Phishing, Romance, and Investment Scams — AI Scams — How to Protect Yourself and Your Family

Three of the most common AI-powered scams in New Zealand today target something most of us do every day: checking our messages, going online, and connecting with other people. This lesson covers how they work and what you can do about them.

Phishing — the perfect fake message

Phishing is when a scammer sends a message — by email, text, or social media — pretending to be a trusted organisation, in order to trick you into handing over your login details or personal information.

In the past, these messages were easy to spot. They were full of typos, odd phrasing, and clunky formatting. AI has changed all of that. Today's phishing messages are grammatically flawless, professionally formatted, and often personalised with your name and other real details sourced from data breaches.

They might look like:

An email from IRD saying you have a tax refund waiting
A text from NZ Post about a parcel that needs to be released
A message from your bank saying your account has been compromised
An alert from Spark or Vodafone about an unpaid bill

Clicking the link takes you to a fake website that looks identical to the real one. You enter your details. They are captured immediately.

Red flags:

Urgency ("your account will be locked in 24 hours")
A link that looks almost right but is slightly off (e.g. "nz-ird.net" instead of "ird.govt.nz")
A request for more information than usual
The message arrived unexpectedly with no prior contact

What to do: Never click links in unexpected emails or texts. Go directly to the website by typing the address yourself. If in doubt, call the organisation on a number from their real website.

Fake websites — scam sites built in minutes

AI tools can now generate convincing fake websites in a matter of hours. These sites mimic real NZ banks, government agencies, and well-known retailers, complete with matching logos, correct formatting, and even working chat functions.

A padlock icon in your browser no longer guarantees a site is safe — scam sites use secure connections too. What matters is the web address. Check it carefully before entering any details.

New Zealand registered a 416% increase in web skimming attempts in 2025 — these are hidden scripts on checkout pages that silently steal your card details as you type them in.

QR code scams

QR codes are convenient, which is exactly why scammers use them. A common trick is to place a fake QR code sticker over a real one in a public place — on a parking meter, a restaurant menu, or a library computer. Scanning it takes you to a convincing fake site designed to capture your payment details.

Before scanning any QR code in public, look closely at whether the code appears to be a sticker placed on top of something else. After scanning, check the URL that appears before you tap through.

Romance scams and pig butchering

These scams are slower and more personal than phishing, which makes them particularly damaging — both financially and emotionally.

A scammer creates a fake profile on a dating app or social media platform, often using AI-generated photos of an attractive, successful-looking person. They make contact, build a genuine-feeling connection over days or weeks, and eventually — once trust is established — introduce a financial request.

A variation called "pig butchering" takes this further. After building a relationship, the scammer introduces a cryptocurrency investment platform where the victim appears to make impressive returns. They are encouraged to invest more and more. When they try to withdraw their money, the platform vanishes.

AI now allows one person to maintain dozens of these fake relationships simultaneously, with auto-generated messages tailored to each victim.

Red flags:

The profile looks almost too perfect
They express strong romantic feelings very quickly
They want to move to WhatsApp or Telegram early on
They avoid video calls, or the video is always blurry or lagging
They mention an overseas job — oil rig, military, international doctor
They introduce an "investment opportunity" once you are close

What to do:

Reverse image search any profile photo using Google Images or TinEye
Insist on a live, unscripted video call before developing trust
Never send money to someone you have not met in person
Talk to a trusted friend or family member before making any financial decisions based on an online relationship
Report romance scams to Netsafe and Police 105

If you or someone you know has been caught in a romance scam, please reach out to Netsafe on 0508 638 723. These scams are designed by professionals to be convincing. There is no shame in being targeted.