Skip to content
All insights
securitypersonaladvice

I think I've been scammed — what do I do now?

Clicked a dodgy link or given out personal details? Here's exactly what to do next. Don't panic — act quickly.

JW

Jason Webb

5 min read

First: take a breath. Getting scammed doesn't make you stupid. These people do this professionally, all day, every day. They're good at it. What matters now is what you do next.

Here's a step-by-step guide depending on what happened.

If you entered your password on a fake website

This is the most common one — a phishing email leads you to a convincing-looking login page, and you type in your details before realising something's off.

  1. Change that password immediately. Go directly to the real website (type the address yourself, don't click any links) and change your password.
  2. Change it everywhere else you use it. If you've reused that password on other sites — and be honest with yourself — change those too. This is the most important step.
  3. Turn on two-factor authentication for that account if you haven't already.
  4. Check for any suspicious activity. Look at recent login history, sent emails, or account changes. If it's an email account, check your sent folder and rules — attackers sometimes set up forwarding rules to keep intercepting your messages.

If you gave out your credit card or bank details

  1. Call your bank immediately. Every New Zealand bank has a 24/7 fraud line. Tell them exactly what happened. They can freeze your card, reverse pending transactions, and issue a new card — usually within minutes.
  2. Check your recent transactions. Look for anything you don't recognise, no matter how small. Scammers often start with a tiny test transaction before going bigger.
  3. Keep records. Screenshot the fake website, save the email or text, note the time and date. Your bank and the police will want these.

If you sent money via bank transfer

This is harder to undo, but not impossible if you act fast.

  1. Call your bank straight away. If the transfer is still processing, they may be able to stop it.
  2. Report it to the police. File a report at police.govt.nz or call 105 (non-emergency). You'll need a police report number for your bank's fraud investigation.
  3. Report it to CERT NZ. Go to cert.govt.nz and file a report. They track scam patterns and can sometimes help coordinate recovery.

Be realistic: money sent to an overseas account via bank transfer is very difficult to recover. But domestic transfers caught quickly have a much better chance.

If you gave someone remote access to your computer

Some scams involve a phone call from "Microsoft" or "Spark" telling you your computer is infected, then asking you to install remote access software so they can "fix" it.

  1. Disconnect from the internet. Turn off WiFi or unplug the ethernet cable. This cuts their access immediately.
  2. Uninstall the remote access software. Common ones they use include AnyDesk, TeamViewer, and SupRemo. Remove them from your computer.
  3. Change your passwords — all of them — from a different device (your phone is fine). Start with email and banking.
  4. Run a malware scan. Use Malwarebytes to check if they installed anything else while they had access.
  5. Call your bank if you logged into internet banking while they were connected, or if they asked you to.

If you're not sure what happened

If something feels off but you're not sure exactly what information was exposed:

  • Change your email password as a precaution (from a different device if possible)
  • Check your email's sent folder and rules for anything you didn't set up
  • Monitor your bank accounts closely for the next few weeks
  • Run a malware scan on any device involved

Reporting scams in New Zealand

  • CERT NZcert.govt.nz — the government's cyber security agency
  • Netsafenetsafe.org.nz — free advice and support for online incidents
  • NZ Police — call 105 or report online at police.govt.nz
  • Your bank's fraud team — the number is on the back of your card

Don't be too hard on yourself

I've helped plenty of people clean up after scams — teachers, business owners, retired professionals, tech-savvy teenagers. There's no profile of a "typical victim." Scammers exploit trust and urgency, not ignorance.

The best thing you can do after it happens is act quickly, secure your accounts, and learn what to watch for next time.

If you've been caught out and need a hand sorting things out — checking your computer, securing your accounts, or just talking through what happened — get in touch. No judgement, just practical help.

Previous

Five tech habits that quietly protect your business

Next

Internet safety for families — a balanced approach

Say hello

Ready to get started?

Pick a time that suits you. No obligation, no jargon, just a friendly conversation.