Phishing, suspicious emails & text messages

Keep an eye out for suspicious emails or text messages, and protect yourself from threats to your computer and mobile phone.

What is phishing?

The most common type of spam email or text message targeting New Zealand banks are phishing or suspicious emails or text messages. It could be an email or a text message with a link that asks you to disclose any of your banking information or to install software which is designed to steal your banking information or remotely control your devices.

How it works

  • The sender will try to steal sensitive information by pretending to be a trustworthy organisation or person. They’ll often use a logo from the organisation they’re pretending to be from.
  • They usually claim that it's necessary to update or verify your customer account information and will urge you to click on a link from the email or text message which takes you to a bogus website that could look legit and may also ask you to install some software.
  • Any information entered on the bogus website will be captured by the criminals and used for fraudulent purposes.

Example: In a typical phishing attack targeting Kiwibank customers, an offender sends an email or text message that looks like it's from Kiwibank. These emails may contain official-looking logos and other information or images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

How you can protect yourself

  • Never reply or click links in any phishing or suspicious emails or text messages. Replying to emails or text messages will confirm to the offenders that they have valid contact details, which is likely to result in a flood of spam emails or texts in the future.
  • Forward suspicious Kiwibank-related phishing emails to for investigation, then delete it.
  • Screenshot suspicious Kiwibank-related text messages including the URL the message is guiding you to and email it to
  • To report a general text scam, copy the message and forward it to the Department of Internal Affairs reporting system on 7726 (SPAM).
  • If you haven't clicked on the link or submitted your details, you're not at risk. If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email or text message, please change your password and Keepsafe questions and contact us immediately.
  • If you have received a suspicious email you should be able to hover your mouse over the link to see what website it's actually going to. If it's not directing you to the business website of the company that sent you the email, then it's likely that it's a phishing email. This is a good way to check, no matter who has sent you the email, if it's a legitimate email.
  • The NZ Telecommunications forum website has information on how to notify your phone service provider, so they can look into it and block the number if necessary.

How we protect you

Although we can’t prevent phishing emails or text messages being sent, we do everything we can to reduce the effectiveness of these scams.

We work with FraudWatch International to have fake sites shut down as quickly as possible. FraudWatch International are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.

Helpful resources

What to do if you've been scammed

Anyone can fall for a scam. If you suspect that you've been scammed, get in touch with us as soon as possible.

Get in touch

Call us on 0800 113 355 (or +64 4 473 1133 from overseas) if you think you've been scammed.

Report suspicious activity

If you think you’ve been sent an email that doesn’t look like it’s from us, forward it to