Scammers can impersonate banks, well-known companies, or law enforcement to trick you into revealing personal information or sending money. Here are some common examples:

Catch the hackers' scam

Have you received a call from someone claiming to be from your financial provider or the Police? They might say your device or accounts have been hacked and need your help to catch the bad guys.

Here's how to protect yourself:

• Don't share personal information: Never give out passwords, PINs, or account details.
• Don't transfer money or download apps: Legitimate organisations won't ask you to do this.
• Hang up immediately: If you suspect a scam, end the call.

Cold call phishing scam

Don't fall victim to these common tactics:

• Urgent requests: Scammers often pressure you to act quickly.
• Impersonation: They may pretend to be from your bank or a trusted company.
• Personal information: They'll ask for sensitive details like passwords and 2FA codes.
• Remote access: They might try to gain control of your device.

Here's how to protect yourself:

1. Hang up: Don't engage with the caller.
2. Verify: Contact your bank or the company directly using a known number.
3. Protect your data: Never share personal information
4. Be cautious of unexpected calls and emails: If it seems suspicious, don't respond.
5. Avoid unusual payment methods: Don't buy gift cards or use third-party transfer services.

Remember, your bank or a legitimate company will never ask you to share sensitive information over the phone.

Computer tech support scam

Have you received a call from someone claiming to be from a tech company like Spark or One NZ? They might say there's a problem with your computer or internet and ask you to download a remote access app.

Here's what to do:

• Hang up: Immediately end the call.
• Don't give remote access: Never allow anyone to control your device remotely.
• Disconnect: If you've already given access, shut down your device and disconnect from the internet.
• Change passwords: Use a different device to change all your passwords.
• Scan for malware: Run a full security scan to check for malicious software.

Legitimate tech support will never call you out of the blue and ask for remote access.

Email or text message phishing/smishing scam

Scammers can impersonate organisations you’re familiar with and send unexpected emails or text messages. These could appear to be from Unity, another bank, a courier service or phone provider.

These messages usually contain a link to an imposter website.

Look out for:

• A text asking for your banking information or payment when you are not expecting it (for example, a text to pay a toll bill when you haven’t been through a toll location).
• A very low standard of message (check for low-quality design and bad grammar.
• A website or email that is not directly from the real organisation.
• A scam that is well known and well publicised.

Phishing or smishing can seem legitimate as they use the same logos and designs of the companies or organisations they’re pretending to be.

Remote access scam

Remote access scams involve scammers pretending to help with a problem, but their real goal is to trick you into giving them access to your devices or personal information.

Be wary of unexpected calls and emails claiming:

• Your account is compromised: Scammers may pretend to be from your financial provider or a tech company.
• You need to update your software: They might ask you to download suspicious apps or software.
• Your internet connection is at risk: They may try to trick you into revealing personal information.

How to stay safe:

• Never share personal information, including passwords, PINs, and account details.
• Don't click on suspicious links or download unknown software, as these can be malicious and harm your device.
• Contact your bank or the company directly using a trusted phone number or website to verify the information.
• Be cautious of urgent requests - legitimate organisations won't pressure you to act immediately.

Banking fraud scam

Have you received a call claiming suspicious activity on your account?

For example, a caller pretends to be from Unity.

Fraudsters phone customers pretending to be bank staff and say their bank accounts are at risk of fraud or there is suspicious activity on their accounts. They may say that money needs to be moved to another account to protect it, request your online banking login details, debit card details or remote access to your device.

Here's what to do:

1. Hang up immediately.
2. Don't share any personal information.
3. Call us directly.

Remember, we will never ask you to:

• Transfer money to a different account.
• Provide remote access to your device.
• Share your full card number or CVV.

These types of scams are still circulating online, with more fake websites and merchants being identified by the FMA. Be extremely cautious when you see ads on social media using celebrity images to promote investment opportunities. If you come across these ads, don’t click on them and don’t share any personal information.

How this scam works:

• Scammers create fake social media ads featuring deepfake celebrity interviews or fake news articles that look like they’re from well-known New Zealand media outlets.
• The ad often shows a familiar NZ celebrity and an eye-catching headline, which may not look like an investment ad at first.
• Clicking the ad takes you to a fake news article on a copycat website. The article falsely claims the celebrity made huge profits through a particular investment platform.
• The article links to the investment site, often involving cryptocurrency or foreign exchange trading, where you’re asked to register and provide your contact details.
• A scammer then calls, posing as a broker or adviser, and tells you to make an initial payment (usually around $250 USD or euros).
• They may ask you to download remote access software like “AnyDesk” so they can “help” you set up investments.
• To build trust, scammers sometimes send fake “profits” to your bank account and show you dashboards that track supposed investments.
• Later, when you try to withdraw funds, they claim you must pay large fees first. Even if you pay these fees, the money is never returned.

