The Blog

Flick's top 5 tips for spotting a cyber scam

Whether you’re a savvy scam-spotter or a cybercriminal’s dream, here’s some comforting news: it’s Cyber Smart Week here in NZ, which means the team at CERT NZ is helping us all to lift our cybersecurity game - phew!

This year’s theme, ‘Just Do One Thing’, is encouraging us all to tighten those security measures and make sure that our online devices are iron-clad.

Join the power company who’s recently been named NZ’s Disruptive and Breakthrough Innovation at the Innovation Awards (woohoo!).

Here at Flick HQ, we receive a lot of spam and scams from the worldwide web, and while some are painfully obvious (‘Hi Pauline, Please send $10,000 to England today’ - erm, OK…), others are a bit more deceptive, making them hard to pinpoint as fake. And with the many and varied ways that cybercrims are targeting us, from malware (malicious software which tries to gain authorised access to your computer), phishing scams (where cybercrims attempt to obtain things like your passwords, usernames, pin numbers and credit card details) and fake websites, you can confidently call it a minefield!

So, in the interest of keeping our #CleverFlickers safe, here are our top 5 tips things that we reckon should arouse your cyber suspicion.

1. Things just feel a bit ‘off’

If you’ve received an email from a supposedly reputable source that contains things like poor spelling and grammar, a vague introduction (for example, ‘Dear Client’ or simply ‘Hi’), a slightly different company logo, and an overly dramatic subject line (‘Urgent email - attention needed!!!!’), it should set off warning bells. Legitimate companies will, generally, go to a lot of trouble to ensure their emails are accurate and professionally crafted. Go with your gut instinct: if you feel something’s not quite right, it’s probably not.

2. You don’t know the company or individual emailing you, and you haven’t used their services

If the email comes from a company or individual you’ve never heard of, be wary. Sometimes these emails will contain attachments  and files (like a photo or document) for you to read that, once opened, can pose a huge security risk, especially on a corporate network, so tread cautiously.

The same goes for official-looking emailed invoices that request payment for services that you’ve never used or ordered. Often they’ll state that payment is ‘overdue’, and threaten things like bad credit ratings - don’t be fooled.

3. Their email address and in-text links are… dodgy

First of all, don’t click any links! Hover your mouse over it, and a box should pop up (either nearby on the screen, or down the bottom of your screen) which shows you the web address of the link. Here are a few warning signs you should look out for: the link you’re hovering over shows up as different to the one that’s listed in the email; the link leads to an address that isn’t associated with the official domain address of the company; or the link is shortened (using bitly, for example) or contains random numbers and words.

Sometimes these cybercrims will also use fake websites that look very similar to the real deal, but they’ll have a slightly different version of the official domain - e.g. or (notice they’ve left out the ‘r’ and the ‘o’). The same also goes for their ‘From’ email address - check it carefully, and if it’s missing any vital letters, or contains random numbers and letters (or you’ve simply never heard of it before), be on your guard.

4. They use threats

Most genuine companies won’t send you random threats of account closures or warnings of overdue payment via email. While most companies will use email to communicate with customers before they close their account, in most situations you’ll know who they are and you’ll be aware of the situation - it won’t be out of the blue.

5. They’re asking for money or personal details

Well, this one seems obvious, but if the email asks (or demands) you send a sum of money or sensitive information like your credit card number - hit delete!

What about scam phone calls and door knockers?

While not strictly in the realm of cybersecurity, this is an area of security that can potentially affect Flick customers, so it’s worthwhile mentioning. First of all, Flick doesn’t door knock - so if someone turns up at your place saying they work for us, we recommend you shut the door and call the cops.

Secondly, while we do contact our customers over the phone, it pays to be wary of cold calls. If you receive a call from someone who says they work for Flick, ask them to confirm some details about your account that only someone at Flick is likely to know. For example, the date you applied to join Flick, a secondary or previous address that Flick has served, or the cost of your last Flick bill. You could also hang up the phone and call us back on 0800 4 FLICK (435 425) to make sure you’re talking to the real deal. Our advice: don’t readily give your personal information out over the phone, unless you’ve verified it first.

What can you do to make sure you’re being cyber smart?

Here are a few tips from CERT NZ (the awesome folks running Cyber Smart Week):

  • Change your password – make your passwords long and strong, and have a unique password for each online account.
  • Turn on two-factor authentication (2FA) – two-factor authentication is like having a second lock for your door. It’s often a password, and something else, like a code that’s sent to your phone.
  • Update your phone and computer operating system (OS) – keeping your OS up to date is a really good way to defend against bugs and viruses.
  • Check your privacy settings – set your privacy settings so you know exactly who can see what you post on social media.

Stay safe in cyberspace, Flicksters!