Scam types

Scammers often promise high, guaranteed returns with little to no risk - but if an investment sounds too good to be true, it probably is. Fraudsters may target victims with fake investment opportunities, especially in cryptocurrency, share trading, or overseas property.

Indicators

Guaranteed high returns

Legitimate investments carry risks, and profits are never assured.

Pressure to act quickly

Scammers create urgency to prevent research or second thoughts.

Unregulated companies

Always check if the investment firm is regulated by the Financial Markets Authority (FMA).

Requests for upfront fees

Scammers may ask for payments before allowing access to supposed profits.

Lack of transparency

Difficulty finding company details, vague terms, or reluctance to provide documentation.

Security tips

• Verify legitimacy - visit the company’s website directly and confirm available rates.
• Get a second opinion or advice from a registered financial advisor who can help you spot any red flags.
• Check the financial services providers register online on the New Zealand Companies Register to see whether the company is registered in New Zealand to provide financial services.
• Treat investment approaches with caution. Something that looks too good to be true most likely is.
• Check the Financial Markets Authority (FMA) website for known investment scams.
• If you think you may have already been scammed, stop all contact, do not send any more money and contact your bank immediately.

Crypto scams are fraudulent schemes where scammers trick people into investing in fake or misleading cryptocurrency opportunities. These scams often promise high returns with little or no risk and may involve fake trading platforms, impersonation of legitimate companies, or pressure to send money overseas.

In New Zealand, crypto scams are on the rise, often promoted through social media, online ads, or even dating platforms. Once money is sent—especially to offshore wallets—it is extremely difficult to recover.

Indicators

• Unsolicited investment offers, especially through social media or messaging apps.
• Promises of guaranteed or high returns with little or no risk.
• Pressure to act quickly or secrecy around the opportunity.
• Requests to pay in cryptocurrency or to transfer funds to unfamiliar wallets.
• Fake websites or apps that mimic legitimate crypto platforms.
• Claims of celebrity endorsements or fake testimonials.
• Being asked to recruit others to earn more—this is often a sign of a pyramid scheme.

Security tips

Do your research:
Check if the company is registered in New Zealand and listed on the FMA’s scam warning list.

Be sceptical of cold contact

Legitimate investment opportunities don’t come out of the blue.

Never share your crypto wallet keys or passwords

These give full access to your funds.

Avoid sending money overseas

It’s nearly impossible to recover once it’s gone.

Use strong password

Use strong, unique passwords and enable two-factor authentication on all accounts.

Talk to someone you trust

Get a second opinion before investing.

Report suspicious activity

Contact your bank and report the scam to CERT NZ or Consumer Protection.

An account takeover is when a fraudster gains unauthorised access to your online accounts. They do this by pretending to be you, using information they've stolen to log in and take control of your accounts or open new accounts in your name.

Indicators

Fraudsters use various methods to get hold of your login details. This often includes:

Phishing scams

Sending fake emails or texts that look like they're from a legitimate source (like us!) asking you to click a link and enter your banking information.

Malware

Tricking you into downloading malicious software that can secretly record your keystrokes or steal your data.

Data breaches

Obtaining your information from breaches at other organisations where you might have used the same passwords.

Weak passwords

Guessing easy-to-crack passwords or those that haven't been changed in a while.

This occurs when someone obtains and uses your personal information without your permission to commit fraud. Be careful about sharing personal information online; shred sensitive documents and delete identity documents from sent emails. Always use a password manager and turn on MFA where available. Never take photos of passwords or recovery keys or use the same password on multiple apps or devices.

What kind of information are we talking about?

Identity thieves are after details like your:

• Name and date of birth
• Driver licence number
• Passport details
• Bank account numbers
• Credit card details
• IRD number
• Addresses (current and previous)
• Login credentials (usernames and passwords)

Indicators

Unfortunately, there are many ways identity thieves can get hold of your information. Some common methods include:

Phishing scams

These are often fake emails, texts, or phone calls pretending to be from legitimate organisations (like banks, government agencies, or well-known companies) designed to trick you into revealing your personal details.

