Phishing, suspicious emails & text messages

Keep an eye out for suspicious emails or text messages, and protect yourself from threats to your computer and mobile phone.

What is phishing?

The most common type of spam email or text message targeting New Zealand banks are phishing or suspicious emails or text messages. It could be an email or a text message with a link that asks you to disclose any of your banking information or to install software which is designed to steal your banking information or remotely control your devices.

How it works

  • The sender will try to steal sensitive information by pretending to be a trustworthy organisation or person. They’ll often use a logo from the organisation they’re pretending to be from.
  • They usually claim that it's necessary to update or verify your customer account information and will urge you to click on a link from the email or text message which takes you to a bogus website that could look legit and may also ask you to install some software.
  • Any information entered on the bogus website will be captured by the criminals and used for fraudulent purposes.

Example: In a typical phishing attack targeting Kiwibank customers, an offender sends an email or text message that looks like it's from Kiwibank. These emails may contain official-looking logos and other information or images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

Report a suspicious activity

If you think your identity or accounts may have been compromised, please contact us immediately.

We'll never ask you to disclose your internet banking password by email, text or by clicking on a link within an email or text message. If you think you’ve been sent an email or text message that doesn’t look like it’s from us, don't respond or click on any links – please forward it to suspicious.email@kiwibank.co.nz.

How you can protect yourself

  • Never reply or click links in any phishing or suspicious emails or text messages. Replying to emails or text messages will confirm to the offenders that they have valid contact details, which is likely to result in a flood of spam emails or texts in the future.
  • Forward suspicious Kiwibank-related phishing emails to suspicious.email@kiwibank.co.nz for investigation, then delete it.
  • Screenshot suspicious Kiwibank-related text messages including the URL the message is guiding you to and email it to suspicious.email@kiwibank.co.nz.
  • If you haven't clicked on the link or submitted your details, you're not at risk. If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email or text message, please change your password and Keepsafe questions and contact us immediately.
  • If you have received a suspicious email you should be able to hover your mouse over the link to see what website it's actually going to. If it's not directing you to the business website of the company that sent you the email, then it's likely that it's a phishing email. This is a good way to check, no matter who has sent you the email, if it's a legitimate email.

How we protect you

Although we can’t prevent phishing emails or text messages being sent, we do everything we can to reduce the effectiveness of these scams.

We work with FraudWatch International to have fake sites shut down as quickly as possible. FraudWatch International are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.