We Can’t Keep Blaming the User: Taking Scam Prevention Seriously
We are in the middle of a digital war—one that most New Zealanders don’t even realise they’re fighting. Sophisticated scam operations, often backed by criminal networks and operating out of large-scale factories in far off lands, are targeting our inboxes, phones, and bank accounts with chilling precision. These aren’t opportunistic hackers working alone in the dark—they’re coordinated, well-resourced, and increasingly difficult to trace.
At this week’s Tech Chat member meetup ITP members shared real anger and frustration. Not just at the scale of scams, but at the systems failing to stop them. Spoofed numbers still get through. Banks noticing fraud only after the money’s gone. Social media platforms prioritising engagement over safety, profiting off the very algorithms that help spread misinformation and manipulate behaviour. And amid all this, we still hear the same tired message: “It’s hard.” Yes, it is. But that’s not an excuse for inaction.
This is no longer just about protecting the elderly or the digitally naive. Young people are being manipulated too—tricked into bad relationships, dodgy investments, or falling prey to phishing attacks that look more legitimate everyday with the help of sophisticated AI tools. Victims span all age groups and demographics. Scams are now professional, persistent, and personal—and we’re still treating them like personal failings rather than systemic threats.
We’ve written about the state of cybersecurity in New Zealand before—see my previous post Should We Be Worried? the state of Cyber Security in New Zealand; We decided it’s time for a fresh push. Below is a summary of actions our member group identified:
What Government Can Do
Establish a dedicated Cyber Security Agency akin to Australia’s, with clear mandate, funding, and public education responsibilities.
Appoint a Minister for Cyber Security to provide visibility and leadership across portfolios.
Mandate better protections from banks and telcos, including real-time interventions and proactive alerts when scams are suspected.
Invest in technical education, especially around scam recognition, misinformation, and online safety - for every learner.
Create public campaigns that reduce shame, especially around romance scams, and encourage reporting.
What Businesses Can Do
Stop treating cybersecurity as optional. If you're spending more on tea, coffee and biscuits than cyber protection, it's time to reassess.
Invest in proactive defences—tools to detect spoofing, better fraud detection models, and genuine customer support.
Educate staff and customers—not with fear, but with empowering knowledge.
Hold platforms to account. If you’re profiting from engagement that enables scams, you should share liability for the harm.
What All of Us Can Do
Shift the narrative. Stop blaming users. It’s not a personal failing to fall for a professional scam.
Advocate for better protections—as consumers, parents, tech professionals, and citizens.
Keep talking. Share what you learn. Tell others what to watch out for. Support those who’ve been affected.