What to do if you think you’ve been scammed:

• Stop all contact with the scammer and don’t send any more money.
• Contact your bank immediately to see if the payment can be reversed. If you used another payment service, ask them to trace the funds.
• If you downloaded remote access software, get your device checked by an IT professional. If you logged into banking or payment sites while the software was active, report this to those providers right away.
• If scammers keep calling, report the number to your telecommunications provider.
• Report any spam texts or emails to the Department of Internal Affairs.
• Talk to someone you trust about what’s happened. A friend or family member can support you and help you take the next steps.
• Contact Victim Support on 0800 842 846 or visit their website for free practical and emotional support.

Mobile wallets like Apple Pay and Google Pay make everyday payments quick and secure, but scammers are finding new ways to misuse this technology. If they manage to get hold of your card details and authentication codes, they can add your card to their own device and make purchases without your permission.

How this scam works:

Scammers first get your card details and sometimes your online banking login information through phishing texts, fake emails, social media messages, or phone calls. This can allow them to:

• Register your card on their own mobile wallet app.
• Trick you into sharing two-factor authentication codes needed to activate the card.
• Once the card is added, they can make unauthorised purchases without needing your physical card.
• While mobile wallets themselves are secure, scammers exploit weak points like phishing or rushed responses to gain access.

How to protect yourself:

• Be alert for unexpected messages: Treat unexpected emails, texts, social media messages, or calls with caution.
• Never share personal information: Don’t enter your card or banking details on unknown or suspicious websites.
• Avoid suspicious links: Only download apps from trusted app stores and always access Internet Banking through Unity’s official website.
• Keep authentication codes private: Unity will never ask you to share two-factor authentication codes by email, text, or phone.
• Check your transactions regularly: Report any unusual activity to Unity straight away.

The ‘Hi Mum’ scam targets parents and caregivers by impersonating whānau through messages that appear to come from a child or family member. These scams often begin on WhatsApp, from a new phone number, or through fake social media accounts, and are designed to create urgency and emotional pressure.

How this scam works:

Scammers pretend to be your child or another close family member and claim they’ve lost their phone, which is why they’re messaging from a new number.

Once they’ve gained your trust, they typically ask for money, often saying:

• It’s an emergency and they urgently need funds.
• They need help paying bills or expenses.
• They want money for something they wish to buy.

By creating a sense of urgency, scammers hope you’ll send money before checking whether the request is genuine.

How to protect yourself:

• Verify their identity: Contact your child or family member using their usual number or try a video call to confirm who’s really messaging you.
• Use a family code word: Agree on a unique word or phrase that only your whānau knows. If someone can’t provide it, it’s likely a scam.
• Don’t rush: Even if the message sounds urgent, take your time to check. Scammers rely on panic to push you into quick decisions.
• Block the scammer: If you confirm it’s a scam, block the number or account immediately to stop further contact.

A quick check can make all the difference. If something doesn’t feel right, pause and verify before sending any money.

Online marketplaces and social media platforms have made it easier than ever to buy and sell goods. Unfortunately, they’ve also created opportunities for scammers to target both buyers and sellers. Understanding common scams and knowing how to protect yourself can help keep your money and personal information safe.

What is an online buy & sell scam?

Online buy and sell scams happen when someone falsely poses as a buyer or seller, often on social media platforms or through fake businesses.

Facebook Marketplace scams on the rise

Facebook is not only a platform for keeping in touch with family and friends, but also a popular hub for local ‘buy and sell’ groups and business pages. While many of these pages and people are genuine, some unfortunately involve scammers.

What to look out for:

1. Seller scams

• You pay for an item, but don’t receive it (or you receive something completely different).
• The scammer may put pressure on you to act quickly, without thinking it through.
• The scammer insists on payment of a deposit before you have viewed or agreed to make the purchase.
• The scammer will only accept payment via PayPal and refuses cash or direct payments.
• Once you’ve paid, the scammer may block you or ignore your messages, making further contact impossible.

