You need to update your software: They might ask you to download suspicious apps or software.
  • Your internet connection is at risk: They may try to trick you into revealing personal information.


How to stay safe:

  • Never share personal information: This includes passwords, PINs, and account details.
  • Don't click on suspicious links or download unknown software: These can be malicious and harm your device.
  • Verify information: Contact your bank or the company directly using a trusted phone number or website.
  • Be cautious of urgent requests: Legitimate organisations won't pressure you to act immediately.



Banking fraud scam

Have you received a call claiming suspicious activity on your account?

For example: a caller pretends to be from Unity.

Fraudsters phone customers pretending to be bank staff and say their bank accounts are at risk of fraud or there is suspicious activity on their account. They may say that money needs to be moved to another account to protect it, request your online banking log in details, debit card details or remote access to your device.

Here's what to do:

  1. Hang up immediately.
  2. Don't share any personal information.
  3. Call us directly.


Remember, we will never ask you to:

  • Transfer money to a different account.
  • Provide remote access to your device.
  • Share your full card number or CVV.

Investment scams refer to any fraudulent activity designed to mislead potential investors into making decisions based on false information, deceitful practices, or misrepresentations. It often involves high-pressure tactics, fake investment opportunities, or promises of high returns with little to no risk.

The Christopher Luxon Scam

One of the more recent cases of investment fraud involves current Prime Minister Christopher Luxon. Scammers used Rt Hon Luxon’s name and likeness to promote a fraudulent investment opportunity. The scam involved advertisements, social media posts, and deep-fake endorsements that suggested he had backed a lucrative investment programme that promised massive returns.

The scam targeted individuals interested in cryptocurrency and forex trading. Investors were encouraged to deposit funds into a trading platform that, without their knowledge, is entirely fabricated.

Once investors deposit money, the scammers typically stop communicating, freeze accounts, or falsify returns to convince people to invest more.

Protect yourself from investment fraud

While scams like the Christopher Luxon fraud case can be alarming, there are several ways to protect yourself from falling victim to investment fraud:

1. Research thoroughly

Before investing in any opportunity, it’s crucial to conduct thorough research. Verify the credentials of the people or companies involved, check for licenses or regulatory approvals, and read independent reviews or news reports to ensure that the investment is legitimate.

2. Beware of "too good to be true" offers

If an investment promises unusually high returns with little to no risk, it’s likely a scam. All investments carry some degree of risk, and high returns generally come with high volatility.

3. Use trusted platforms

Invest through well-established and regulated platforms. Be wary of unfamiliar websites or trading platforms, especially those that ask for sensitive personal or financial information without clear security measures in place.

4. Consult with financial advisors

A licensed financial advisor can help you assess the risks of any investment opportunity and provide guidance tailored to your personal financial situation. Avoid making investment decisions based solely on unsolicited advice or aggressive sales tactics.

5. Report suspicious activity

If you suspect you’ve encountered a fraudulent investment opportunity, report it to the relevant authorities immediately. This might include:


Card fraud can happen in many ways, including:

  • Lost or stolen cards: Someone finds your card and uses it.
  • Card skimming: Thieves use devices to steal your card information from ATMs.
  • Data breaches: Your card details are stolen from online stores.
  • Phishing scams: You're tricked into sharing your card information online.


Stay safe with these tips:

  • Protect your card: Keep your card safe and never share your PIN or CVV.
  • Monitor your account: Regularly check your account for unusual activity.
  • Use strong passwords: Create unique, strong passwords for online banking.
  • Be wary of phishing: Don't click on suspicious links or download attachments.


Take control of your card:

Remember you can now manage the following Debit Mastercard settings via Internet or Mobile banking if you need to:

  • Change Your PIN: Keep your PIN secure.
  • Temporarily block your card: Prevent unauthorised use.
  • Cancel your card: If it's lost or stolen.
  • Disable online shopping and contactless payments: For added security.


What is a Money Mule?

A money mule is someone who is tricked or coerced into transferring stolen money for criminals. This can have serious legal consequences.


How Money Mule scams work:

  • Fake job offers: You're promised easy money for transferring funds or selling your account.
  • Phishing attacks: You're tricked into sharing personal banking information.
  • Relationship scams: You're manipulated into sending money to someone you think you know.
  • Threat-based scams: You're threatened with harm if you don't comply.