Data breaches

Sometimes, organisations you deal with experience security breaches, leading to your data being compromised.

Malware and viruses

Unsafe downloads or clicking on suspicious links can install malicious software on your devices, allowing criminals to steal your information.

Physical theft

Stealing mail, wallets, or even rummaging through rubbish bins can provide thieves with valuable personal documents.

Public Wi-Fi

Using unsecure public Wi-Fi networks can make your information vulnerable.

What are the consequences?

If your identity is stolen, the thieves might use your information to:

• Open new bank accounts or credit cards in your name.
• Apply for loans or mortgages.
• Make fraudulent purchases.
• Access your existing accounts.
• Commit other crimes, leaving you to deal with the fallout.

This can lead to significant financial loss, damage to your credit rating, and a lot of stress and hassle as you work to clear your name and recover your identity.

Online romance scams are common, where scammers prey on trust, emotion, and vulnerability. Scammers take advantage of people looking for a romantic partner, often via dating websites, apps or social media. Scammers create fake profiles to build an emotional connection, usually expressing strong emotions for you over a relatively short period of time. Once they have gained your trust, they fabricate an emergency or hardship and ask for money or your personal data.

Indicators

• Be cautious of unsolicited friend requests from strangers via email, social media, dating sites, or apps.
• Scammers often avoid video calls where their face is visible.
• They may spend months building trust and quickly express love or intimate feelings.
• Initial requests for small amounts of money may escalate to larger sums over time.
• They often create a false sense of urgency, citing:
  • Family or business problems
  • Need for air tickets or bill payments
  • Medical emergencies for themselves or family members
  • Escaping dangerous situations
• Avoid oversharing personal information, especially family details, passwords, or bank account numbers.
• Speak to someone you trust—friends, family, or your bank—before sending any money.

Security tips

• If you suspect a romance scam, stop communication immediately.
• Experiencing a romance scam can be distressing, don't feel embarrassed - reach out for advice.
• Contact your bank right away.
• Report it to the police.
• For free advice contact organisations such as Netsafe, Consumer Protection, Age Concern and ID Care.

Phishing scams are designed to trick you into revealing personal or financial information. Scammers use deceptive emails, texts, and phone calls to impersonate legitimate businesses, hoping to steal your sensitive data.

Indicators

Unsolicited calls, emails, or texts

Asking for bank details, passwords, or personal identification. Don’t be afraid to say NO. If you receive a call and are unsure about who you are talking to, hang up and call the business/person back on their registered number.

Urgent requests

Scammers claim there is an issue with your account and pressure you to act quickly.

Links in emails

Never click them! Visit the official website directly instead.

Follow-up scams

If you engage with a scammer, they may try a different method to gain more information. For example, clicking a suspicious link may lead to a fraudulent phone call pretending to be your bank.

Security tips

• Do not share sensitive information over calls, emails, or texts.
• Ask for the caller’s name and verify contacts by calling official numbers from the organisation’s website.
• Report phishing attempts to your email provider and CERT NZ.

Online marketplaces can be convenient, but they also attract scammers looking to exploit buyers and sellers. Stay vigilant to avoid falling victim to fraud. Stick to websites you trust, and check they have valid contact details and payment systems.

Indicators

Deals that seem too good to be true

If a price is suspiciously low, it may be a scam.

Requests for payment outside the platform

Scammers often push for direct transfers, making refunds or disputes difficult.

Fake or non-existent goods

Some scammers list items they don’t own, taking payment but never delivering the product.

Receiving faulty or counterfeit items

Always inspect purchases carefully upon arrival.

Buyers cancelling payments

If selling an item, never ship it until funds are confirmed in your account, as buyers may cancel the transfer after receiving the goods.

