If you enjoy watching those “scambaiter” clips on TikTok – where an expert turns the tables by accessing a cyber crook’s webcam and gives them the runaround – then you’ll get a lot
of satisfaction from “ReScam”, a new Netsafe tool launching today.
It works like this. When you get an email from a scammer, you forward it to me@rescam.org.
ReScam then creates a fake persona and, using OpenAI’s ChatGPT, starts a never-ending conversation with the scammer, wasting as much of their time as possible. And the more time the scammers spend engaged in back-and-forth with fake victims, the less they have to con actual people.
Netsafe records your email address, but no other personal data. The scammers don’t see your email, or any of your personal data, when the service sets one of its fake accounts on them.
Netsafe launched the first version of ReScam a few years ago, for simple exchanges.
CEO Brent Carey says his agency has been training the new, AI-based model for more than a year, including trials with friends and family.
With its multiple personalities and an ever-growing vocabulary, there’s no way for scammers to know they’re talking to Netsafe’s specialist scam-baiting intelligence system, Carey says.
One of the few tech initiatives in Budget 2024 was new funding for “equipment replacement and cyber security in schools” – with a $22.5 million allocation in the 2025 financial year, $24.4m in 2026, $25.1m in 2027 and $21.68m in 2028.
“The initiative provides funding for: email protection to block malicious emails to schools, domain name services to provide websites to schools, Microsoft and Google licensing, [a] Security Operations Centre to monitor and address security threats and Netsafe cyber safety training,” according to Budget documents. Crown agency Network For Learning (N4L) would be involved in the delivery.
Netsafe is waiting for details on how the $22.5m for FY2025 will be split between the various parties involved in the initiative, Carey told the Herald on Friday.
Carey is also concerned there is no Government funding for incident response and victim remediation. Recent research by Netsafe and the Global Anti-Scam Alliance found 53 per cent of respondents admitted to a significant emotional impact post-scam.
As the coalition Government reviews cyber security, one initiative begun by the previous Government – moving Cert NZ (Computer Emergency Response Team) under the GCSB – is still in progress, with the leadership structure uncertain, while a second, which would see Netsafe potentially lose its independence, has yet to be resolved. With the police, Internal Affairs, InternetNZ and IDCare also in the frame, a survey found most Kiwis are confused about where to turn when hit by scams and cyber crime.
What we do know, from bank data collected by the Ministry of Business, Innovation and Employment (MBIE), is that scams involving bank accounts cost Kiwis at least $198m last year. Netsafe research indicates total annual losses to online scams could be closer to $2 billion.
Expert’s verdict
“The key to the success of ReScam will be educating people to send scams to the Netsafe mailbox,” CyberCX executive director of strategy and risk Dan Richardson said.
“Simply put, if people can’t spot scams, they can’t forward them to Netsafe.”
The reality is that scams are becoming harder and harder to spot, which is why the problem is getting worse, Richardson said. You can no longer rely on the traditional telltale signs of a scam, such as poor grammar or graphics, as artificial intelligence is deployed to lift production values.
NetSafe’s Carey said the new ReScam system includes a replay feature.
If you forward his agency a scam email, you can be rewarded with a highlight clip of the ReScam AI’s efforts to prank your hacker, ready to post to your social accounts.
The idea is that the replays will generate some viral publicity and help with education.
Follow the Singapore sling
“While ReScam could help to throw sand into the gears of scammers by using up their time, more needs to be done at a holistic level by government, banks and telcos to drive costs into the business model of scammers at the source. The implementation of ‘confirmation-of-payee’ by banks in New Zealand is one positive step in this direction,” Richardson said.
The major banks recently said they had chosen a provider for a confirmation-of-payee service (a key step in stopping scams) and the timeline is open-ended, with work set to begin before the end of this year. The Government is pushing for a more centralised, co-ordinated response to scams but debate continues over several elements, including whether efforts should be led by the private sector or the Crown.
“According to reports, the Government is currently considering a new cyber security strategy,” Richardson said.
This strategy should look at ways to reduce the harm caused by scams to households and small businesses by consolidating law enforcement and regulatory functions into national anti-scam bodies that improve information-sharing, intelligence collection and engagements with the community that build awareness of new scam tactics and methods, he said.
“One effective pathway to consider is the ScamShield App in Singapore, which the Government operates in tandem with the Singapore Police Force to blocks scam calls and text messages based on previously reported scam data. By reporting scams to the ScamShield Bot, Singaporeans are helping to protect the broader community in Singapore from similar scams.”
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.
