Common types of phishing
Phishing emails are deceptive messages crafted to steal sensitive information such as passwords, credit card numbers, or banking credentials. These emails often appear to come from legitimate sources, complete with logos and branding from the impersonated organisation.
Typically, the email urges you to click on a link, directing you to a fake website where you might be asked to update or verify personal information, or install software. The stolen details are then used for fraudulent and criminal activities.
Smishing is a type of phishing scam that uses SMS (text messages) or other messaging apps (like WhatsApp) to deceive individuals into providing personal information or clicking on malicious links. The term 'smishing' is a combination of SMS and phishing.
These scam texts will claim to be from a reputable organisation or a loved one and are designed to steal sensitive information like passwords, credit card numbers, banking credentials, or request money. The may include a link which will take you to a fake website where you may be asked to update or verify your personal information.
Common phishing texts claim to be from:
QR quishing, or QR code phishing, is a type of scam where malicious QR codes are used to trick you. When scanned, these codes can lead to fake websites or initiate the download of harmful software. The primary aim is to steal sensitive information like passwords, financial details, or personal data.
QR codes are commonly seen in marketing materials and advertising, on menus at cafes and restaurants, and are increasingly being used in retail and payment services.
Tips to spot & deal with phishing scams
-
1Tahi
Be suspicious of
- Emails or texts from unknown senders or unexpected messages from known contacts.
- Urgent requests, for example an email or text claiming your account will be locked or that you'll incur a penalty for inaction.
- Emails with attachments, especially from unknown sources, as they may contain malware.
- Requests for personal information. Legitimate companies will not ask for sensitive information via email or text.
- Too good to be true offers.
-
2Rua
Do your checks
- For emails, check the sender's email address. Phishing emails often come from addresses that look similar to legitimate ones but may have slight misspellings or extra characters.
- For texts or messages, check if the contact number is known to you. If the message claims to be from a known organisation, check the contact number against the company's official website.
- Use a search engine like Google to research the information in the message. By copy and pasting the text you may find similar queries verifying if the message is real or not. Be sure not to include personally identifying information in the search.
- Hover your mouse over links in emails to see the actual URL it will take you to. If it looks suspicious or doesn't match the official website, don't click on it.
- Look for generic greetings like "Dear Customer" instead of your name.
-
3Toru
Act with confidence
- If an email claims to be from a company you do business with, verify whether it is legitimate by going to their official website (not through the email) and contacting them directly.
- Keep computer and mobile devices security software up-to-date.
- Don't open attachments from unknown or unexpected sources.
- Report suspicious messages, then delete them.
- Forward suspicious Kiwibank-related phishing emails to suspicious.email@kiwibank.co.nz
- Screenshot suspicious Kiwibank-related text messages including the URL the message is guiding you to and email it to suspicious.email@kiwibank.co.nz.
- Report a general text scam by copying the message and forwarding it to the Department of Internal Affairs reporting system on 7726 (SPAM).
- Visit the NZ Telecommunications forum website to learn more about how to notify your phone service provider, so they can look into it and block the number if necessary.
- If you think you've been scammed act quickly. See our I've been scammed page for what to do.
Proactive protection
We work with Netcraft to have fake sites shut down as quickly as possible. Learn more about the many ways we protect you.
Helpful resources
What to do if you've been scammed
Anyone can fall for a scam. If you suspect that you've been scammed, get in touch with us as soon as possible.
Take action
If you've been scammed, move quickly. See what steps to take to help reduce the impact.
I've been scammed24/7 support
Fraud and scam support is available around the clock. Call 0800 113 355 or +64 4 473 1133 from overseas.
0800 113 355Protect yourself
Simple actions can significantly improve your online and financial security.
What you can do