We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.

2:00pm, 1 May 2023

TLP Rating: Clear

Phishing scams targeting New Zealanders to install remote access software

There has been an increase in phishing scams using text messages, phone calls, and emails to target New Zealanders. In some cases, these scams ask you to install remote access software to access further personal or financial information and send text messages using your device.

The messages claim to be from various organisations, like your bank, Inland Revenue, NZTA, postal services, computer security software and others.

The messages often claim an unusual payment was detected, tax refunds are available, you have unpaid tolls or fees requiring payment. They will contain a link to visit or a phone number to call.

The language of these messages can change, so be aware they may be different.

What to look for

How to tell if you're at risk

If you receive an unsolicited text message that contains a link or a phone number to call. It may also claim you owe a payment, or that an unusual payment was detected.

Just receiving the text message does not mean you are at risk, however, if you click the link or call the phone number, then your risk increases.

How to tell if you're affected

If you have provided your credit card details, personal information, downloaded software or installed apps after following instructions in the message.

What to do


Do not click the link in the text message or call the number provided in the message.

If you’re unsure about a text message you receive, go to the organisation’s website directly or contact the organisation by using the number provided on their website.

Don’t install applications from unknown sources.

You can forward the message free-of-charge to 7726. This is a service run by the Department of Internal Affairs. They will reply and ask for the phone number that sent it. Once this is done, you can delete the message.


If you have paid money or installed an application at their request, contact your bank immediately.

These applications may provide remote access or send text messages on your behalf.

CERT NZ recommends you:

  • uninstall the application,
  • change your passwords,
  • use two factor authentication where possible.

 If you have an Android mobile device, in your settings you can disable the ability to “install unknown apps”.

More information

Find more information about phishing.


Find out more about text message scams

Text message scams

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report it

For media enquiries, email our media desk at or call the MBIE media team on 027 442 2141.