Some of the most common tricks in the book – and how to avoid them.
Named after the section of Nigeria’s Criminal Code that banned the practice. An email, typically addressed to “Dear Beloved Friend”, requests help to retrieve a large sum of money, promising rich rewards in return for covering initial legal and transfer costs. Other “advanced fee” frauds include lottery and inheritance scams, where an upfront payment is required before claiming your winnings or bequest.
Advice: Never send money to someone you don’t know or haven’t met. All electronic money transfers (via services such as Western Union) are like sending cash: once the money has been collected, it’s almost impossible to get back.
The most common form of online scam. An email or text appearing to be from an official organisation (such as your bank, PayPal or a government department) directs you to a link where you’re requested to log in, giving access to your personal or financial information. Other phishing or “spoofing” scams harvest name/email combinations by masquerading, for example, as a genuine shop or website’s customer loyalty programme.
Advice: Reputable organisations will never ask for personal information through email or text. Don’t use the phone number or email address provided; look for contact information listed on official sites. Type your email address into haveibeenpwned.com to see if it’s ever been compromised in a data breach.
A text or email from Inland Revenue asks for your account details so you can be paid a tax refund. Alternatively, you owe money and will be reported to the police or a debt-collection agency if you don’t pay up.
Advice: See above.
Often targeted at experienced investors, using professional-looking websites and online “trading” accounts that can make it difficult to tell a scam from the real deal.
Advice: Do your due diligence first. The Financial Markets Authority flags unregistered businesses and potential scam operators on its website; alerts are also posted by CERT, Scamwatch and Netsafe. It is illegal in New Zealand to cold call and offer investment advice.
Digital wallets can be open to online hacking (a bitcoin exchange in Tokyo filed for bankruptcy in 2014 after “losing” bitcoins valued at more than US$450 million), but fake bitcoin exchanges are also a common online scam.
Advice: See above.
Recovery room scams
A cruel double whammy where fraud victims are contacted by fake investigators offering their help to get back some of the money lost – for a fee.
Advice: See above.
Scammers “groom” victims on social media or dating sites, luring them into a relationship by creating a fake online persona, and then asking for money – to pay for an airfare so they can come for a visit, perhaps, or to help with a family emergency. In the most serious cases, victims have ended up in jail after being used as international drug mules or to launder money.
Advice: Never send money to someone you haven’t met or provide financial details on a dating site. Do a search of their profile picture or other photos they’ve sent you on Google Images or TinEye to see if they’re stock shots or been lifted from somewhere else. Talk to family or friends, as the scammer will try to isolate you.
PC Doctor scams
A classic “tech support” sting that dates back to 2015 and has resurfaced in other guises. A scammer, typically claiming to be from Microsoft or Spark, calls with the news that your computer is infected or running slowly, and offers to help.
Advice: Hang up immediately. If concerned, call your provider directly using the company’s public contact details. Never give someone you haven’t met remote access to your computer.
You’re renovating and a contractor emails you an invoice asking for the progress payment to be made into a different account; a scammer pockets the cash, leaving you with an unpaid bill from the genuine supplier.
Advice: Any request to change your normal method of payment is an immediate red flag. Pick up the phone and ring the contractor yourself. Another trick is being sent fake “resubscription” invoices, such as bills for anti-virus software you never signed up for in the first place.
Personal information harvested through phishing, spyware, hacking or even rifling through your rubbish bin is used to commit fraud, from spending sprees on your credit card to applying for a loan or passport.
Advice: Don’t do online banking or shopping at wifi hotspots, and keep your computer operating system and phone apps updated to “patch” any software vulnerabilities. Use two-factor authentication for payments where possible, and create strong, unique passwords for all key online accounts (use a password manager to keep track of them). Contact a credit-reporting company (Centrix, Illion or Equifax) to have a free check done, to see if anyone is using your personal details to get loans or credit. For more information on protecting yourself against identity theft, visit idcare.org.
CEO email scams
Fraudsters impersonate a senior executive to request an urgent transfer of funds.
Advice: Follow up by phone or in person; never use the contact information provided. Check the sender’s email address: often it looks legitimate at first glance but has been slightly altered.
Triggered by clicking on an email attachment or link, malware infects your computer to harvest personal information or, in the worst-case scenario, encrypt or destroy your data.
Advice: Remove the network cable from your PC/laptop, disable wifi and report immediately. Excel files more easily trigger a link, and files with a “.bin” extension are among the most dangerous, potentially unleashing a virus that gives remote access to your computer. And beware of hoax messages warning that your computer has been infected, directing you to a download link for (fake) anti-virus software.
These range from hoax bomb scares and sextortion scams to kidnap threats, often using personal details collected from blogs and social media to create the appearance of real danger.
Advice: Don’t respond. Blackmail is a crime: if you’re concerned the threat is real, contact the police.
Fake shopping websites
On first glance, these can be convincing counterfeits. Red flags include grammatical errors, a suspect domain name, poor customer reviews (look past glowing references on the first page), unclear refund policy, and a lack of secure payment methods (credit card/Paypal).
Advice: Type the website address into Google’s “Transparency Report” to check its safety rating; this will not only flag anything dodgy but show if a legitimate site has been compromised.
This article was first published in the May 2019 issue of North & South.