Scams are a constant threat today, whether it is via phone, internet or other means, and experts are warning to stay vigilant over Christmas. 

It comes as the country comes under increasing cyberattacks, with criminals looking to mine personal data for malicious use. 

Central Otago’s Andy Dougherty, who runs Calm Computing, says scams are nasty and too many to mention, and offers a few with some solid hints to help.

“If it comes in a phone call, it is unlikely to be real,” Andy says. “No real company has people doing ring arounds, easier and cheaper to utilize automated systems, so if it is a phone call, hang up. 

“Email parcel scam is a favorite during holiday periods. Especially at Christmas. 

“If a parcel is sent, it is fully paid for at the sender's end and they charge you for it.  

“Never do Courier companies take a parcel on the "promise" of payment at the other end.  So if you get that, you know it is not real.”

Calm Computing’s Andy Dougherty says the list of scams are endless, and people should treat everything with suspicion until proven safe. 

Andy says emails that ask for bank details are always fake, and that no company will approach you in that fashion, yet many fall for it.  

“Many emails have very official looking emails and details, generally to keep you safe, the real companies ask you to log into your actual account or contact them directly.  

“(Real companies) never ask for passwords, bank accounts or anything of the sort, so if it is asking, you know there is something wrong with the whole deal.

“Facebook messages from family and friends with links, don't click, message them back first and ask about it.  

“They may not even realise their accounts are sending out these messages, because they clicked on the link themselves, it gets into your contact list and spams everyone with the same link.

“This list of the types of scams is endless or so it seems.  

“Romance, or work from home scams are ones that seem to hit people as well. Again, sounds too good to be true, it definitely is.”

Andy says all of these just require people to think a little before clicking or giving out bank details or passwords.  

“No legitimate company would ever put you at risk like that. If in doubt, ring on the number provided on their official websites.”

Andy says that if you suspect something is a scam, then it most probably is, and you should always report anything you seem suspicious of. 

“Always report scams, many go under the radar too long because people don't let anyone know what has occured,” he says. 

“I got hit with two IRD scam attempts and let them know immediately.  Knowledge is power and they need to know to help.

“Word of mouth as well, tell your friends and family, keeping others informed is always a great start.

“Programs like Avast, AVG which have reasonably good protection for free for example can only protect you from so much but not from scams.  

“The real defense lies in our own decisions always.”

Andy says there are a few good sites that have great information that help keep us informed and have advice in greater detail on how to keep safe.

“Get into Reap, Library or the Learning Hub. The staff there are amazing and they really do a lot to keep us all informed and safe.

“Sometimes it is really nice to talk to someone face-to-face and know they love to help. Or mask-to-mask as the case seems to be nowadays.”

For businesses as well, the risk of cybersecurity breaches is high. 

RNZ earlier reported many small to medium businesses hold too much information about things they do not need, says a cybersecurity expert.

Cybersecurity breaches are on the rise as scammers look to mine personal data.

Vertech IT Services managing director Daniel Watson said businesses holding onto old data that they did not need created unnecessary risk for the public.

"If the only reason why you're retaining customer information is perhaps more marketing purposes later on, then do you still need to retain the additional information such as date of birth, drivers licence detail ... other stuff that you might have collected and might have been necessary as part of the initial transaction," Watson said.

Getting hacked was not down to luck and it was just a matter of time, he said.

"If you do not have an excellent reason to retain customer information, you need to dispose of it.

"For example, I don't see why immigration consultants would sit on the details of more than 4000 past clients. It is creating unnecessary risk for many people who are oblivious to the threat they are facing."

The problem was made worse by poor cybersecurity measures from an "unacceptably high" portion of small and mid-sized enterprises (SME), he said.

"Reputation, financial and legal risks are just some of the threats that your average Kiwi SME is courting, bearing in mind that privacy legislation now requires the company to report a breach to affected customers as well as the Privacy Commissioner.

"The penalties are not to be sneezed at - fines [are] from $10,000 up to $350,000 for a class action."

Watson said companies needed to introduce or update policies, educate staff, and protect data.

Useful links for more information on how to protect yourself: 

Central Otago REAP - Local courses in computing, online literacy, etc.

Govt Consumer Protection

CERT NZ Common scam threats

NZ Police: Advice on scams and fraud 

NZ Government: Common scams