Protect yourself:

  • Be skeptical: Avoid offers of easy money or unusual job requests.
  • Do your research: Verify any job offers or requests for help.
  • Trust your gut: If something feels wrong, it probably is.
  • Never share personal information: Keep your banking details safe.
  • Be wary of online relationships: Don't send money to people you haven't met in person.


Have you received an invoice for something you didn't order?

Scammers are tricking people by sending fake invoices for products or services they haven't bought. They might hack a business's email to send fake invoices or intercept real ones to change the payment details.


Here's how to protect yourself:

1. Verify the invoice:

  • Call the business: Don't just reply to emails. Call the business directly to confirm the invoice and bank account details.

2. Act quickly:

  • Contact your credit union/bank: If you've already paid, contact the financial services provider the payment was sent from immediately to try and stop it.

3. Report the scam:


Be wary of unexpected calls or emails claiming you're eligible for a government grant or tax refund.

Scammers may ask for personal information or payment to process your "grant."

Here's how to protect yourself:

  • Hang up immediately.
  • Verify information: Contact the government agency directly using their official website or phone number.
  • For tax-related matters: Log into your Inland Revenue myIR account to check for legitimate notices.


The government will never ask for personal information over the phone or email.


An online buy and sell scam occurs when someone falsely poses as a buyer or seller on social media platforms or sets up a fraudulent business.


These scammers often exploit your optimism by offering unrealistic deals or fake payment confirmations.


How to protect yourself as a buyer:

  • Scrutinise the offer: Be cautious of deals that seem too good to be true.
  • Verify the seller: Check their reputation and reviews on the platform.
  • Inspect the goods: Whenever possible, inspect items in person before paying.
  • Secure payment methods: Avoid sharing personal financial information or using untrusted payment methods.
  • Request proof of payment: Verify payments directly with your bank or payment provider.
  • Use trusted platforms: Stick to reputable online marketplaces with buyer protection.


How to protect yourself as a seller:

  • Verify buyer identity: Be wary of buyers who contact you outside the platform.
  • Secure payment methods: Use trusted payment methods and avoid unusual payment requests.
  • Confirm payments directly: Don't rely solely on screenshots; verify payments through your bank.
  • Avoid phishing attempts: Be cautious of suspicious links or requests for personal information.
  • Protect your account: Keep your account information secure and enable strong security measures.


If something feels suspicious, it probably is. Always exercise caution and prioritise your online safety.


Scammers are increasingly using QR codes to trick people into downloading malicious software or visiting fake websites.

These scams can lead to identity theft, financial loss, and other serious consequences.

How to protect yourself:

  • Think twice before scanning: Be cautious about scanning QR codes from unknown sources or suspicious locations.
  • Check the URL: Before clicking on a QR code link, try to see the underlying URL. It should be a legitimate website.
  • Verify the source: If the QR code is from a business or organisation, confirm the promotion or giveaway on their official website or social media channels.
  • Avoid entering personal information: Never share sensitive information like passwords or credit card details on unfamiliar websites.


What is malvertising?

Malvertising is a malicious online advertising technique where cybercriminals distribute malware through seemingly legitimate online ads or browser push notifications. When unsuspecting users click on these compromised ads, malware can infect their devices.

How to protect yourself:

  • Be cautious of online ads: Avoid clicking on suspicious or unfamiliar ads.
  • Keep your software updated: Ensure your operating system, web browser, and antivirus software are up-to-date.
  • Use a reliable ad-blocker: Ad-blockers can help filter out malicious ads.
  • Be wary of unsolicited downloads: Avoid downloading files from unknown sources or clicking on suspicious links.
  • Use strong, unique passwords: Protect your online accounts with strong, unique passwords.
  • Enable two-factor authentication: Add an extra layer of security to your accounts.

Click here for more information on cyber security best practices.


Online romance scams
are a common way for criminals to steal money and personal information. Scammers create fake profiles on dating apps, social media, and websites to lure victims into relationships. They then use emotional manipulation to exploit trust and steal from their targets.


