Phishing

Phishing is a type of spam email where the sender tries to steal sensitive information by pretending to be a trustworthy organisation or person.

In a typical phishing attack targeting Kiwibank customers, an offender sends an email that looks like it's from Kiwibank. These emails may contain official-looking logos and other information and images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

Spammers gather email addresses from a variety of sources like web pages, news pages, social networking sites, and guess work. These email address lists are then traded over the internet.

We recommend you never reply to any spam or phishing emails. Replying to these emails will confirm to the offenders that they have a valid email address; this is likely to result in a flood of spam emails in future.

How we protect you

Although we can’t prevent phishing emails being sent, we do everything we can to reduce the effectiveness of these scams. We work with a company called FraudWatch International to have the fake sites shut down as quickly as possible. FraudWatch International are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.

More information on FraudWatch International.

How you can protect yourself

  • Please forward any Kiwibank related phishing emails you receive to suspicious.email@kiwibank.co.nz for investigation. Then delete the email.
  • If you haven't clicked on the link or submitted your details you're not at risk. If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email, please change your password and Keepsafe questions and contact us immediately.

Threats to your computer

  • Spyware is programming that is put in a computer secretly, to gather information about the user, which is then passed onto advertisers or other interested parties
  • Trojans can be sent to your computer either as an email, spam mail, attachment, or embedded in a web page. A Trojan enters your computer undetected, giving the fraudster unrestricted access to the data stored on your computer. Trojans can transmit credit card information and other confidential data even if you're not accessing that data at the time.
  • Viruses are passed from computer to computer like a biological virus passes from person to person. Viruses are commonly transferred by email. Most computer fraud programmes are passed on by a virus.
  • Worms are computer programmes that have the ability to copy themselves from machine to machine. Worms normally move around and infect other machines through computer networks. Using a network, a worm can expand incredibly quickly.

How we protect you

  • Extended Validation Secure Socket Layer (SSL) Certificate - We use digital certificates that verify that you're connected to our official internet banking website. These certificates also confirm that all communication between you and Kiwibank is encrypted and therefore secure.
  • Internet banking monitoring - Our internet banking security team monitors internet banking transactions. They analyse the activity looking for unusual transactions. You may receive a call from a member of our monitoring team to verify a payment made using internet banking. We will NEVER ask for your internet banking login details.
  • Password lockout - If your internet banking password is entered incorrectly three times, access to internet banking will be blocked. This prevents anyone from making multiple attempts to guess your password. You can reset your Kiwibank internet banking password by calling us on 0800 11 33 55, or by visiting your local Kiwibank. Internet banking - Having problems logging in?
  • Browser cache - The pages you visit while logged in to internet banking are not cached. This means that other people can't use your computer to view your bank account details by selecting the browser back button.

How you can protect yourself

  • Don’t use 3rd party services to access internet banking - The use of 3rd party services invalidates our internet banking guarantee, not just for the affected transaction, but for all subsequent internet banking use too. If you have used 3rd party services to access internet banking, change your password immediately and update your Keepsafe questions.
  • Double check the website address - Double check that you're on the official Kiwibank website before logging in - www.kiwibank.co.nz
  • Use caution when using public or shared computers - Computers at public places like internet cafés and libraries may not be as safe as your personal computer. Wait and do your online banking on a computer you know has the necessary protection.
  • Install anti-virus software, and keep it up to date - Scan your computer with up-to-date anti-virus software at least every 30 days. You must also scan downloaded files and attachments before opening them. New viruses are appearing all the time, so you should regularly download updates to your anti-virus software from your software supplier or set your computer to automatically update it.
  • For more information on anti-virus software, go to the Symantec and Norton AntiVirus website or the McAfee VirusScan website.
  • Install anti-spyware software - Scan your computer with up-to-date anti-spyware software at least every 30 days. Again, new spyware appears all the time, which means you should regularly download updates to your anti-spyware software from your software supplier or set your computer to automatically update it.
  • For more information on anti-spyware software, go to the adaware website.
  • Install a firewall - Make sure you have up-to-date firewall installed and set it to work on incoming and outgoing traffic. A firewall controls your connection to the internet by filtering the information that's passed to and from your computer. You should regularly download updates to your firewall software from your software supplier or set your computer to automatically update it.
  • For more information on firewall software, see the Symantec and Norton Personal Firewall, the McAfee Personal Firewall or the ZoneAlarm Firewall.
  • Operating system security updates - Software suppliers often issue updates to fix problems found in operating systems and browsers. It's a good idea to regularly check for updates to your operating system and browser.

Protecting your mobile phone

Threats to the data on your mobile phone usually come from malicious apps that you, or someone else who has access to your phone, downloads. These malicious apps may gather user data - what sites you access, what you buy, etc. and can silently send or receive premium rate txt messages or calls.


How you can protect yourself

It’s important to remember that most apps are not malicious, but you can still follow a few simple tips to ensure your mobile phone remains safe and secure.

  • Have a PIN on your phone, and don’t share it with anyone
  • Don’t use the same PIN for everything, eg your EFTPOS card, your mobile phone, your internet banking login
  • Always check the history of your downloads – especially if you’ve allowed someone else, like your kids, to use your phone
  • Before you download an app, especially a free app, check the ratings and reviews.

You may also be interested in