16jun stay vigilant hero

Opinion: Stay vigilant online

Phishing attacks are increasing and New Zealanders are seen as easy targets by scammers. We have lots of advice for keeping safe online, but as users learn what to avoid, the scammers move on to new and slightly more sophisticated schemes. No one should be falling for the Nigerian prince scam any more.

Join us now to unlock this content

Unlock all of Consumer from just $12 a month

  • Heaps of buying advice so you can choose with confidence
  • Independent reviews of thousands of products and services
  • Personal advice an email or phone call away on our advice line (members only)
Log in

Let’s go over the basics and then we can talk about strategies to beat the new scams.

  • Make your passwords strong, include numbers and punctuation, and don’t repeat them on different sites.
  • If you have trouble remembering your passwords, use a password manager program.
  • Turn on two-factor authentication (2FA) whenever you can.
  • Don’t blindly click on links in your email, see where they go first.
  • Don’t open email attachments from unknown sources.

If you follow these steps, you’ll avoid most scams. But there are other things you need to look out for.

The number one rule to remember is: Companies will NEVER contact you asking for your information!

Sorry to be so blunt, but it’s this detail scammers exploit more than any other. Obviously they’ll contact you to send you information, but they’ll never ask you for personal information. The “tech support” scam, where you receive a phone call from someone claiming to be from Microsoft (usually), is a good example. Microsoft will never call you, Google will never ask for your login details, and your bank will never email you to say there’s an issue with your account and that you need to log in.

Mark Shaw, Symantec information security technology strategist, said in a visit to New Zealand this year we are among the most targeted countries. We are in the top four for the tech support scam and suffer 108 ransomware attacks every day.

Ransomware is a program that installs itself on your system and encrypts everything it can, essentially locking you out of your computer. The scammers contact you asking for payment to unlock it. But the ransomware only gets installed if you click on a link or open an attachment without checking it. Scarily, businesses, especially healthcare facilities, are being targeted by the ransomware scammers because they are more likely to pay than individuals, so remember to be careful with your work emails too.

Even the added security of 2FA is at risk from scammers. The most common form of 2FA sends you a text message when you log-in to a site. Intelligent scammers are using this system to get into unsuspecting users’ Gmail accounts.

How the Gmail scam works

Graphic: Symantec

As you can see, it still plays on the idea the company will contact you out of the blue. Remember, they never will. I know I’m repeating myself but it’s very important. If you get a message like this and are worried it might be true, never follow the link in the email, go to the site directly in your browser.

Stay safe!

by Hadyn Green