How romance scams work:

  • Love bombing: Scammers shower victims with excessive affection and flattery, creating a false sense of intimacy quickly.
  • Building trust: They spend time getting to know victims online, often for months, before making financial requests.
  • Urgent needs: Scammers will fabricate emergencies or problems requiring immediate financial assistance.
  • Isolation tactics: They may pressure victims to move communication off dating platforms and isolate them from friends and family.


Red flags to watch out for:

  • You've never met in person: The scammer avoids video calls or in-person meetings, always having excuses.
  • Quick commitment: They profess love quickly and pressure relationship progression (e.g., sudden marriage proposals).
  • Financial requests: They gradually escalate requests for money, investments, or gifts.
  • Hard-to-believe stories: They may claim to work in remote locations or have secretive jobs.
  • Unrealistic investment opportunities: They pressure involvement in risky, unclear financial schemes.


Protect yourself from a romance scam:

  • Never share financial or personal information: This includes passwords, bank details, and Social Security numbers.
  • Be wary of online profiles: Don't trust everything you see online; people can easily create fake profiles.
  • Research before investing: Thoroughly investigate any investment opportunities before committing.
  • Talk to someone you trust: Discuss your concerns with a friend or family member.


If you suspect you're involved in a romance scam:

  • Stop communication immediately: Cut all contact with the scammer.
  • Secure your accounts: Change passwords and report suspicious activity to your bank.
  • Report the scam: File a report with Netsafe.
  • Seek support: Contact IDCARE (0800 121 068) for victim assistance.


A sextortion scam is when you have been contacted online by someone you don't know well who is asking for personal photos or videos.

Be aware of sextortion scams, where scammers threaten to release intimate images or videos unless you pay them.


How scammers operate:

  • Building trust: Scammers often pose as someone your age to gain your confidence.
  • Sharing intimate content: They may share explicit images to encourage you to reciprocate.
  • Extortion threats: Once they have your personal content, they threaten to share it with your friends and family unless you pay a ransom.


How to protect yourself:

  1. Never share explicit photos or videos: Once shared, they can be used to blackmail you.
  2. Don't engage with the scammer: Ignore their messages and threats.
  3. Report the scam: Contact your local police and online platforms where the scam occurred.
  4. Seek support: Talk to a trusted friend or family member about what happened.


Remember, you're not alone.


Many people fall victim to sextortion scams. By staying informed and taking precautions, you can protect yourself.

Keeping yourself safe online

Never save your passwords, PINs, or credentials on your browser or devices (or write them down!). Change them regularly and consider using a password manager for strong, unique passwords across all accounts.

Properly dispose of bank statements, card statements, and other documents containing personal information.

Double-check the account name and number before making any kind of transfer or payment. For example: we don’t use account names for processing payments – only account numbers. Mismatched information is a red flag for potential scams.

Shop with reputable companies and beware of unfamiliar online sites. Look for the locked padlock symbol in the browser address bar.

Don't grant remote access to your device to anyone who contacts you unexpectedly. Downloaded software used by fraudsters can capture your personal and banking login details.

Be wary of clicking links or opening attachments in emails, text messages, or on unfamiliar websites. Hover over a link with your mouse to see the actual destination URL before clicking. On smartphones, press and hold the link to see the URL.

Avoid making payments, accessing online banking, or doing anything personal when using public Wi-Fi, as it may not be secure. Use your mobile data plan instead.

Keeping yourself safe on social media

Be mindful of what you share on social media, especially your date of birth, address, and financial details.

Limit connections to people you know and trust. Fraudsters can use what you share to impersonate you.

Set your posts to "Friends Only" or a custom list to control who sees your information.

Protecting your devices

Set a strong password, PIN, pattern, or biometric authentication (fingerprint, face, or voice recognition) for your mobile device and computer.

Set locks for banking apps and security settings on your device.

Never share your password, PIN, or pattern with anyone. Don't allow anyone to register their fingerprint, face, or voice for unlocking your device.

Don't give remote access to your computer or device to anyone who calls you unexpectedly.

If you sell your device, reset it to factory settings first.

Lock your mobile device and computer when you're not using them and log out of apps.

Update the operating systems and apps on your devices regularly. Set them to auto-update for the latest security patches.

Keep your antivirus software up to date and run regular scans.

Only install apps from official app stores like the App Store or Google Play.

Check app popularity, reviews, and developer information to confirm its legitimacy. Fake apps can exist even on official stores.

