News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. Investment scam linked to remote access

Investment scam linked to remote access

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

12:00am, 18 August 2025

TLP Rating: Clear

Investment scam linked to remote access

An investment scam is circulating that allows scammers to gain access to people’s phones and has prompted an investment scam warning by the Financial Markets Authority.

What's happening

New Zealanders are being encouraged by scammers to:

  • turn off the settings on their phones that prevent unsupported apps and software being installed, and then
  • download a malicious app.

Doing this then gives the scammer full access to the target’s phone, including the ability to:

  • control their camera,
  • send messages and record conversations,
  • install further applications,
  • steal personal and banking information, and
  • view their images.

What to look for

How to tell if you're at risk

Scammers are setting up a series of WhatsApp groups that appear popular but are mostly filled with bots.

They are sending bulk messages inviting people to join the WhatsApp groups to share information about investment opportunities.

In these messages, the scammers often falsely claim to be an employee of:

  • a New Zealand bank,
  • an investment firm, or
  • other financial service provider.

The scammers are encouraging people to invite new recruits (often friends or family) to receive rewards for each person they recruit.  

How to tell if you're affected

You might be affected if you have:

  • joined these WhatsApp groups and have turned off your phone settings that prevent the installation of apps from unknown sources. These settings could look something like:
    • ‘Install unknown apps’
    • 'Allow unknown sources'
  • installed apps that do not come through official app stores - Google Play Store and iOS App Store - after being asked to scan a QR code, click a link, or download a file someone has shared in a group chat.

What to do

Prevention

  • Be wary of any app which requires your settings to be changed to install something.

  • Don't turn phone settings on that allow your phone to install unknown apps. These settings will be off by default when you buy your phone.

  • Don't allow anyone else to change settings or convince you to.

Mitigation

If you have been targeted by this scam and believe you are at risk:

  • back up important documents into a safe offline storage,
  • factory reset your device in your phone settings,
  • change the passwords on the reset device or on a known safe device, 
  • check to see if there's any devices that don't belong to you logged in, in the account settings of the account (e.g.: Facebook). If there is, log out any devices you do not recognise, and
  • turn on two-factor authentication.

If you think you have been affected or if you have been given a link/copy of a QR code, report to NCSC:

Report an incident - individuals and small business

More information

Txex - WhatsApp educational and investment platform scam | Financial Markets Authority External Link

Protect against investment scams | Own Your Online External Link

Keep your mobile phone secure |Own Your Online External Link