Impersonation scams

Scam callers will try to convince you they're from a legitimate organisation and will ask you for personal or financial details such as banking logins, passwords or authentication codes.

Unfortunately, they can hide where they're calling from using 'caller ID spoofing'. This means the number that appears on your phone isn't the real source of the call. Calls may appear to come from 0800, local, private or overseas numbers. Find out more about caller ID spoofing at idcare.org.

If you receive an unexpected call from Kiwibank, remember that we’ll never ask for your passwords, KeepSafe questions and answers, PIN, one-time PIN or card details over the phone. We’ll always verify your identity in other ways to ensure your personal information and accounts are kept safe.

If you're ever unsure whether a Kiwibank call is legitimate, ask for a name and call us back on 0800 113 355 or +64 4 473 1133 from overseas.

Phishing emails are fraudulent emails that appear to come from reputable individuals or companies, such as banks or government agencies. Scammers use phishing emails to attempt to trick you into providing personal information such as passwords, account numbers, or other sensitive information. The emails often include links or attachments which can take you to fake websites or download malware onto your computer.

Most email platforms – such as Outlook, Gmail or iCloud – have easy functions to mark and report spam emails. For suspicious Kiwibank-related emails, forward the email to us at suspicious.email@kiwibank.co.nz.

Scam texts and message phishing are fraudulent messages that appear to come from reputable companies or individuals. This type of scam is also known as 'smishing' – a combination of 'SMS' and 'phishing'. The messages may include a link which will take you to a webpage or form that asks you to input personal or banking details.

We consistently see scam texts and messages impersonating Kiwibank, NZTA and NZ Post so it's especially important to be cautious if you receive unexpected contact.

If you receive a suspicious text message, forward it to the Department of Internal Affairs on 7726. For suspicious Kiwibank-related messages, screenshot and forward the message to us at suspicious.email@kiwibank.co.nz.

Quishing is a type of scam that involves the use of QR codes to deceive individuals into visiting malicious websites or downloading harmful software. The term "quishing" is derived from "QR code phishing". These QR codes are usually appear to be associated with content or information from a reputable person or company.

Some scammers create fake advertisements that appear within search engines like Google or Bing. There have been incidences of customers clicking on fake Kiwibank Google sponsored ads and being directed to a page that looks like a Kiwibank webpage, but isn't.

Fake webpages can be designed look very convincing, so the best way to stay safe is to check the web address before you click. When searching for Kiwibank's website check:

• the search results point to our official web address (URL) https://www.kiwibank.co.nz or our internet banking site https://www.ib.kiwibank.co.nz/login
• there are no spelling errors or mismatched characters in the web address
• the web address has "https://" at the beginning. This indicates the website is a secure site.

Remote access scams are a type of impersonation scam where the scammer pretends to work for a telecommunications, internet or technology company. The initial contact can be made by phone, text or email, and will result in the scammer requesting remote access to your computer to assist with fixing your computer or software.

Allowing remote access to your computer system means scammers are able access your personal information. If you think this has happened to you, follow the steps in our I've been scammed page as quickly as possible.

Banking and other apps should only be downloaded from official app stores due to the risk of clicking on a fraudulent link. You can find the Kiwibank mobile app on the Apple App Store or Google Play.