Security tips

• Only use secure payment methods provided by the platform.
• Always pay attention to your Confirmation of Payee match.
• Verify seller/buyer profiles and reviews before engaging.
• If something feels off, trust your instincts and ‘walk away’.
• Report suspicious listings or transactions to the marketplace.

‘Hi Mum’ scams are a type of text message scam where fraudsters pretend to be a family member—usually a child or grandchild —who claims to have lost or damaged their phone. The message typically starts with something like “Hi Mum, I’ve got a new number” and quickly moves to a request for money to replace a phone or deal with an emergency.

These scams are emotionally manipulative and designed to create urgency, making victims feel they need to help a loved one quickly. Once trust is gained, the scammer will ask for money or personal banking details.

Indicators

• A message from an unknown number claiming to be your child or another close family member.
• A story about a lost or broken phone, followed by a request to save the new number.
• A request for money, often to buy a new phone or pay an urgent bill.
• Pressure to act quickly, with excuses for why they can’t talk or verify their identity.
• Poor grammar or unusual phrasing, which may indicate the message isn’t genuine.

Security tips

• Contact your family member using their known number or another trusted method before responding.
• Pre-agree a family safe word for use in an emergency situation.
• Never transfer funds or share banking details without confirming the request is legitimate.
• Don’t automatically trust messages from unfamiliar numbers, even if they seem personal.
• Forward scam texts to 7726 (free text service run by the Department of Internal Affairs).
• Contact us immediately if you’ve sent money or shared sensitive information.
• Report the scam to CERT NZ for further support and to help protect others.

Scammers pretend to be from legitimate organisations, such as banks, government agencies (e.g., IRD, Police), or well-known companies, to trick you into giving them money or personal information. They may use convincing caller IDs or official-looking emails. They often create urgency and ask you to transfer funds to keep your money safe.

Security tips

Staying vigilant is key to protecting yourself from these scams. Here are some important steps to take:

Unexpected contact and urgent requests

If someone calls you out of the blue and pressures you to take immediate action, be suspicious. If you're unsure, hang up straight away and call us on our publicly listed number.

Unsolicited messages

Any unknown text, email, or message could be a scam. If you're unsure, never click on links or engage with the sender. It's best to simply delete the message.

Sharing of personal/security details

We will never ask for your banking passwords, PINs, two-factor authentication codes or request remote access to your devices.

Access to your personal device

Don't let anyone convince you to download software or remotely access your device. These are significant red flags.

Internet Banking

Always type our full website address directly into your browser (e.g., www.heartland.co.nz) instead of clicking on links from emails or other messages.

Contact us immediately if you’ve sent money or shared sensitive information.

Email hack scams occur when a scammer gains access to someone’s email account—either yours or someone you know—and uses it to commit fraud. Once inside, they may monitor conversations, impersonate the account holder, or send fake invoices and payment requests that appear legitimate.

These scams can often come from a trusted contact’s real email address, making them harder to detect. In New Zealand, these are often linked to business email compromise (BEC) or invoice scams, which have led to millions in financial losses.

Indicators

• Unexpected payment requests from a known contact, especially if the bank account details have changed.
• Emails with unusual tone or grammar, even if they come from a familiar address.
• Urgent or secretive language, such as “Please don’t call me, I’m in a meeting” or “This is very urgent.”
• Requests to click on suspicious links or download attachments.
• Inconsistencies in email addresses, such as slight misspellings or domain changes (e.g., @company.co.nz vs. @company.com).

Security tips

Verify payment requests

Always confirm changes to bank account details by calling the sender using a known phone number.

Always

Check the match results from Confirmation of Payee.

Use strong, unique passwords

Avoid reusing passwords across accounts.

Enable multi-factor authentication (MFA) if available

This adds an extra layer of security to your email and banking accounts.

Be cautious with links and attachments

Don’t click unless you’re sure the message is legitimate.

Check email headers

Look closely at the sender’s full email address, not just the display name.

