A Kiwi caught out by a convincing phishing scam pretending to be from Inland Revenue (IRD) is warning others to be careful, especially around this time of year.
Damian Christie told Newshub he got an email seemingly from IRD on Tuesday morning which said he qualified for a cost-of-living payment amid the rising cost of living.
The email, which looked legitimate as it used IRD's logo and usual format, then asked him to log in to his account through a link to process the payment.
Christie said it was just as easy to log in through a browser instead of the link, but upon doing so he couldn't find any reference to the payment.
"I didn't think our income matched qualifying," he said, adding that if it somehow did he'd be more worried about what happened to his income stream.
But after finding nothing online, he went back to the email and found a suspicious-looking address hidden behind a generic 'do not reply' email address.
"It was just the sender address, something very strange."
Screenshots of the email obtained by Newshub show the email was actually sent from a German email address.
Before seeing the hidden email address, though, Christie said it was "absolutely" convincing and could catch some people out.
"Apart from the hidden email address everything else looked the same," he said.
"People often get caught out based on circumstances, like if you've just gone through a road toll or you're waiting for a package and you get those fake DHL ones. For this one it was the time of the month, I've been doing end-of-year taxes so it seemed legit."
Christie's advice to people was to be aware of individual circumstances so you don't get caught out.
He was most concerned about who this scam targeted, though - people who are "hard up" and actually needed this cost of living payment.
An IRD spokesperson told Newshub people should avoid clicking on any email links or attachments.
"We would urge people to be wary of any emails or texts, purporting to come from Inland Revenue, and saying there is a refund to collect or a tax bill to pay, or in this case, that they are eligible for money," the spokesperson said.
"Anything that asks for personal or bank account details or offers to update them, could be scammers at work. People should always access their IR account through their myIR. Also avoid clicking on links or attachments in emails."
The spokesperson said there was information online about when people should expect to hear from IRD, as well as the latest information on known scams, signs of scams and how to report a scam.
Police also advised anyone who believes they've been a victim of a scam to report it to police by calling 105 or online. Information can also be provided anonymously via Crime Stoppers on 0800 555 111.
The Department of Internal Affairs and Netsafe have also been approached for comment.
