Online scammers are getting clever at finding ways to phish for your cash. Kirstin Mills looks at just some of their methods.

In the old days (you know, maybe 10 years ago), it was easy to spot an email scam.

You knew emails saying you had several million dollars waiting for you in Nigeria if you could just send $1000 were dodgy.

But scammers have got increasingly cunning. They now email you pretending they are from the likes of Netflix, iTunes or your bank. Their emails include a call to action. Your Netflix account has been suspended and you need to click on a link to enter your credit card details to verify your account.

Or you have apparently subscribed to an expensive app and iTunes tells you that if there has been a mistake you can just click on this helpful link and provide your details.

The fake bank might send you to a link that looks exactly like your bank’s website and request that you log in.

These are phishing scams and they are designed to get you to reveal financial information, user names and passwords. It is sad how many people are getting fleeced.

According to the New Zealand Police, up to 5% of people respond to phishers. That is because, to the uninitiated, the emails look legitimate. This is especially the case for people who are already bamboozled by technology and might not find it odd for companies to email and ask for private information.

So how do you spot an email phishing scam?

In less-sophisticated phishing attempts, poor spelling and grammar is a dead giveaway. Capitals are random, words that should be singular are plural, sentence structure is odd, and letters are replaced with numbers to beat spam filters (0 for O or 3 for E).

The sender will have disguised their address but mouse over it on a computer (or right click on it) or tap on it on a mobile device and you will see the underlying address. Often it will obviously be wrong and other times it might be subtle – I received one recently saying it was from “” when the IRD is

The email uses email address rather than your name or has a generic greeting (your bank is not going to start an email “Dear Client”).


Use the “junk email” or “block sender” function of your email or just delete the email. Do not reply – it confirms your email address is working and you may get even more spam.

Do not click on website links or open attachments unless you are certain the email is legitimate. Hovering your mouse over any link will reveal the full website address so you can see if it is authentic, but the best idea is to manually log in to your bank or IRD (or whoever the email purports to be from) and see if there is a message. Report it to your internet service provider – it will have an email to do this. (Screenshot or photograph the email; do not forward it because it may be blocked by their anti-spam software.)

If you know someone who might be vulnerable, make sure you educate them. Ask them to contact you if they are uncertain about an email. Make they also know to be careful in general – some scammers cold call or even come to the door rather than email.

Netsafe and the New Zealand Police have long lists of the many scams people might be exposed to. These include:

  • Cold-calling scams
  • Event-ticket scams
  • Fake invoices
  • Get rich quick schemes
  • Government-grant scams
  • Investment scams
  • Online auction scams
  • PC-technology scams
  • Prize notifications
  • Receiving unsolicited goods
  • Romance scams
  • Unwanted subscriptions and trials
  • Webcam blackmail and sextortion