Published on the 23/02/2023 | Written by Heather Wright
Kiwis conned out of millions in two weeks…
A scam using Google Ads’ targeting abilities has conned people out of millions of dollars and prompted a warning from New Zealand’s Computer Emergency Response Team (Cert).
The scam – which Cert NZ has dubbed a ‘major’ investment scam – uses Google Ads, which use personalisation data and keywords to present ‘personalised’, or programmatic, ads, to target potential investors searching for terms such as ‘term deposit comparison nz’. They’re then shown an ad from a malicious site, claiming to offer advice on investment, with the site harvesting details about the individual.
“The scammers are using sophisticated social engineering tactics alongside convincing fakes.”
Jordan Heersping, Cert NZ manager of threat and incident response, says the scammers are using sophisticated social engineering tactics alongside some convincing fakes.
Once details have been harvested the scammers call the targets claiming to be from the investment team at a New Zealand-based financial institution and send a fake investment prospectus. Follow-up phone calls and emails include fake contracts and instructions on how to send money.
Heersping says a fake investment website has even been provided in some cases to enable victims to ‘check’ their investments.
“These fake sites even require a login before showing a balance specific to the target, giving people a false sense of security and potentially sending more money to the scammers,” he says.
None of the websites or email address used by the scammers are official bank sites.
Last year Google expanded a verification process, already used in Britain, to other markets including Australia – but not New Zealand – in an effort to crack down on scam investment ads.
From September 2022, in order to show financial services ads in Australia companies need to be verified by Google, with the verification process including obtaining third-party verification through its external compliance partner, G2, by proving they were licensed by the Australian Securities and Investments Commission.
The financial services verification requirement first launched in the United Kingdom in late 2021 and has reportedly led to a noticeable decline in ads promoting scam services. It’s also used in Singapore and Taiwan.
According to Scamwatch, Australian’s lost more than $53 million to scams in January 2023 alone, with investment scams far and away the leading cause accounting for around $35 million. According to Netsafe, Kiwis lost a record $35 million to scams in 2022.
Australia’s Financial Services Council has previously called for platforms such as Google and Facebook be subject to an industry code of conduct, which it believes should impose a duty on digital platforms to only allow paid-for advertisements from financial services providers authorised by ASIC – essentially echoing the Google financial services verification now in play in Australia.
It says reputable Australian investment funds have had their brands cloned with scammers purporting to offer financial products under their brands and targeting people via social media advertisements, paid search engine results and via messenger applications.
Cert NZ, meanwhile, is advising Kiwis to stay vigilant.
“It always pays to check directly with you bank before investing and double-checking that offers are real. Doing due diligence on an investment site is important.”
The Financial Markets Authority page provides a useful starting point for choosing an advisor, Cert says.
Anyone who suspects they’ve been caught up in the scam should immediately contact their bank, with banks aware of the scam and fraud teams on alert to assist, Heersping says. He’s urging anyone who has seen or interacted with the malicious sites to also report them to Cert so they can get them taken down.