Phishing and Fraud Awareness Policy

Crown Financial Services Limited

Phishing and Fraud Awareness

Crown Financial Services Limited (CFS) is a New Zealand registered Financial Services Provider providing financial solutions. Cybercriminals frequently attempt to take advantage of CFS’ reputation to engage in fraudulent schemes, through which victims are tricked into thinking that they are dealing with trusted CFS personnel, including through websites, texts, emails, mailings, telephone calls, social media, and other communication platforms. These fraudulent tactics are continuously evolving and usually involve using false pretenses to convince a victim to share personal information. Many of these attacks take the form of “phishing,” a practice where a cybercriminal attempts to obtain your confidential personal information, such as your tax revenue number, account/financial information, and usernames/passwords.

Below is general information on how to recognise and avoid common schemes.

Common Examples of Fraudulent Activities

  • Email or SMS (Text) Phishing: The most common form of phishing involves a cybercriminal sending an email or text message that looks like it comes from a legitimate source, asking you to click on a link, download an attachment, or provide personal information.
  • Vishing:Vishing, or telephone phishing, involves a cybercriminal calling you on the phone, pretending to be a company representative. The visher will say there is an urgent problem that will cause you financial harm, and their solution will involve you providing your personal information.
  • Job Offer/Social Media Scams: Scammers may pose as a company on a website or social media account, and may target job seekers through posts and paid advertisements. Imposters may also send fraudulent emails purporting to offer employment at CFS and misusing the official CFS logo. These emails do not originate from CFS or any of our affiliates. The only social media accounts authorised by CFS are:

Under any circumstances, please never give out any of your personal information or sensitive data via any social media platforms.

  • Mobile Device App Scams:Scammers may steal personal information by creating mobile device apps which purport to be an official CFS app, including a fraudulent mobile device app using a CFS logo. The scammers solicit investments into non-existent managed funds and are not in any way affiliated with CFS.
  • Bank Transfer Scams:Scammers may contact you, usually by phone but potentially by other means, presenting an urgent and false story that requires you to transfer money into or out of your bank account. Scammers purporting to be CFS may also promise extraordinary returns on your investment at little to no risk.
  • Investment Scams: Scammers may contact you offering “high-yield” and similar investments through CFS. These “high-yield investment programmes” typically are frauds. For more information on high-yield investment programmes and how to avoid them, visit the U.S. Securities and Exchange Commission webpage.

If you notice any suspicious behaviour or activity, please get in touch with CFS.

Best Practices

  • Crown Money (make sure your account is safe): make sure that you enter your Crown Money credentials only on genuine Crown Money webpages (https://crownmoney.crownfinancial.co.nz).  CFS or Crown Money will never ask for your password or authentication code via any means.  Only enter your login details on the Crown Money web application.  Under any circumstances, please never give out sensitive data via social media.

No other website or email domains are authorised by CFS. Please email us (techadmin@crownfinancial.co.nz) if you have questions about the legitimacy of a website, app, or communication.

  • Read emails carefully: pay close attention to the details of your emails. Pay attention to things such as typos, unfamiliar links, attachments and any other awkward or urgent language. Do not click on any links in the email that appear suspicious or enter any of your bank, sensitive [or personal] information.
  • Do not share passwords or login information: certain CFS web sites are private, available only to clients through secure log-in procedures. Apart from allowing you to use your password and log-in to enter an authorised website, CFS will never ask you for your login information or password.
  • Avoid suspicious downloads: be sure to double check the sources and validity of content and apps that you’re downloading while online and always avoid suspicious pop-up ads.
  • Be skeptical of unsolicited emails, text messages or phone calls. You should be suspicious of emails, texts or phone calls coming from unknown senders and unfamiliar organisations, especially if personal information is requested.
  • Be suspicious of phone calls asking for personal information:Often callers will impersonate your bank, a familiar company like CFS, or a government organisation. Do not provide personal information, such as your bank information or credit card number, to these callers. If you think the call might be legitimate, hang up, separately look up the organisation’s official contact information online and call them.
  • Be skeptical of changes to wire or payment instructions:If this happens, you should hang up, separately look up the official contact information of the organisation requesting payment, and call them to verify. CFS will never ask you to solicit payment of funds or wiring of funds over the phone, email, or text.
  • Be skeptical of job offers made through social media.

Some Tips on How to Spot a Scam

Here are a couple of useful links containing advice on how to spot scammers and protect yourself from being scammed:

See Cert NZ’s Robots on the Cyber Smart Week Page

How to protect yourself from being scammed: before you invest, we recommend that you take steps to protect yourself from being scammed and check the provider is listed on the Financial Service Providers register (FSPR). The FSPR can help you:

  • obtain a business address
  • see the types of financial services the registered company, or individual, provides to customers. Some examples include; money transfers, investment management or financial advice
  • see any licences or an authorisation status that the company or individual may have
  • see what dispute resolution scheme they belong to

Scamwatch Australia: Protecting Yourself from Scams

For more general guidance on avoiding internet crimes, visit the FBI webpages on common fraud schemes and recent e-scams at http://www.fbi.gov/scams-safety/fraud/internet_fraud and http://www.fbi.gov/scams-safety/e-scams, and the U.S. Securities and Exchange Commission webpage on avoiding fraud at http://investor.gov/investing-basics/avoiding-fraud.

How to Report a Scam

If you think you may have been a victim of internet crime or are aware of potentially fraudulent activity, please contact your local authorities and consider also filing a report with these government entities:

Contact the Financial Markets Authority, New Zealand if the scam relates to an illegal investment offer or scheme: please make sure you include your contact details so the FMA can contact you.

Consumer Protection’s Scamwatch: publishes a list of scam alerts. You can report a scam on their website too.

Department of Internal Affairs, New Zealand: lists a range of scams by format, eg. email, text message, phone, fax and postal scams. You can report scams to them, including forwarding text message scams to the free shortcode 7726 (SPAM).

You may also wish to refer to the International Organisation of Securities Commissions (IOSCO) Investor Alerts List for international scam alerts. The IOSCO Investor Alerts List: IOSCO receives alerts and warnings from its members about firms which are not authorised to provide investment services in the jurisdiction which issued the alert or warning.  This list contains the names of businesses or individuals you should be wary of if you are planning to invest. The list is not exhaustive and there is no guarantee that the business or individual listed has not changed their name.

CFS is not responsible for the content of third-party links and provides links to these.