Keep your software up to date

Regular updates help protect against known vulnerabilities.

Report suspicious activity

If you think your email has been compromised, change your password immediately and notify your bank. You can also report the incident to CERT NZ.

Be cautious if you are expecting an invoice to come through for payment, businesses can be targeted whereby scammers intercept invoices and change the banking details, leading to payments being sent to fraudulent bank accounts.

Security tips

• Always verify payment details directly with the business/contact person on a known or publicly listed number to confirm they sent the invoice and that the bank details are correct prior to making any payments.
• Ensure your staff are trained to recognise potential red flags.
• Maintain robust cyber security by keeping your devices updated, regularly backing up your data, using strong passwords, enabling two-factor authentication, and protecting against viruses and malware.

These target previous scam victims, promising to recover lost money for an upfront fee. These scams are a form of advance-fee fraud where scammers impersonate law enforcement, financial institutions, or recovery agencies, often requesting taxes or transaction fees before you can receive your "recovered" funds. They will tell you that you need to pay a fee to process the recovery, such as for taxes, transaction costs, or administrative charges. Once you pay the fee, the scammer takes the money and disappears, and you will likely never hear from them again.

Indicators

Unsolicited contact

They'll often reach out to you directly, perhaps through a phone call, email, or even social media, claiming they've heard about your unfortunate experience.

Claim authority

Often claim to be working for a financial institution, government agency e.g. NZ Police that has recovered funds from a criminal fraud ring.

Promises of recovery

They'll tell you they have a "guaranteed" way to get your money back, often boasting about high success rates.

Upfront fees

This is the big red flag. They'll ask for an upfront fee for their "services." This fee might be called an administrative charge, a tax, a legal fee, or something similar. They'll tell you it's a necessary step to release your funds.

No real help

Once you pay the fee, they'll usually disappear with your money. You'll never see your original lost funds, or the "recovery fee," again. They might also try to get your sensitive personal or banking information, which they can then use for further fraud.

Fake professionalism

They often create professional-looking websites, use official-sounding language, and may even provide fake testimonials to appear legitimate.

Security tips

• Stop all contact immediately and cease all communication with the scammer.
• Do not send any money or cryptocurrency, even to cover "fees".
• Report the scam to the police immediately, as suggested by NZ Consumer Protection.
• Contact us immediately if you’ve sent money or shared sensitive information.
• Do not provide any personal information to the scammer.

Elder abuse is a serious issue that can take many forms, including financial exploitation. Older adults may fall victim to scams, fraud, or manipulation—often by someone in a position of trust, such as a caregiver, family member, or close acquaintance.

What is elder abuse?

Elder abuse is any act that causes harm to an older person, carried out by someone they know and trust. It's often not a one-off event but can be a pattern of behaviour. It can happen to anyone, regardless of their background, and often goes unreported.

It's important to understand that elder abuse isn't always physical. It can take many forms, including:

Financial abuse

This is particularly relevant to us as a bank. It involves the illegal or improper use of an older person’s money, property, or assets. This could be anything from someone pressuring an older person to change their will, misusing their eftpos card, or even outright stealing their funds. It's a growing concern and something we are vigilant about.

Psychological or emotional abuse

This involves words or actions that cause an older person distress, fear, or loss of self-worth. Examples include intimidation, threats, humiliation, or isolating them from friends and family.

Physical abuse

This is when an older person experiences physical pain, injury, or discomfort. It can include hitting, pushing, slapping, or rough handling.

Neglect

This is the failure to provide for an older person's basic needs, such as food, clothing, shelter, medication, or personal care. It can be intentional or unintentional.

Indicators

While not always obvious, there are often signs that something isn't right. These might include:

Sudden changes in financial behaviour

Unexplained withdrawals, new joint accounts, or changes to wills or powers of attorney.

Unusual isolation

An older person suddenly withdrawing from social activities or being prevented from seeing friends and family.

