FutureFive New Zealand - Consumer technology news & reviews from the future
New Zealand

Guides

#
cartech
#
crypto
#
drones
#
gaming
#
smartphones

Search

Worried new zealander online shopping scams qr codes nz warning
#
MDM
#
Phishing
#
MarTech

Gen warns of soaring online scams targeting Kiwis in Q4

Thu, 22nd Jan 2026
Author image
By Karen Joy Bacudo, Finance Editor

Gen has reported a sharp rise in scam activity in New Zealand during the final quarter of 2025, with criminals leaning on routine online actions such as clicks, QR scans and verification codes rather than technical exploits.

The company's Q4 Threat Report covers activity from October to December. It said many incidents succeeded when people completed the last step themselves. Those steps included approving a device pairing or entering a code that appeared legitimate.

In New Zealand, Gen recorded a 271% surge in e-shop scams during the quarter. It also reported an 82% rise in "scam yourself" attacks and an 82% increase in remote access trojan attacks.

"Increasingly throughout 2025, scams did not announce themselves as threats. They blended into everyday digital routines," said Siggi Stefnisson, Cyber Safety CTO at Gen. "Attackers leaned on familiar platforms, trusted interfaces, and automated persuasion, then scaled those tactics across devices and channels."

Ads and feeds

Gen said scams often appeared in places where people already spend time online, including social feeds and video platforms. It linked that distribution to paid advertising and promoted content as well as posts that resembled ordinary recommendations.

Globally, Gen said it blocked more than 45 million fake shop attacks in Q4. It said that the figure represented more than half of all fake shop attacks blocked in 2025. It also noted it marked a more than 62% increase from the same period in 2024.

The report said fake shops accounted for 65% of all threats blocked on social media. It said the activity concentrated on Facebook and YouTube. It said phishing spread across platforms, led by Facebook at 77%, followed by YouTube at 13% and Reddit at 4%.

Gen also pointed to "malvertising", or fake advertisements, as a major initial route into scam journeys. It said malvertising accounted for 41% of all attacks against individuals in 2025 across its telemetry.

For New Zealand, Gen said malvertising attacks in Q4, specifically push notifications, rose by a further 51% compared with a 10% increase in Q3. The report connected the trend to the way scams can blend into advertising inventory and promoted placements.

DIY lure

Gen said one of the most notable changes in New Zealand involved scams that mimicked tutorials and how-to guides. It said detections of "fake tutorial scams" increased by 152%.

These scams often take the form of videos or step-by-step pages that claim to offer free downloads or cracked software. The report said the instructions lead users to install malware disguised as a legitimate tool.

The company also reported a 57% increase in detections for fake computer and mobile scans. It said those prompts often attempt to generate urgency and push people towards installing software or granting access.

"Kiwis are known for their No8 Wire mentality, and it seems that scammers have stumbled upon it," says Mark Gorrie, VP APAC for Norton. "When scammers find a weak point, they'll exploit it. Unfortunately, this means that New Zealanders will need to be vigilant with DIY videos or guides that direct them to download or install anything, for the foreseeable future."

Deepfake videos

Gen also described early data from an on-device detection feature on Windows that focuses on manipulated media linked to scam activity. It said early telemetry showed YouTube accounted for the largest share of blocked AI scam videos, followed by Facebook and X.

Gen said most of the blocked content related to financial, investment and cryptocurrency lures. It said the system intercepted the videos during playback rather than at the point of download.

Cross-device tactics

The report described attacks that shift between desktop and mobile devices during the same scam journey. It said some campaigns started on desktops with fake tutorial pages and then prompted victims to scan the screen with a phone, moving subsequent steps onto mobile.

Gen said other campaigns moved in the opposite direction. It also highlighted "GhostPairing" attacks, which its threat labs uncovered and named. In these cases, victims enter a numeric code in WhatsApp on their phone. Gen said that action links an attacker-controlled browser as a trusted device and can trigger rapid spread through contacts.

Gen said the Q4 data showed a continuous attack surface across browsers, chats, social platforms and money apps. It said the most damaging incidents often began with familiar actions carried out under time pressure or false reassurance.

Related stories
Snap launches digital safety course for teenagers, parents
Asus targets 30% APAC notebook share with AI, partners
myFirst expands kid-safe tech ecosystem with Circle app
EROAD launches Clarity Edge Multicam for safer fleets
Teads expands Google TV HomeScreen ad reach globally

Top stories

Hands-on review: Avast Deepfake Guard and Scam Guardian
Hands-on review: Corsair Galleon 100 SD Stream Deck Integrated Mechanical Keyboard
Shark Beauty’s LED CryoGlow mask set for ANZ launch
Fantasy dairy league turns real New Zealand cows into stars
Game review: Ride 6 (Xbox Series X)