Back to Security

Recognising phishing emails

Your security is important to us which is why we want you to be aware of online scams and hoax emails, commonly known as phishing, and how you can identify them. 

Take our quiz to see how well you can identify phishing emails.

If you think you’ve responded to a suspicious email, call us immediately on 0800 275 269 or from overseas call +64 4  494 9098 (international call charges may apply).  

What is a phishing email and how to spot one

Phishing is when criminals pretend to be a person or company, to get you to provide them with your personal information such as your BNZ Internet Banking username, password, account number, or credit card details, through an email.

Here's an example:


  1. Check the email address - in this case it’s not from a address and therefore not from us.
  2. Poor grammar and punctuation is a clear indicator of a spam email.
  3. The link text does not tell you where it’s linking to. You can either hover your mouse over it, or right click, then copy and paste the link into a text editor to inspect the actual link destination.

Phishing emails will direct you via a link, to enter your details at a fake website that looks almost identical to the real one. Non-BNZ websites or login pages can be detected by checking the link address (URL) in the browser address bar.

Often the website you’re being directed to, is also infected with malware and/or viruses, which may capture your personal information without your knowledge.

Signs to look out for:

Phishing scams can be very sophisticated, and criminals go to great lengths to make their emails and fake login pages look genuine. There are no hard and fast rules to identify a phish but you should be wary, and keep these indicators in mind when reading emails:

  • Emails that do not address you by name, or do not include information within the email to prove that the sender knows you.
  • Urgency or appeals for emergency help, which are designed to make you act quickly.
  • Requests that ask you to make a financial transaction.
  • Emails that ask you to update personal and financial information.
  • Links or attachments from senders you don’t know, or aren’t expecting.
  • Even if you know the sender, if the email is asking you to make a financial transaction that isn’t normal, you should always check with them by phone, even if the email states they cannot be reached by phone.

In the example below, it appears to be from a address, however we will never send you a link in an email to log in to Internet Banking:


  1. Sometimes spammers can spoof email addresses, so it looks like it’s coming from a email address.
  2. Always be suspicious of links to websites where you are asked to log in, or provide personal information.

Report suspicious emails to us

If you have received an email that looks like it’s from us but you are unsure, and you have not responded to it, please email us to let us know.

If you have concerns about your accounts or would like to report suspicious activity or emails that relate to your online banking or suspect you have responded to a phishing email, call us immediately on  0800 275 269 or +64 4 494 9098 from overseas (international toll charges apply).