Report a scam

Report a scam to link) or 0508 638 723. They will direct you to the organisation best able to investigate or advise you on various types of scams or frauds.

How to spot and avoid identity theft and personal fraud, and what to do if your personal details have been stolen and used fraudulently.

Online activity puts you at risk

Personal fraud, including card fraud and identity theft, is rising with the increased use of:

  • online social media
  • devices with GPS capabilities such as smart phones that share details of our home and work addresses
  • online retail shopping, online banking and tap and go card payments
  • emails.

Identity theft

Identity theft is when your personal details are stolen for the scammers’ personal gain. Thieves can steal your personal information, credit or bank cards in a number of ways, including:

  • taking documents from mail boxes or going through your rubbish looking for phone or internet bills, insurance renewals, bank statements or similar documents
  • selling lists of people ('suckers lists') who have responded to scams previously
  • sending fake emails from seemingly genuine companies, randomly hoping to trick you into handing over personal information (phishing)
  • gaining unauthorised access to your information by exploiting security weaknesses on your computer, mobile device or network (hacking)
  • accessing your computer remotely through remote access scams
  • installing malware or virus software that allows them to access your files
  • creating fake online profiles on a social media or a dating site and sending you a friend request so they can start grooming you
  • skimming your credit card information when you are shopping.

Personal fraud

Personal fraud happens when scammers use your stolen identity to obtain products or services fraudulently or for their personal gain. It includes card fraud.

The first time you realise you have been a victim of personal fraud may be when you get:

  • a bill or invoice for something you haven’t ordered
  • letters from debt collectors for debts that aren’t yours
  • credit card purchases that aren’t yours on your statements.

Fraudsters can also use your identity details to:

  • open a bank account
  • obtain credit cards, loans and state benefits
  • take over your existing accounts
  • take out a mobile phone contract
  • obtain genuine documents such as passports and driving licences in your name.

How to stay safe

Checklist to avoid personal fraud

  • Secure your networks and devices with anti-virus software and install a good firewall.
  • Avoid using public computers or Wi-Fi hotspots to access or provide personal information.
  • If someone calls you out of the blue to say your computer has a virus, just hang up. You may need to run anti spyware software to clean your computer.
  • If in doubt, take your computer to a technician to be ‘cleaned’.
  • Limit how much personal information you share on social network sites. Scammers can use your information and pictures to create a fake identity or to target you with a scam.
  • Shred or destroy any documents containing personal information before disposing of them.
  • Don’t send credit card or online account details or copies of personal documents to anyone you don’t know or trust and never by email.
  • Re-direct your mail when moving house.
  • If you start to receive mail for someone you don't know at your address, find out why.
  • Regularly check your bank and credit card statements and chase up any that are not delivered when expected.
  • Check your credit record once a year.


Phishing is a form of online identity theft that is rising significantly. Scammers send emails, phone calls or texts that pretend to be from a trustworthy source to trick you into handing over personal information, such as your banking details, your IRD number and social media passwords. It can give them free reign on both your finances and your personal identity.

You’ll be given a believable excuse for needing them such as:

  • upgrading security
  • doing system maintenance
  • verifying your bank account details
  • protecting you from fraud
  • offering you a refund for a fee or a bill or a tax refund from Inland Revenue.

Hint: Banks and credit unions do sometimes contact people about suspicious activity, but they will never ask you for your PIN number or passwords.

A scammer may ask you to fill in an email form, or direct you to fill in a form on a website. The forms can look very convincing with the real logo and format used by that organisation. Website names may be similar to, but not the same as, the company's real website.

To minimise your risks of getting caught out by a phishing scam, you should:

  • always check the email address of the sender
  • avoid clicking on any links in the body of suspicious messages
  • type out the full bank website address when you bank online
  • not do online banking in public places with free Wi-Fi connections.

Card skimming

Scammers copy the electronic information from the magnetic strip of your credit or debit card at an ATM machine, or at a shop. It is particularly common overseas. Skimmers can be hidden in an existing legitimate card reader or a separate device that a salesperson will use to swipe the card a second time out of sight of the cardholder. Skimming can also be done wirelessly or using a thermal imaging device.

The other part of the skimming process is finding out your PIN, either by:

  • using a hidden camera
  • inserting a pressure sensitive pad beneath the keypad
  • using a careful pair of eyes.

Ways to minimise the risk of having your card skimmed include:

  • don’t let anyone walk away with your credit or debit card in a shop
  • cover the keypad with one hand you enter in your PIN at an ATM, restaurant, a shop or a bar and rest your fingers on random keys to scramble any heat signature
  • watch who might be around when you use your card
  • use cash for minor purchases
  • keep credit and debit card receipts and monitor your statements carefully.

Visit the CERT NZ website(external link) for more information.


Act quickly. Don’t ignore the problem – it might not be you that has ordered some products or services or opened an account, but the debt falls to your name and address. Get a copy of your credit report from a credit reference agency to check any reported unpaid debts.

Contact your bank or other companies involved

Identify fraudulent transactions as soon as possible. Inform the credit card companies, banks or other companies involved. They will have a policy in place to deal with fraud.

Read Resolve a problem to find out more.

Visit Netsafe’s website to find out more at How do I report bank phishing emails(external link)?

Report a scam

Report scams to link) or 0 508 638 723. They will direct you to the organisation best able to investigate or advise you on various types of scams, frauds and spam messages. This information may be used to compile data and publish scam alerts based on the most commonly reported scams.

Next steps

If you are unable to resolve your issue directly, our Resolve It tool has information to help you take the next steps. These may include going to the Disputes Tribunal or District Court.

Resolve it: Scams

Need more help?

Contact us for guidance.

Common situations

Remote access scam

You get a phone call from someone claiming to run an online service that fixes computer viruses. They claim your computer is being hacked or has a virus. They ask for remote access to fix the issue and your credit card details for the fee. Just hang up as this is a scam and don’t given them remote access to steal your details or infect your computer with malware.

IRD phishing scam

You receive an email from the IRD claiming you have an overdue tax refund. You are asked to update or confirm your IRD login details and tax number. IRD will never contact you by email about a refund, so don’t reply. Delete the email.

Social media phishing scam

Scammers will present a link to a familiar website that many unwitting people will wind up liking and sharing – say, a link to a news story. However, if you click the link, you’ll be taken to a fake version of the site where you’ll be prompted for your login information for Facebook or some other site. Cyber crooks then take your credentials and use them to hijack your accounts.