Impersonation scams

Some common impersonation scams

Phone calls

Scam callers will try to convince you they are from a legitimate organisations and will ask you for personal or financial details such as banking logins, passwords or authentication codes.

Unfortunately, they can hide where they're calling from using 'caller ID spoofing'. This means the number that appears on your phone isn't the real source of the call. Calls may appear to come from 0800, local or overseas numbers. Find out more about caller ID spoofing at idcare.org.

If you receive an unexpected call from Kiwibank, remember that we’ll never ask for your passwords, KeepSafe questions and answers, PIN, one-time PIN or card details over the phone. We’ll always verify your identity in other ways to ensure your personal information and accounts are kept safe.

If you're ever unsure whether a Kiwibank call is legitimate, ask for a name or reference number and call us back on 0800 113 355 (or +64 4 473 1133 from overseas).

Internet banking login

These fraudulent sites can appear to have the same look and feel as our official internet banking website.

The most secure way to log into internet banking is via our website, https://www.kiwibank.co.nz. Our site contains verified internet banking links, but you can easily find the internet banking login button at the top right-side in our navigation menu.

Downloading the mobile app

It's best to avoid downloading our mobile app outside of an official app store due to the risk of clicking on a fraudulent link. You can download our mobile app through the official App Store or Google Play.

Google ad scams

We've seen an increase in customers clicking on fake Kiwibank Google sponsored ads and being directed to a page that looks like a Kiwibank webpage, but isn't. These sorts of ads have been appearing when 'Kiwibank login' or 'Kiwibank app' are searched in Google.

The fake webpages look very convincing, so make sure you check the following before clicking through:

• the ad links to our official website https://www.kiwibank.co.nz or our internet banking site https://www.ib.kiwibank.co.nz/login
• the URL doesn't contain spelling errors or mismatched characters
• the URL has "https://" at the beginning.

Remote computer access

Remote access scams are a type of impersonation scam, where the scammer pretends to work for a telecommunications, internet or technology company. The initial contact can be made by phone, text or email, and will result in the scammer requesting remote access to your computer to assist with fixing your computer or software.

Allowing remote access to your computer system means scammers are able access your personal information.

If you've shared personal information

• Change your passwords.
• Read the Identity Theft Checklist for a helpful guide on what could happen with your personal information if you've shared it with a scammer.
• Contact iDCare if you've been exposed to identity theft, and would like additional free help and support.

If you've given someone remote access to your computer

• Disconnect your device from the internet, then switch off your router at the wall. This will stop the scammers from having remote access to your device. If you're not sure how to do this call a friend or family member to help.
• Stay logged out. If you’re worried that something may have been loaded onto your device, don't log back on until you have had your hard drive re-formatted and your operating system re-installed. You may need a computer specialist to assist with this – remember to backup any essential files beforehand.
• Change all your passwords using a different device, so scammers can’t use your accounts. This includes passwords for banking, social networking, email and trading accounts like TradeMe or TAB. Learn how to choose a strong password.
• Run a full security scan. If the scammers had access to your device, they may have installed malware on it. Malware is a piece of software that, once installed, can damage, harm or provide unauthorised access to a computer system. IT specialists can provide assistance with detecting and removing malware, or you can start with free online virus-scanners to look for threats on your computers.
  • If you have a PC try ESET online scanner or Kaspersky Virus Removal Tool. Once you've run one of those scans, run Malwarebytes Anti-Malware free edition.
  • If you have a Mac, use Bitdefender Antivirus for Mac or ESET Cyber Security for Mac or AVG Antivirus for Mac.
• Contact your bank. If you use online banking, let them know you’ve been targeted. Keep an eye on your accounts and check statements for rogue purchases.