2. Buyer scams

• The scammer pretends to be a buyer and insists on using their own delivery company.
• They send you a link to a fake website asking you to pay a small “insurance fee.”
• The fake site is designed to steal your banking information.

Common scammer tactics:

• Overpayment scams:  The scammer “accidentally” overpays and asks you to refund the difference.
• Fake payment confirmations: They send fake emails or screenshots, hoping you’ll release the goods before verifying funds.
• Phishing and information theft: Scammers ask for personal details, bank logins, or phone verification codes to access your accounts.
• Bait and switch: A desirable item is advertised at a low price, then replaced with an inferior or more expensive alternative.
• Advance payment scams: The scammer requests upfront payment for a high-demand item and then disappears.
• Fake shipping/insurance fees: You’re asked to pay a fee through a fraudulent courier site.

How to spot genuine buyers, sellers, and businesses:

• Business pages: Look for pages that have detailed profiles, active selling histories, and positive customer reviews. Complete a Google search for scam reports.
• Seller profiles: Check their past activity and search their name online for any red flags.
• Delivery companies: If a buyer wants to use a specific courier, research it independently to confirm it’s legitimate.

Tips for safe transactions:

• Verify identities carefully.
• Use secure payment methods and confirm funds before handing over goods.
• Meet in safe, public places whenever possible.
• Trust your instincts - don’t rush into deals.
• Never share banking information or verification codes.
• Keep communication on the platform to protect your privacy.
• Be cautious of urgency tactics - scammers often pressure you to act fast.

Card fraud can happen in many ways, and scammers are becoming increasingly sophisticated. Knowing the risks and taking a few simple precautions can help keep your money safe.

Common types of card fraud:

• Lost or stolen cards: Someone finds your card and uses it without your permission.
• Card skimming: Thieves use devices to steal your card information from ATMs.
• Data breaches: Your card details are stolen from online stores or company databases.
• Phishing scams: You’re tricked into sharing your card information through fake websites, emails, or messages.

A new scam to watch out for:

Scammers are currently impersonating bank staff, often over the phone, and convincing Kiwis to hand over their bank cards and PINs. They may appear to be helping protect the customer from card scams, but instead they are stealing the customers card details. Scammers may:

• Call pretending to be from your bank and claim your card has been compromised.
• Offer a fake ‘secure collection service’ and ask you to leave your card and PIN in your mailbox for pickup.
• In some cases, they also ask for your PIN over the phone and try to gain remote access to your devices to get into your online banking.

This scam can apply to credit, debit and EFTPOS cards.  Once they have your card and PIN, scammers make ATM withdrawals and purchases, including buying gift cards. This scam is happening across Aotearoa and can be convincing because the scammer seems to be helping you.

How to stay safe:

• Hang up unexpected calls: If someone claims to be from Unity, end the call and contact us directly using the phone number on our official website.
• Don’t leave your card in unsecure places: We’ll never ask you to leave your card or PIN in your letterbox or send someone to collect it.
• Avoid suspicious links: Never click on links or download attachments from unknown or unexpected messages. Always log in to Internet Banking through the official Unity website.
• Keep your details private: Never share your PIN, CVV, or any banking details by phone, email, or text. Unity will never ask you to do this.
• Don’t grant remote access: Never allow remote access to your devices unless you’ve initiated contact with us. Our fraud team may call to verify transactions, but we’ll never ask for remote access.

Tips to protect your card:

• Monitor your account: Regularly check for any unusual transactions.
• Use strong passwords: Create unique, secure passwords for online banking.
• Be alert for phishing: Don’t click suspicious links or open unexpected attachments.

Manage your card online:

You can now take control of your Debit Mastercard through Internet or Mobile Banking at any time:

• Change your PIN to keep it secure.
• Temporarily block your card if you’ve misplaced it.
• Cancel your card if it’s lost or stolen.
• Disable online shopping and contactless payments for extra protection.

What is a Money Mule?

A money mule is someone who is tricked or coerced into transferring stolen money for criminals. This can have serious legal consequences.

How Money Mule scams work:

• Fake job offers: You're promised easy money for transferring funds or selling your account.
• Phishing attacks: You're tricked into sharing personal banking information.
• Relationship scams: You're manipulated into sending money to someone you think you know.
• Threat-based scams: You're threatened with harm if you don't comply.