Make sure app permissions (e.g., access to personal data) are reasonable for the apps function.

Review how your data will be used by the app.

Delete apps you no longer use.

Limit access if necessary. Be cautious if other people have access to your device. If someone else's fingerprint, face, or other biometric identification is stored on your device, don't enable biometric access for your banking apps. Don't enable mobile wallet cards on a shared device.

Making sure you have backups

Backup your mobile phone, devices, and computers to protect data like names, addresses, photos, files, and documents.

Use a strong password to prevent unauthorised access to your backup. Consider storing a copy of your information (e.g., photos, files, documents.)

Safety features at Unity

All personal passwords must meet minimum strength requirements to prevent unauthorised access.

Your initial download of the Unity Mobile Banking app requires your full Internet Banking username and password. This extra step helps prevent unauthorised access.

Our team actively monitors your accounts for unusual activity. If we suspect suspicious transactions, we'll contact you to confirm if they're legitimate. It's important to regularly review your transactions and let us know in advance if you're traveling overseas and plan to use your card.

Think of your CVV (the 3-digit code on the back of your debit card) as a password. With Dynamic CVV, this password changes regularly on your digital debut card, making it harder for fraudsters to use your card details, even if they have them. It's like having a new password every time you make an online purchase.

You have the power to decide when and where you want to use contactless payments. With a simple switch in our Mobile Banking app or in Internet Banking, you can easily turn this feature on or off, giving you complete control over your transactions.

Keeping kids, teens, and whānau safe online

Monitor activity and limit access to certain websites to protect tamariki (children) and mokopuna (grandchildren) online.

Talk to kids about their online friends and to be wary of strangers.

Discuss the dangers of posting personal information and highlight privacy settings.

Don't allow unsupervised devices to be used in private areas of your home.

Talk to your kids about online safety and what “personal information” means. This includes videos, pictures, usernames, and more.

If you or your child suspect someone suspicious online, stop contact immediately.

Fraud Awareness Week Homepage Banner 1920x550 1

Common signs of fraud

 

  • Unexpected calls, emails, or texts urging immediate action.
  • Requests to download software or apps to give someone remote access to your device.
  • Requests for personal or financial information (including PINs, passwords, or banking details). We will never ask for this information!).
  • Requests for remote access to your device to log into Internet Banking.
  • Requests to send money to "catch criminals" or hackers.
  • Requests to make payments using untraceable methods like gift cards, Bitcoin, or money transfers instead of a bank.
  • Emails from unknown senders with unfamiliar links or attachments.
  • Offers that sound too good to be true or don't add up.
  • Requests from someone you met online for money to help with a difficult situation.
  • Emails from a company with spelling errors, poor formatting, or branding.

Spot the red flags

 

Before you take any action, ask yourself these questions:

  • Do you know the person you're sending funds to? Are they a real person?
  • Have you been asked to receive and send funds on behalf of another person or company?
  • Have you been asked to allow someone remote access to your device to log onto internet banking or your mobile banking app?
  • Do you understand the reason you're sending funds?
  • Have you received an invoice for this payment or transfer?
  • Have the bank account details changed for a company you make regular payments to?
  • Why are you being asked to send funds to a country outside New Zealand?

Warning signs

 

  • Poor grammar and spelling: Scammers may struggle with proper English.
  • Urgent requests: Communication pushing for immediate action is a major red flag.
  • Generic messages: If a message doesn't seem personal to you, be cautious.
  • Unknown senders: Don't engage with unknown contacts.
  • Suspicious links: Hover over links to see the actual URL before clicking.

How not to be a victim

 

  • Never respond or send money.
  • Report the scam to your local police.
  • Talk to a trusted friend or family member for support.
  • Never share personal details online.
  • Delete suspicious emails.
  • Update passwords.
  • Verify legitimacy.
  • Secure your Wi-Fi.

What to do if you think you've been scammed 

 

Contact us immediately: We can investigate suspicious activity and help to protect your funds.

Report scams: Report to NetSafe (New Zealand online safety organisation) or to the Police (dial 105).

Unity staff will never ask for your Internet Banking or Mobile Banking password or PINs. If someone claims to be from Unity and requests this information, hang up and contact us directly.

For more information and support, visit: