TCF Logo

Recent Alerts - Advisory

DIA warns scammers over 'toll scam 06.06.23

The Department of Internal Affairs is working closely with mobile network operators, police and other agencies to investigate and catch those responsible for the 'NZTA toll' phishing scam circulating since late 2022.


The penalties are severe and with those involved causing harm to their communities, the message is "Stop what you’re doing and hand yourself in".  Report suspected scammers by contacting or contact Crime Stoppers anonymously on 0800 555 111.


Read the full press release here.


Whatsapp Voicemail Scams 


Some of our members have noted an increase in attempts by international hackers to gain access to customer voicemail accounts, which could be used to access apps like Whatsapp. The scammers may then use the messaging app with the intent of legitimising scam messages sent from abroad.


Learn more about how to stay safe online with more info on common types of scams and fraud here



Credit Card Scam Text Message Phishing Campaign 10.03.23

New Zealanders are being targeted in a text message phishing campaign. The messages claim to be from various organisations, including NZTA, Apple, Uber, postal services and many others. The messages will claim the recipient has unpaid tolls or fees or otherwise needs to pay a small sum. They also contain a link that looks like a shortened URL.


Scammers change the language of these messages often, so be aware that they may change from the description above. 


Read the full advisory


FluBot malware Infecting Android Phones 04.10.21

A malicious app is being spread through text messages on Android phones and is currently affecting New Zealanders. The text messages vary. What we have seen so far are regarding: parcel delivery pending or been missed, with a link to a delivery service website, or that photos are being uploaded, or voicemail link. 

If you have received the texts this does not mean your device has installed the malware.


Do not click on the link. If you do, it will ask you to install the application for the delivery service, which is actually a malicious app. The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself. Once a device has been infected with this malicious app it can result in significant financial loss.


What to do? Forward the txt to DIA’s anti-spam number 7726

Read the full advisory



Know how to better protect yourself and your family online

Being online is part of our daily lives as we work, bank, shop and stay connected with friends and family. Connectivity is making our lives easier, but there are risks. Protecting yourself online is simple, so don't wait until you become the victim of cyber crime.

Protect yourself from Scams

Scammers may contact you by email, text, or phone, posing as legitimate businesses. They often imitate businesses you trust and use regularly, such as your bank, internet or telecommunications provider.  This scam is sometimes called “phishing”. Whichever approach is used, the scammer’s goal is the same – to obtain your personal information and commit fraud against you.

Phishing emails often use the same branding, logos, and format of communication as one of your trusted providers. A phishing email might state there is a problem with your bank account, such as a security breach, and ask you to click on a link to provide your personal details, which can later be used to commit identity fraud, or steal money from your bank account. A common approach used by text scammers is sending out customer surveys that offer a prize for participating, in order to obtain your personal information to commit fraud at a later date.


Stop and think. Is this for real?

If you receive a suspicious call, email or text: Stop and think. Is this for real?

Never click on the links or attachments in emails and text messages that ask you to login or verify your password. They could easily be phishing messages sent by scammers. Instead, go to the legitimate website and log in from there.

A telecommunications company would never call a customer out of the blue and request remote access to their device/s. If this happens to you, it is a scam, and the best action you can take is to hang up.


Top Tips for staying safe online:

Improve your security with these tips:

Password protect all your devices. Use strong alpha-numeric passwords and include upper and lower case letters. It’s a good idea to use a password manager to create unique passphrases.

  • Change your passwords regularly and use different passwords for each online account
  • Use two-factor authentication (2FA) or multi-factor authentication (MFA) where possible (see below for further detail).
  • Set up a PIN for your voice mail.
  • Secure your computer and devices with firewalls, anti-virus software and up to date operating software.
  • Only use secure WiFi connections.
  • Protect your WiFi with a strong password and encryption settings.
  • Keep your devices and apps up to date.
  • Be aware of scams and don't click on unexpected attachments or links you don't recognise.
  • Limit the amount of identity information you post online.
  • Check your privacy settings for social media accounts.
  • Regularly back up your data.

Where to report scams

You should report phone and text scams directly to your telecommunications provider.

Online scams (and spam) can be reported to various Government organisations or individual telecommunication providers depending on the type of scam it is. Check out the customer protection website to take action and report scam to the right place.

All scams should also be reported to Netsafe, regardless as to whether it was an internet, phone or other type of scam, and regardless of whether or not you were tricked by the scam. Report a scam to Netsafe here

Where to report spam

The Department of Internal Affairs is responsible for investigating complaints about unsolicited commercial electronic messages, either via txt or email, commonly referred to as spam.

Report email spam

Report TXT spam


About 2FA and MFA

2FA or MFA (2 factor or multi-factor authentication) is when along with having to enter your password to access a secure website, you are also required to take a second step to confirm your identity.

Often this second step involves sending a code via SMS text message to your mobile phone for you to enter into the website. Many websites are now offering alternative means for this second step authentication, such as getting you to install a special authentication app on your phone.  Where possible, try to use the app method and avoid relying on an SMS text message or a phone call for this second step authentication.

More information

For more tips on protecting yourself online, check out the website of your telecommunications provider or visit:


Looking for something else?

Mobile phone security tips

Keep your mobile phone safe and secure with these tips.

Find out more

Last Modified On Wednesday, 7 June 2023