Skip to main content Skip to page navigation

Avoiding scams and fraud

The internet has created a new world of business opportunities — but also new risks. A hacker can cost your business in money and reputation. Here’s how you can avoid being a victim.

Protecting your business

Look hard at your IT systems, eg email, customer data and accounting. Ask if you’re making it easy for an unauthorised person — a hacker — to gain access.

Have a process

It’s easier to find and solve problems if you check your systems regularly. Steps you can take include:

  • If you have enough employees, assign one person to be a password holder for each of your systems, eg accounts and email. You’ll know straight away who to contact if you notice anything unusual.
  • Set times for tasks like depositing money and making payments — it’s easier to spot suspect transactions.
  • If you don’t have an in-house IT specialist working for you, think about paying someone to help you set up a security process.

Protect your computers

It’s vital to install security software to protect your computer from viruses and other malicious programs.

Update your software

Software providers release regular updates to guard against the latest hacks and bugs. They’re easy to ignore or put off, but it’s time well spent to keep your systems safe.

Call your bank straight away if you’ve sent credit card details or paid money to a suspicious trader.

Call your bank straight away if you’ve sent credit card details or paid money to a suspicious trader.

Banks never ask for passwords in person or by email — be wary if asked.

Banks never ask for passwords in person or by email — be wary if asked.

Scams and how to deal with them

Studies show 8/10 New Zealanders have had a cyber attack, eg email hack, computer virus or misuse of credit card details. Here are some of the main scams and tips on foiling them.

casestudy EmailScam

Email scam

What is it?

Hackers intercept business emails and send false invoices to clients asking for payment to be made to their own bank account.

How to stop it

  • Make sure your antivirus software is up to date.
  • Don’t ignore pop-up reminders of updates from your software provider(s).
  • Educate staff on how to spot risky links and websites — and why they shouldn’t click them. 

Reported scams (external link)  — Department of Internal Affairs
Protecting your business online (external link)  — Connect Smart

Never reply to a spam email or letter — even if it made you see red. It’s safer to report or delete it.

Never reply to a spam email or letter — even if it made you see red. It’s safer to report or delete it.

casestudy Ransomware


What is it?

This malware — software designed to harm other software — stops systems and computers working until a password is entered. You’ll get a ransom demanding payment, usually to an overseas account, in return for a password. Ransomware also infects smartphones, often through apps downloaded via social media.

What to do

  • If in doubt about an email or text, delete it. Don’t click on the links.
  • Make sure software systems are up to date, particularly antivirus and malware protection software.
  • Don’t open attachments you weren’t expecting or that come from sources you don’t know. 
  • Don’t download apps from sources you don’t know.
casestudy Phishing


What is it?

Scammers use emails and texts to get you to reveal PIN numbers and passwords for things like banking, Inland Revenue and social media — and to send false invoices.

How to stop it

  • Be sceptical — only enter passwords on websites you know are genuine.
  • Look for sites with a padlock or “https” in the URL if you’re doing secure business . 
  • Check the authenticity of emails you weren’t expecting or that promise something too good to be true. Scam email addresses will be different — though often similar — to genuine addresses. If in doubt, delete the email without opening it. 
  • If an email seemingly from your bank asks you to click a link to log into your account, don’t click it — open a browser window and type your bank’s web address in. If the URL is different in the email but the website looks like your bank’s, it’s a clone designed to catch people out. 
casestudy making contact

Cold call scam

What is it?

Someone calls you out of the blue, saying your computer has a virus or you need to upgrade software. They tell you to download software that will help and to buy their service to keep your machine safe. But there’s no virus or service, and the software hacks into your computer.

How to stop it

  • Do not click on links or type in any web address you’re asked to enter. 
  • Say you’ll ring the caller back. Ask for the name of the company and a phone number to call back on. If they’re reluctant to give it, hang up.
  • Banks and other companies will never ring you to ask you to download software or give your password. 

If you do get caught

  • Hang up the phone.
  • Immediately unplug your computer from the internet if you've downloaded the software.
  • Run your antivirus software.
  • Use another computer to change all your passwords.
  • Alert your bank — they might be able to get your money back.
Don’t use the same password for all your systems or staff.

Don’t use the same password for all your systems or staff.

Hackers will get access to ALL your information in one hit. And don’t use P-A-S-S-W-O-R-D or other easily guessed passwords.

casestudy InvoiceFraud

Invoice fraud

What is it?

This involves sending fake invoices to trick businesses into joining online directories or renewing intellectual property registrations. If you pay the first invoice, you’ll be invoiced for the fake listing until you spot the error.

How to stop it

  • Tell the company invoicing you — by email or in writing — you didn’t authorise what you’re being invoiced for and won’t pay. 
  • Talk to a lawyer if they threaten legal action. 
casestudy FundingScam

Funding scam

Many small businesses have been tricked into paying fees to find grants that either don’t exist or can be easily found on government websites.

Read more about scams (external link)  — Consumer Protection
Reported scams (external link)  — Department of Internal Affairs

For advice on government grants and other help for small businesses, see What can I get help with? .

casestudy InternalFraud

Internal fraud

Staff fraud is rare, but there are warning signs to watch for, including situations when an employee:

  • controls a financial process from start to finish — without being checked by people qualified to do so
  • has large debts and/or appears to be living beyond their means
  • has financial responsibilities and is reluctant to take annual leave.

If you’re suspicious, check it out

If you get an email you suspect is not from a reliable source, a little investigation can put your mind at rest.

  • Never assume a company is based in New Zealand because its website address ends “.nz”. You can check if a company is registered in this country on the Companies Office website (external link)
  • Check payment pages are secure. Look for the padlock symbol used on reputable websites, and make sure the URL begins with “https” — the “s” stands for secure. Only make payments if it’s a transaction you initiated.
  • Do an online search for the company’s name online and the word “scam”. You may find stories from people caught out by a similar scam.
  • Always check contact details, especially if it’s only a mobile number or an email. Do an online search on the company name to check if the contact details given match those on its website. This is because scammers sometimes pretend to be from legitimate companies or organisations. 
  • If you call and can’t get through, or it goes to an overseas call centre, it may be a scam.
Always report scams and warn everyone you do business with about them.

Always report scams and warn everyone you do business with about them.

Get advice on how to report scams at NetSafe’s website The Orb (external link) .

Has your business been the victim of an online scam in the past two years?

We want to understand the major challenges small businesses are facing. Your feedback will help us understand whether our site is delivering the sorts of information you need to succeed.