Phishing and suspicious emails

Keep an eye out for suspicious emails, and protect yourself from threats to your computer and mobile phone.

What is phishing?

The most common type of spam email targeting New Zealand banks is a phishing or suspicious email. It's an email, or a link within an email, that asks you to disclose any of your banking information.

How it works

  • The sender will try to steal sensitive information by pretending to be a trustworthy organisation or person. They’ll often use a logo from the organisation they’re pretending to be from.
  • They usually claim that it's necessary to update or verify your customer account information and will urge you to click on a link from the email which takes you to a bogus website.
  • Any information entered on the bogus website will be captured by the criminals and used for fraudulent purposes.

Example: In a typical phishing attack targeting Kiwibank customers, an offender sends an email that looks like it's from Kiwibank. These emails may contain official-looking logos and other information or images you'd associate with Kiwibank. They'll also contain links to replicas of the Kiwibank Internet Banking login page, where the offenders hope to trick Kiwibank customers into disclosing their internet banking details.

Report a suspicious activity

If you think your identity or accounts may have been compromised, please contact us immediately.

We'll never ask you to disclose your internet banking login details by email or by clicking on a link within an email. If you think you’ve been sent an email that doesn’t look like it’s from us, don't respond or click on any links – please forward it to

How you can protect yourself

  • Never reply or click links in any phishing or suspicious emails. Replying to these emails will confirm to the offenders that they have a valid email address, which is likely to result in a flood of spam emails in the future.
  • Forward any suspicious emails or Kiwibank-related phishing emails you receive to for investigation, then delete it.
  • If you haven't clicked on the link or submitted your details, you're not at risk. If you're a Kiwibank customer and have clicked on a link and submitted your internet banking login details from an email, please change your password and Keepsafe questions and contact us immediately.
  • You should be able to hover your mouse over the link to see what website it's actually going to. If it's not directing you to the business website of the company that sent you the email, then it's likely that it's a phishing email. This is a good way to check, no matter who has sent you the email, if it's a legitimate email.

How we protect you

Although we can’t prevent phishing emails being sent, we do everything we can to reduce the effectiveness of these scams.

We work with FraudWatch International to have fake sites shut down as quickly as possible. FraudWatch International are world leaders in online fraud prevention and protect millions of consumers around the world from phishing, malware, and other types of online attacks.