Scam Alert: NZBN, Companies Office And Renewal Fee Scams

If you run a small business in New Zealand, you’ve probably had a moment where you’ve opened your inbox and thought: “Is this real… or is this a scam?”

Unfortunately, “renewal” notices and invoices that look like they’re from the NZBN register or the Companies Office are a common tactic scammers use to get business owners to pay fees they don’t actually owe.

This article explains how Companies Office “renewal” scams typically work, what the real obligations are (and aren’t), how to spot the red flags, and what to do if you’ve already clicked, replied, or paid.

General information only. This article isn’t legal advice and may not reflect the latest updates. If you need advice for your situation, get professional advice.

What Is A Companies Office Renewal Scam (And Why Are Business Owners Targeted)?

A Companies Office renewal scam is where a scammer contacts you (usually by email or post) pretending to be a government agency or “registry”, and asks you to pay a fee to “renew” something connected to your business.

These scams work because they:

• Look official (logos, formal language, “reference numbers”, and layout that resembles government communications).
• Create urgency (deadlines, “late fees”, threats of deregistration, or warnings about penalties).
• Exploit a real fear (no one wants their company removed from the register or their details to become non-compliant).
• Use public information (your company name, NZBN, directors, and addresses may be publicly searchable, which makes scam messages feel “personalised”).

It’s also common for scammers to target:

• Newly incorporated companies and new business owners (when you’re still learning the admin side).
• Busy operators who approve invoices quickly (especially if you use a shared accounts inbox).
• Businesses that have recently changed details (directors, address, shareholders) and might expect registry communications.

One of the tricky parts is that scam messages often don’t say “Companies Office” directly - they might use vague terms like “companies register”, “business registry”, or “NZBN renewal department” and rely on you filling in the blanks.

Do You Actually Need To “Renew” Your NZBN, Company Or Business Name In NZ?

This is the part scammers rely on: uncertainty about what actually requires renewal in New Zealand.

NZBN (New Zealand Business Number)

An NZBN is not something you “renew” like a subscription. Your business details should be kept accurate and up to date, but you should be cautious about any unexpected invoice that claims you must pay a renewal fee simply to “keep” your NZBN.

If you’re unsure whether you should have an NZBN at all (or what it means for how your business is set up), it can help to first be clear on your structure - for example, whether you operate as a sole trader, partnership, or company. If you’re setting things up properly from day one, a Company Set Up is often a good starting point for founders who want a separate legal entity.

Companies Office / Companies Register

New Zealand companies do have ongoing compliance obligations. In particular, companies generally need to file an annual return and keep key details current. Scammers mimic this by using terms like “company renewal”, “annual renewal”, or “company registration renewal”.

Importantly, the annual return process is not the same thing as paying a third-party “renewal” invoice. Typically, filing an annual return itself does not involve a “renewal fee” paid to a random “registry” by bank transfer - so treat any unexpected payment demand with caution.

The key point is: you should verify any request for payment independently before paying, even if it references real concepts like annual returns.

“Business Name Renewal” (Trading Names)

In New Zealand, “business name” can mean different things in different contexts. Many business owners use a trading name, while their legal entity name might be different (for example, a limited company with a brand name).

However, New Zealand does not have a general “business name registration” or “business name renewal” regime for trading names in the way some other countries do. That means a notice demanding a “business name renewal fee” is often a red flag (though you may still have other legitimate renewals, like domain names or trade marks, depending on what you’ve registered).

If you’re not sure what you do (and don’t) need to register, getting clarity early saves a lot of stress. It’s worth understanding whether a trading name needs to be registered in your situation - because scammers often weaponise confusion around trading names, “business registries”, and domain names.

There are legitimate registrations you may choose to do to protect your brand (like trade marks), but that’s different from being forced into paying an unexpected “renewal” invoice.

Common Red Flags: How To Spot A Fake Companies Office Renewal Notice

Scam communications are getting better, but there are still reliable warning signs you can train your team to look for.

1) It’s An Invoice You Didn’t Expect

If you weren’t expecting a fee, don’t assume it’s legitimate just because it looks formal.

A classic Companies Office renewal scam is an “invoice” that arrives without any prior reminder in your official portal/account, and without any context you can verify.

2) The Sender’s Email Address Or Website Is Slightly “Off”

Watch out for:

• Odd domains (not the official government domain you’d expect).
• Misspellings or extra words (for example “nz-companies” style domains).
• A “reply-to” address that differs from the “from” address.

Even if the display name looks correct, always check the actual email address.

3) Pressure Tactics And Urgent Deadlines

Scam notices often push urgency:

• “Final notice” language
• “Pay today to avoid deregistration”
• “Late fees apply after 24 hours”

Urgency is designed to make you pay first and think later.

4) Payment Requests That Don’t Match Normal Government Processes

Be cautious if the message asks you to:

• Pay into a bank account you’ve never used before
• Pay by cryptocurrency, gift card, or money transfer
• Click a link to “confirm” your details and enter login credentials

Even when bank transfer is used, scammers rely on you not checking whether the payee is legitimate.

5) It Asks For Too Much Information

A real agency or professional service provider generally won’t ask you to send sensitive details by reply email (passwords, copies of ID, or full card details).

Remember: your business contact details are often public. A scammer knowing your company name or NZBN doesn’t prove they’re legitimate.

What You Should Do If You Receive A Suspected Renewal Scam

When you’re busy, it’s tempting to ignore these emails and move on - but taking a few quick steps can protect your business and your team.

