Certnz Advisory
There has been an increase in phishing scams using text messages, phone calls, and emails to target New Zealanders. In some cases, these scams ask you to install remote access software to access further personal or financial information and send text messages using your device.
The messages claim to be from various organisations, like your bank, Inland Revenue, NZTA, postal services, computer security software and others.
The messages often claim an unusual payment was detected, tax refunds are available, you have unpaid tolls or fees requiring payment. They will contain a link to visit or a phone number to call.
The language of these messages can change, so be aware they may be different.
What to look for and how to tell if you’re at risk
If you receive an unsolicited text message that contains a link or a phone number to call. It may also claim you owe a payment, or that an unusual payment was detected.
Just receiving the text message does not mean you are at risk, however, if you click the link or call the phone number, then your risk increases.
How to tell if you’re affected
If you have provided your credit card details, personal information, downloaded software or installed apps after following instructions in the message.
What to do and Prevention
Do not click the link in the text message or call the number provided in the message.
If you’re unsure about a text message you receive, go to the organisation’s website directly or contact the organisation by using the number provided on their website.
Don’t install applications from unknown sources.
You can forward the message free-of-charge to 7726. This is a service run by the Department of Internal Affairs. They will reply and ask for the phone number that sent it. Once this is done, you can delete the message.
Mitigation
If you have paid money or installed an application at their request, contact your bank immediately.
These applications may provide remote access or send text messages on your behalf.
CERT NZ recommends you:
- uninstall the application,
- change your passwords,
- use two factor authentication where possible.
If you have an Android mobile device, in your settings you can disable the ability to “install unknown apps”.