Protect yourself:

• Be skeptical: Avoid offers of easy money or unusual job requests.
• Do your research: Verify any job offers or requests for help.
• Trust your gut: If something feels wrong, it probably is.
• Never share personal information: Keep your banking details safe.
• Be wary of online relationships: Don't send money to people you haven't met in person.

Have you received an invoice for something you didn't order?

Scammers are tricking people by sending fake invoices for products or services they haven't bought. They might hack a business's email to send fake invoices or intercept real ones to change the payment details.

Here's how to protect yourself:

1. Call the business: Don't just reply to emails - call the business directly to confirm the invoice and bank account details.
2. Act quickly: If you've already paid, contact the financial services provider the payment was sent from immediately to try and stop it.
3. Alert the authorities: Report the incident to Cert NZ or the Police (105).

Be wary of unexpected calls or emails claiming you're eligible for a government grant or tax refund.

Scammers may ask for personal information or payment to process your "grant."

Here's how to protect yourself:

• Hang up immediately.
• Contact the government agency directly using their official website or phone number.
• Log into your Inland Revenue myIR account to check for legitimate notices.

The government will never ask for personal information over the phone or email.

Scammers are increasingly using QR codes to trick people into downloading malicious software or visiting fake websites.

These scams can lead to identity theft, financial loss, and other serious consequences.

How to protect yourself:

• Be cautious about scanning QR codes from unknown sources or suspicious locations.
• Before clicking on a QR code link, try to see the underlying URL. It should be a legitimate website.
• If the QR code is from a business or organisation, confirm the promotion or giveaway on their official website or social media channels.
• Never share sensitive information like passwords or credit card details on unfamiliar websites.

What is malvertising?

Malvertising is a malicious online advertising technique where cybercriminals distribute malware through seemingly legitimate online ads or browser push notifications. When unsuspecting users click on these compromised ads, malware can infect their devices.

How to protect yourself:

• Be cautious of online ads: Avoid clicking on suspicious or unfamiliar ads.
• Keep your software updated: Ensure your operating system, web browser, and antivirus software are up-to-date.
• Use a reliable ad-blocker: Ad-blockers can help filter out malicious ads.
• Be wary of unsolicited downloads: Avoid downloading files from unknown sources or clicking on suspicious links.
• Use strong, unique passwords: Protect your online accounts with strong, unique passwords.
• Enable two-factor authentication: Add an extra layer of security to your accounts.

Click here for more information on cyber security best practices.

Online romance scams are a common way for criminals to steal money and personal information. Scammers create fake profiles on dating apps, social media, and websites to lure victims into relationships. They then use emotional manipulation to exploit trust and steal from their targets.

How romance scams work:

• Love bombing: Scammers shower victims with excessive affection and flattery, creating a false sense of intimacy quickly.
• Building trust: They spend time getting to know victims online, often for months, before making financial requests.
• Urgent needs: Scammers will fabricate emergencies or problems requiring immediate financial assistance.
• Isolation tactics: They may pressure victims to move communication off dating platforms and isolate them from friends and family.

Red flags to watch out for:

• You've never met in person: The scammer avoids video calls or in-person meetings, always having excuses.
• Quick commitment: They profess love quickly and pressure relationship progression (e.g., sudden marriage proposals).
• Financial requests: They gradually escalate requests for money, investments, or gifts.
• Hard-to-believe stories: They may claim to work in remote locations or have secretive jobs.
• Unrealistic investment opportunities: They pressure involvement in risky, unclear financial schemes.

Protect yourself from a romance scam:

• Never share financial or personal information: This includes passwords, bank details, and Social Security numbers.
• Be wary of online profiles: Don't trust everything you see online; people can easily create fake profiles.
• Research before investing: Thoroughly investigate any investment opportunities before committing.
• Talk to someone you trust: Discuss your concerns with a friend or family member.

If you suspect you're involved in a romance scam:

• Stop communication immediately: Cut all contact with the scammer.
• Secure your accounts: Change passwords and report suspicious activity to your bank.
• Report the scam: File a report with Netsafe.
• Seek support: Contact IDCARE (0800 121 068) for victim assistance.

A sextortion scam is when you have been contacted online by someone you don't know well who is asking for personal photos or videos.

Be aware of sextortion scams, where scammers threaten to release intimate images or videos unless you pay them.