Step 1: Don’t Click Links Or Open Attachments Yet

If you haven’t opened anything, keep it that way until you’ve checked it’s legitimate. Attachments can contain malware, and links can lead to credential-harvesting pages.

Step 2: Verify Through Official Channels (Not The Message Itself)

Instead of using the email’s links or phone number, independently navigate to the official website you trust and check notifications there. If you’re unsure whether an annual return is due, check directly through your normal compliance workflow.

If you’ve built your business on good foundations (proper structure, proper records, proper admin), these checks become much easier to do quickly.

Step 3: Check Internally Before Paying Any “Registry” Invoice

Put a simple internal process in place, for example:

• All “registration/renewal” invoices must be approved by a director or business owner.
• The approver must confirm the obligation independently (not just from the invoice).
• No changes to banking details for payees without a call-back to a verified number.

This one process can prevent thousands of dollars in losses.

Step 4: Keep Evidence

If it looks suspicious, save:

• The email (including headers if you can)
• The PDF/invoice
• Screenshots of the website it links to (if you visited it)

This helps if you later need to report it or show your bank what happened.

What If You’ve Already Paid Or Shared Details?

If you’ve already paid an invoice or entered details into a link, don’t panic - but do act quickly. Speed matters.

1) Contact Your Bank Immediately

If you made a payment, call your bank as soon as possible and ask whether they can reverse, hold, or trace the transfer. The sooner you act, the more options you may have.

2) Change Passwords And Enable Multi-Factor Authentication (MFA)

If you entered any login details, change passwords straight away - especially for:

• Your email accounts (this is often the gateway to everything else)
• Accounting software
• Company administration portals
• Cloud storage (where customer data or contracts might be stored)

3) Consider Whether This Is A Data Breach (Privacy Act 2020)

If any personal information has been accessed or disclosed (for example, employee details, customer information, or identity documents), you may have privacy obligations under the Privacy Act 2020.

Not every incident is a notifiable privacy breach, but it’s worth taking it seriously and getting advice early, especially if there’s a risk of harm to individuals.

As a general rule, if your business collects personal information, having a fit-for-purpose Privacy Policy and internal privacy processes makes it much easier to respond calmly and correctly when something goes wrong.

4) Report The Scam To The Appropriate Agencies

Where you report will depend on what happened (and what the scam pretended to be). In many cases, it’s appropriate to report scams to New Zealand government reporting channels and, where money is involved, to Police.

Even if you didn’t lose money, reporting helps build patterns and warnings that protect other businesses.

5) Review Your Business Admin Settings And Authority Levels

This is also a good time to check:

• Who has access to your business email and accounting system
• Whether you have dual approvals for payments
• Whether your registered office address and email are current (so you don’t miss real notices)

If your company is no longer operating and you’re worried about ongoing admin and exposure, it may be worth understanding the correct process for deregistering a company rather than leaving it in limbo (which can create confusion and more opportunities for scammers to target you).

How To Protect Your Business Long-Term (Without Turning Admin Into A Full-Time Job)

The goal isn’t to make you paranoid - it’s to build a simple system so scam emails don’t derail your week.

Create A “Renewals And Registrations” Checklist

Have one internal list that sets out:

• What registrations you actually hold (company, domain names, trade marks, licences, industry memberships)
• What really renews annually vs what doesn’t
• Who is responsible for each item
• How reminders are received (and what the legitimate process is)

If you’re still getting your admin in order, it can help to understand the practical steps and costs involved in formal registrations, including the cost to register a business in NZ, so you know what legitimate fees generally look like.

Train Your Team On Invoice Scams

If anyone in your business can approve invoices (even informally), give them a quick “spot the scam” checklist. Most scam losses happen when an invoice is paid quickly by someone trying to be helpful.

Use A Dedicated “Compliance” Email Address

Consider using a specific email for official registrations and compliance messages, and keep access limited. This reduces the risk of someone accidentally responding from a general inbox.

Be Careful With Public Contact Details

You can’t always avoid your business information being public (and often it needs to be), but you can make sure your team understands that “they knew our company name” isn’t proof of legitimacy.

Put Key Legal Foundations In Place Early

Scams often hit when things are messy: the business is growing, responsibilities are unclear, and people aren’t sure what’s “normal”. Getting your legal foundations right helps you run a tighter ship - which makes it harder for scammers to slip through.

Depending on how you operate, that might mean:

• Setting up the right structure from the start (for example, a Company Set Up if you need a company structure).
• Making sure you understand what you do and don’t need to register (including whether a trading name needs to be registered).
• Having privacy settings and documents that match how you actually collect and use information (including a Privacy Policy).

It’s not about over-lawyering your business - it’s about being protected from day one, so you can focus on growth with confidence.

Key Takeaways

• A Companies Office renewal scam usually involves an unexpected “renewal” invoice or notice designed to look official and pressure you into paying quickly.
• Be cautious with any message claiming you must urgently “renew” your NZBN, company registration, or business name, especially if it includes threats, unusual payment methods, or suspicious links.
• Verify payment requests through official channels you access independently, and build an internal approval process so one email can’t trigger a payment.
• If you’ve already paid or shared details, contact your bank immediately, secure your accounts, and consider whether any personal information exposure triggers obligations under the Privacy Act 2020.
• Long-term protection is mostly systems: a renewals checklist, staff training, limited access to compliance inboxes, and clear legal/admin foundations.

If you’d like help getting your business set up with the right legal foundations (or you’re dealing with a scam issue and want tailored advice on next steps), reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.