• How we protect you
• How you can protect yourself
• Common banking fraud and scams
  • Online fraud and scams
  • Card fraud and scams
  • Identity theft
  • Other fraud and scams
• Security FAQs
• Email communications

Online fraud and scams

• Types of online fraud

  Phishing

  Phishing is a type of spam email where the sender tries to steal sensitive information by pretending to be a trustworthy organisation.

  In a typical phishing attack targeting Kiwibank, an offender sends an email that looks like it's from Kiwibank. These emails will often contain official-looking logos and other information and images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

  Anyone with an internet connection and limited skills can launch an attack like this, targeting any organisation anywhere in the world.

  Spammers gather email addresses from a variety of sources like web pages, news pages, social networking sites, and guess work. These email address lists are then traded over the internet.

  Here's an example of a hoax email:

  

  If you've received a phishing email, your email address was not sourced from Kiwibank.

  We recommend you never reply to any spam or phishing emails. Replying to these emails will confirm to the offenders that they have a valid email address; this is likely to result in a flood of spam emails in future.

  Although we can’t prevent these phishing emails being sent, we do everything we can to reduce the effectiveness of these scams. We work with a company called PhishLabs to have the fake sites shut down as quickly as possible. PhishLabs are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.

  More information on PhishLabs

  

  Please make sure you forward any Kiwibank related phishing emails you receive to us for investigation.

  Important:

  • If you haven't clicked on the link or submitted your details you're not at risk. Just delete the email.
  • If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email, please change your password and contact us immediately.
  • Learn more about how to protect yourself from Internet banking fraud.

  Spyware

  Spyware is programming that is put in a computer secretly, to gather information about the user, which is then passed onto advertisers or other interested parties.

  Trojan

  A Trojan enters your computer undetected, giving whoever planted the Trojan unrestricted access to the data stored on your computer. Trojans can transmit credit card information and other confidential data even if you're not accessing that data at the time. Trojans can be sent either as an email, spam mail, attachment, or embedded in a web page.

  Viruses

  A computer virus is passed from computer to computer like a biological virus passes from person to person. Viruses are commonly transferred by email. Most computer fraud programmes are passed on by a virus.

  Worms

  A worm is a computer programme that has the ability to copy itself from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand incredibly quickly.

• Online job scams

  This is when a 'job' is listed on an employment website or emailed to you, saying all you need to do is to have a bank account to accept money transfers, then forward the money on to a company based overseas. You'll get commission for doing this, which will be a percentage of the total amount transferred to your account.

  The money is almost always from another New Zealand bank account, being transferred without the account holder's knowledge or permission. It's likely the account holder has been the victim of a phishing scam or had some type of malicious spyware installed on their computer.

  The consequence of receiving and transferring this money, which is effectively stolen, is that you may be held liable for the funds, and investigated by the police.

  How to protect yourself

  • You should always be suspicious of any employment opportunities that require the use of your bank account. In our experience they're always scams, and if it all goes sour, you're liable.
  • If you find yourself involved in something that fits this description, call your bank's fraud team immediately. If you've received the money into your account, do NOT transfer the money as it will be dishonoured and the money removed from your account.

• Online trading

  Selling your unwanted items online is convenient, but it can open you up to risk.

  A common online trading scam involves criminals based overseas using fake traveller's cheques, bank drafts or foreign cheques to pay for an item. The cheque or draft may be made out for much more than the agreed price. They'll ask you to send the excess amount back to them.

  It can take a long time for banks to confirm whether or not a cheque or draft is counterfeit - especially when it's come from overseas (the USA allows up to seven years to dishonour a cheque deposited into a New Zealand bank account).

  So your bank will usually allow you access to the funds before they know if the item is counterfeit. If the item is dishonoured and you've returned the excess funds to the sender, you'll be held liable for the entire amount.

  How to protect yourself

  • Read the recommended safety precautions on the sites you intend to use. Sites like Trademe and Ebay have good advice on how to trade safely using their sites
  • Read the terms and conditions of the site you're intending to use
  • Be very cautious when selling your goods to people from overseas, especially if they're paying by traveller's cheque, bank draft or foreign cheque
  • Do an internet search on the name of the person who's sent you the cheque - it's common for someone who has been duped to let others know of the scam
  • Visit the SCAMwatch website and check that the circumstances around your receiving a cheque aren't related to a known scam
  • If you bank a cheque or draft and you think it may be fraud, don't access the funds, and alert your bank's fraud team
  • If you have any concerns, contact your bank's fraud team.

• Internet dating scams

  Online dating scams are becoming more common. Offenders may approach you in a number of ways - chat rooms, social networking sites, unsolicited emails or dating websites.

  They'll build up a relationship of trust with you, then eventually ask for some type of financial help. Usually, they'll ask you to send money to pay for airfares for them to visit you, or they'll send you a fraudulent international cheque, and ask you to cash it and send it back to them. If you do this and the cheque dishonours, you'll be liable to pay for it.

  How to protect yourself

  • Use extreme caution when asked to send money to someone you've met over the internet
  • Look for discrepancies with the information they're telling you
  • Be wary if they only give you a post office address and a phone number which they never answer and doesn't have voicemail.

You may also be interested in:

• Protect yourself from online fraud