A simple road toll text scam is taking a massive toll on unsuspecting victims, with some people losing their life savings.
Department of Internal Affairs deputy director of operations John Michael says the scam is "really widespread" and concerning.
He told Checkpoint as of today, from 1 November 2022 there had been 140,000 complaints - a number most likely under reported.
So how does the scam work?
The message would look like it came from legitimate agencies like Waka Kotahi, NZ Post, Inland Revenue or a bank and was often sent by a number with either a 64 or 61 prefix at the beginning - country codes from New Zealand and Australia.
It would encourage you to click on a link and pay a bill or toll, sometimes to collect a cash prize.
Michael said by clicking on the link sent to you, you would generally be taken to a bogus website or malicious software would be installed on to your device, giving the scammer access to your personal information and banking details.
Where do the scammers get the phone numbers?
"We... see data breaches where New Zealanders have their private information exposed, that can then be sold or posted on websites and there've been previous malware, software campaigns that have come through New Zealand where if you click on the link that then allows the malware to access all your contacts list and send further messages out."
"Many of the people that are targeted are vulnerable members of the community," Michael said.
The scams were coming from a mixture of New Zealand mobile numbers and Australian numbers.
"We think more than likely it's someone here in New Zealand that's using a New Zealand sim card."
The offenders were victimising their fellow New Zealanders, he said.
"We think more than likely it's someone here in New Zealand that's using a New Zealand sim card" - Department of Internal Affairs deputy director of operations John Michael
When a sim card was detected as being involved in a scam, it was blocked by the telco, but this was somewhat like whack a mole, Michael said, and people need to know what to look out for.
"I know we live in a digital age, we're bombarded with digital information on our mobile devices, and the first thing we do when we hear a beep is we look at our phone to see what's the message we've got. What we're trying to say is, just don't click on the link.
"If it looks suspicious, then call NZ Post, IRD, whoever it is that's purporting to send that message and check with them."
Watching out for scam messages - advice from Internal Affairs
- Remember - not all messages will look the same, as scammers change their wording over time
- Do not engage with or click any links before you know a message is genuine
- To check if a message is genuine, check directly with the people it came from. Go to the organisation's website or check your online account directly
- Scam messages commonly contain bad or irregular spelling and grammar. Use this as your first sign that this could be a scam
- Never provide any card or personal details if you do click a bad link
- If you have paid money already, speak to your bank as soon as possible and let them know what's happened
- It can be harder for people that don not frequently use their phone to recognise a scam, such as the elderly or vulnerable. Check in with your whānau to help them learn how to avoid falling victim to an SMS scam
- Head to the Internal Affairs website for a step-by-step guide of how to report spam: How to report SMS spam