Industrialised fraud, artisanal enforcement
The Financial Markets Authority spotted 110 scam ads published on Meta platforms in a single 24-hour period recently, each using AI-generated deepfakes of recognisable New Zealand figures to sell fake investment schemes. The targets included Kiwibank CEO Steve Jurkovich, Westpac CEO Catherine McGrath and Winston Peters. The ads carried stolen logos from RNZ, TVNZ and the NZ Herald, linked to fraudulent trading platforms, and asked for initial deposits of around US$250 that were never returned.
This is not a new problem. But the scale, speed and sophistication have crossed a threshold that makes voluntary platform commitments look absurd.
New Zealand banks reported $265 million in gross fraud losses in the 12 months to November 2025, the first time Payments NZ has published a consolidated figure across 12 banks. Of that, $126 million came from authorised push payment scams where victims were tricked into approving transfers themselves. MBIE estimates only one in five scams are reported, putting the real annual cost closer to $1 billion.
The pipeline refills faster than it clears
Meta claims it removed more than 134 million pieces of scam ad content in 2025 and says user reports of scam ads fell more than 50% over 15 months. The company’s spokesperson has said it “aggressively fights fraud and scams” because nobody on the platform wants the content.
The numbers tell a different story. Netsafe’s proof-of-concept exercise identified more than 700 active paid scam ads targeting New Zealanders in a short window. The FMA has flagged more than 190 fake trading platform websites for removal since early March. And the GASA/Netsafe State of Scams 2025 report found 72% of New Zealand adults encountered a scam in the past year, 23% lost money, and the average loss was $3,352. Over 40% of victims who reported to payment services recovered nothing.
The uncomfortable figure sitting behind all of this: internal Meta documents project up to 10% of the company’s 2024 advertising revenue, roughly US$16 billion, could be linked to scam and prohibited ads. Meta disputes the methodology. But when scammers are paying customers, the incentive to police them is structurally weak.
Every executive is now an attack surface
FMA Manager Regulatory Services Samantha McGuire was blunt about the trajectory: “The scammers are using artificial intelligence to create deepfake images and videos featuring likenesses of politicians and business leaders to create a sense of credibility.” She also warned that scammers continuously switch the identities they impersonate, meaning any public-facing executive is a potential vector.
Experian research shows financial services and banking already report the highest fraud exposure of any sector at 71%. But this is not just a banking problem. The deepfake production template is cheap, reusable and sector-agnostic. Once it works with a bank CEO, it works with a tech founder, a property developer or a fund manager.
Richard Atkinson, Head of Fraud and Identity at Experian, captured the bind businesses face: “It is getting increasingly difficult for companies to differentiate between legitimate activity and fraud”, while consumers remain deeply cautious about the tools that could help, with only 17% comfortable with facial recognition as a security measure.
Australia acted, New Zealand is still writing memos
Australia’s Scams Prevention Framework Act 2025 places formal obligations on banks, telcos and digital platforms to prevent, detect and respond to scams, with fines up to A$50 million for non-compliance. Meta responded by introducing new verification requirements for financial advertisers in Australia, but only after the law passed. The lesson is obvious.
New Zealand’s response remains fragmented. A Cabinet paper from October 2024 acknowledged the problem is split across MBIE, NCSC, FMA, Police and the Reserve Bank, with no single lead agency and no centralised reporting. That same paper noted Australia achieved a 47% drop in investment scam losses within one year of coordinating its response. The paper is nearly a year old. Losses here are still rising.
A NZ First private member’s bill would increase bank obligations around confirmation-of-payee and liability shifting, but does not address platforms at all. Banks would bear more cost. Meta would bear none.
Stephen Kho, director of offensive security at Gen, put it plainly: “If there’s a $100 million penalty, then a board will find the resources to take action. Money is the language they understand.”
Until New Zealand makes scam ads a platform liability rather than a platform revenue line, banks and businesses will keep absorbing a cost they did not create and cannot control.
Sources
- RNZ: Consumers warned of increase in scams using fake news articles (2025-06-04)
- NZ Herald: When scam ads pay, promises are not enough – Brent Carey (2025-06-04)
- NZ Herald: Social media firms earn billions in revenue from scam ads (2025-06-04)
- GASA and Netsafe: State of Scams in New Zealand 2025 Report (2025-05-01)