How scammers operate:

• Building trust: Scammers often pose as someone your age to gain your confidence.
• Sharing intimate content: They may share explicit images to encourage you to reciprocate.
• Extortion threats: Once they have your personal content, they threaten to share it with your friends and family unless you pay a ransom.

How to protect yourself:

1. Never share explicit photos or videos: Once shared, they can be used to blackmail you.
2. Don't engage with the scammer: Ignore their messages and threats.
3. Report the scam: Contact your local police and online platforms where the scam occurred.
4. Seek support: Talk to a trusted friend or family member about what happened.

Remember, you're not alone.

Many people fall victim to sextortion scams. By staying informed and taking precautions, you can protect yourself.

Never save your passwords, PINs, or credentials on your browser or devices (or write them down!). Change them regularly and consider using a password manager for strong, unique passwords across all accounts.

Properly dispose of bank statements, card statements, and other documents containing personal information.

Double-check the account name and number before making any kind of transfer or payment. For example: we don’t use account names for processing payments – only account numbers. Mismatched information is a red flag for potential scams.

Shop with reputable companies and beware of unfamiliar online sites. Look for the locked padlock symbol in the browser address bar.

Don't grant remote access to your device to anyone who contacts you unexpectedly. Downloaded software used by fraudsters can capture your personal and banking login details.

Be wary of clicking links or opening attachments in emails, text messages, or on unfamiliar websites. Hover over a link with your mouse to see the actual destination URL before clicking. On smartphones, press and hold the link to see the URL.

Avoid making payments, accessing online banking, or doing anything personal when using public Wi-Fi, as it may not be secure. Use your mobile data plan instead.

Be mindful of what you share on social media, especially your date of birth, address, and financial details.

Limit connections to people you know and trust. Fraudsters can use what you share to impersonate you.

Set your posts to "Friends Only" or a custom list to control who sees your information.

Set a strong password, PIN, pattern, or biometric authentication (fingerprint, face, or voice recognition) for your mobile device and computer.

Set locks for banking apps and security settings on your device.

Never share your password, PIN, or pattern with anyone. Don't allow anyone to register their fingerprint, face, or voice for unlocking your device.

Don't give remote access to your computer or device to anyone who calls you unexpectedly.

If you sell your device, reset it to factory settings first.

Lock your mobile device and computer when you're not using them and log out of apps.

Update the operating systems and apps on your devices regularly. Set them to auto-update for the latest security patches.

Keep your antivirus software up to date and run regular scans.

Only install apps from official app stores like the App Store or Google Play.

Check app popularity, reviews, and developer information to confirm its legitimacy. Fake apps can exist even on official stores.

Make sure app permissions (e.g., access to personal data) are reasonable for the apps function.

Review how your data will be used by the app.

Delete apps you no longer use.

Limit access if necessary. Be cautious if other people have access to your device. If someone else's fingerprint, face, or other biometric identification is stored on your device, don't enable biometric access for your banking apps. Don't enable mobile wallet cards on a shared device.

Backup your mobile phone, devices, and computers to protect data like names, addresses, photos, files, and documents.

Use a strong password to prevent unauthorised access to your backup. Consider storing a copy of your information (e.g., photos, files, documents.)

All personal passwords must meet minimum strength requirements to prevent unauthorised access.

Your initial download of the Unity Mobile Banking app requires your full Internet Banking username and password. This extra step helps prevent unauthorised access.

Our team actively monitors your accounts for unusual activity. If we suspect suspicious transactions, we'll contact you to confirm if they're legitimate. It's important to regularly review your transactions and let us know in advance if you're traveling overseas and plan to use your card.

Think of your CVV (the 3-digit code on the back of your debit card) as a password. With Dynamic CVV, this password changes regularly on your digital debut card, making it harder for fraudsters to use your card details, even if they have them. It's like having a new password every time you make an online purchase.

You have the power to decide when and where you want to use contactless payments. With a simple switch in our Mobile Banking app or in Internet Banking, you can easily turn this feature on or off, giving you complete control over your transactions.

Monitor activity and limit access to certain websites to protect tamariki (children) and mokopuna (grandchildren) online.

Talk to kids about their online friends and to be wary of strangers.

Discuss the dangers of posting personal information and highlight privacy settings.

Don't allow unsupervised devices to be used in private areas of your home.

Talk to your kids about online safety and what “personal information” means. This includes videos, pictures, usernames, and more.

If you or your child suspect someone suspicious online, stop contact immediately.