PRIVACY & SAFE USE
TOOL SUPPORT & SAFETY

Privacy & safe use

KiwiScan is built to help Kiwis without forcing sign-ups. Use it safely by sharing only what’s needed to identify scam patterns — not personal secrets.

Scan a message What not to paste Safe scanning tips

Never paste secrets

Do not paste passwords, one-time passcodes (OTPs), full card numbers, bank logins, or identity documents. If a message asks for these, that’s already a major red flag.

I shared details I clicked a link

Privacy principles

How KiwiScan is designed to be safer by default.

No account required

You can scan without creating an account. You don’t need to “sign in” to stay safe.

Any message telling you to “log in to view your refund/delivery” is suspicious.

Share the minimum

Paste only what’s needed to judge risk: the text, the sender name/number, and the link (if present). Remove personal identifiers where you can.

You can replace names with “NAME” and addresses with “ADDRESS”.

Safety-first guidance

KiwiScan outputs practical steps like “don’t click”, “verify via official app”, and “call your bank”. The goal is safe decisions, not certainty.

If it feels urgent, slow down — that’s the scam play.

Scams evolve

Scammers constantly change templates. The safest move is always verifying through official channels you type yourself, not links in messages.

Use official apps, bookmarks, or manually typed URLs.

What NOT to paste into KiwiScan

If you see these in a message, treat it as high-risk and stop.

Passwords & login codes

  • Passwords, passphrases, security answers
  • One-time passcodes (OTPs), authentication codes
  • 2FA recovery codes, backup codes
Legit organisations never ask you to send an OTP by text/email.

Card & banking secrets

  • Full card number, expiry, CVV
  • Bank login details, internet banking answers
  • Account PINs or security codes
If you entered these on a website, contact your bank immediately.

Identity documents

  • Passport, driver licence, birth certificate
  • RealMe details, IRD number, full address + DOB combo
  • Photos/scans of documents
If you already shared these, follow the identity-protection steps.

Safe scanning tips

Use KiwiScan effectively without exposing personal data.

Redact before you paste

Replace personal details with placeholders: NAME, ADDRESS, ACCOUNT, EMAIL. The scam pattern usually remains obvious.

Keep the link and the key “ask” (pay/verify/login/install) — that’s what matters.

Copy links — don’t click them

If the message includes a link, copy it directly from the text. Don’t open it “just to check”. Many scam pages track clicks or trigger downloads.

If you already clicked, use the “clicked a link” page.

Screenshots can be useful

If the scam is an image (MMS, social message, or a screenshot), upload it on the tool page. Make sure it shows the sender and the key text.

Do not screenshot banking apps showing balances or account numbers.

Verify via official channels

If a message claims to be from your bank, IRD, NZTA, courier, or telco — verify using the official app/website you type yourself, or the number on your card/bill.

Never use phone numbers provided in the scam message.
ALREADY ENTERED INFORMATION?

Act fast and reduce the damage.

If you entered banking details, passwords, or ID info on a scam site, your next steps matter. Follow the appropriate guide below.

I shared details I paid money

Want to check something safely?

Scan the message without sharing secrets — then follow the recommended steps.

SCAN NOW