Changes in mood or behaviour

Appearing withdrawn, fearful, anxious, or depressed.

Physical signs

Unexplained bruises, cuts, or other injuries.

Neglect

Poor hygiene, unexplained weight loss, or inadequate living conditions.

Someone speaking for the older person

Someone always accompanying the older person and answering questions on their behalf.

Security tips

If you are concerned about an older person, or if you are experiencing abuse yourself, please know that help is available.

• If you believe an older person is in immediate danger, call 111.
• For confidential advice and support, you can contact Age Concern New Zealand's Elder Abuse Response Service on 0800 EA NOT OK (0800 326 6865). They offer a free, confidential service to anyone who suspects or is experiencing elder abuse.
• If you have concerns about financial transactions related to your account or someone else's account at Heartland Bank please don't hesitate to speak with one of our team members. We are here to listen and provide assistance discreetly and professionally.

We can help protect older New Zealanders and ensure they continue to thrive as valued members of our society.

In a scam, often the person you have sent your funds to is also a victim of a scam or fraud. They receive the funds and move them on, believing they have been “employed” to make such payments, or they transfer funds for a person they are, or believe they are, in a relationship with. This aids the end scammer to have the funds layered through different accounts before reaching them, so they are harder to trace.

How do people become mules?

Criminals are clever and will use various tactics to recruit mules. Here are some common scenarios:

Online scams

This is a big one. You might be offered a "job" working from home, a "business opportunity" with high returns, or even a "romance" online. These offers often involve receiving money and then forwarding it on, with the promise of a commission or payment for your troubles.

Social media

Be wary of direct messages or friend requests from strangers offering quick cash or investment opportunities that seem too good to be true.

Legitimate-looking emails/texts

Scammers can create very convincing emails or text messages that appear to be from legitimate organisations or people.

Why is this a problem?

While mules often don't realise they're involved in criminal activity, the consequences can be serious:

Legal trouble

If you're caught acting as a mule, even unknowingly, you could face serious legal consequences given New Zealand’s laws relating to money laundering.

Your bank account frozen/closed

Banks are on the lookout for suspicious activity. If your account is used, or appears to be used, for money laundering, it will likely be frozen or closed, making it difficult to manage your finances.

Damage to your reputation

Being associated with criminal activity can have long-lasting negative impacts on your personal and financial reputation.

Security tips

Be suspicious of unsolicited offers

If someone you don't know offers you money or a job that seems too easy or too good to be true, it probably is.

Never share your banking details

Don't give your bank account details to anyone you don't fully trust, especially if they're asking you to receive and then forward money.

Question "Work From Home" or "Investment" opportunities

Be very cautious of online offers that promise high returns for minimal effort, especially if they involve transferring money.

Know who you're dealing with

If you're interacting with someone online, take the time to verify their identity and legitimacy. Do your research!

Trust your gut

If something feels off, it probably is. Don't let yourself be pressured into doing something you're uncomfortable with.

Technology is now being used to create realistic fake audio or video of individuals. Scammers may use these "deep fakes" to impersonate a trusted person (like a family member or colleague) to steal money or information.

Security tips

Your awareness is your best defence. Here are a few things to keep in mind:

Trust your instincts

If something feels "off" or too good to be true, it probably is.

Verify information through official channels

If you receive an unexpected request for money or personal information, especially if it seems urgent, always check directly with the person or organisation through a known, trusted contact method (not by replying to the suspicious message or using a contact detail provided in it).

Be wary of urgency

Scammers often try to rush you into making decisions. Legitimate organisations will rarely pressure you to act immediately.

Examine details carefully

Look for subtle inconsistencies in videos or audio – things like unnatural movements, strange pauses, or robotic-sounding speech.

Protect your personal information online

Be mindful of what you share publicly, as scammers can use this information to create more convincing deepfakes.

Report suspicious activity

If you suspect you've encountered a deepfake scam, please contact us immediately and report it to CERT NZ.