I SHARED DETAILS
TOOL SUPPORT & SAFETY

I shared my details. Protecting your identity

If you gave personal info to a scammer (name, address, bank details, ID photos, passwords, or codes), treat it as urgent. The goal now is to reduce damage, lock down accounts, and prevent identity misuse.

Urgent steps (start here) Scan the message Report a scam

If you shared passwords or codes, act immediately

Change passwords and secure your email first. If a scammer has your email, they can reset other accounts. If money was taken, also follow the “I sent money” steps.

Quick check: what did you share?

Use this to prioritise what to secure first.

Passwords / one-time codes

Email password, banking login, app codes, verification codes, or “2FA” codes.

Highest priority: secure email + reset logins.

Bank / card details

Card number, CVV, online banking info, account number, screenshots of bank pages.

Call your bank to place fraud monitoring / blocks.

Personal info

Full name, DOB, address, phone number, email, workplace details.

Watch for identity misuse and follow-up scams.

Identity documents

Passport / driver licence photo, selfie, proof of address, bank statement images.

High risk: treat as potential identity theft.

Urgent steps (do these now)

Start with Step 1 and work down. This reduces the chance of account takeover.

Step 01

Secure your email first

Change your email password and enable 2-factor authentication (2FA). Email is the “master key” to reset other accounts.

Also check: Forwarding rules, recovery email/phone, and “Sent” folder for unknown messages.
Step 02

Reset passwords for key accounts

Banking, Apple/Google accounts, social media, marketplace accounts, and anything using the same password. Use unique passwords going forward.

If you reuse passwords, assume other accounts are at risk too.
Step 03

Contact your bank if bank/card details were shared

If you shared card/bank info (or entered it on a scam page), call your bank using official numbers. Ask for monitoring, card replacement, and fraud notes on your profile.

Only call numbers from your bank app, card, or official website.

Evidence checklist (quick)

Collect this before it disappears:

  • Messages/emails + the link used
  • Screenshots of any forms you filled out
  • Email addresses, phone numbers, social accounts used by the scammer
  • Any receipts or confirmation pages
  • Date/time and what details you shared
Scan the message If you clicked a link If you sent money

If you shared specific info

Follow the section that matches what happened.

You shared a one-time code (OTP)

  • Assume an account takeover attempt is in progress.
  • Change the password for the account linked to that code (email/bank/app).
  • Sign out of all devices/sessions (most services provide this setting).
  • Enable/replace 2FA (use an authenticator app where possible).
OTP codes are designed to be secret. If it was banking-related, call your bank.

You sent ID photos (licence/passport)

  • Keep copies of exactly what you sent (screenshots/photos).
  • Monitor for new accounts/loans/services opened in your name.
  • Be extra cautious of follow-up scams claiming “identity verification”.
  • Consider placing extra security checks with your bank.
ID misuse often happens weeks later — stay alert.

You shared your bank login

  • Contact your bank immediately (use official numbers).
  • Change online banking password from a trusted device/network.
  • Ask the bank to check for new payees, new devices, or profile changes.
  • Enable alerts for transactions and logins if available.
If money moved, follow the “sent money” page too.

You gave your phone number/address

  • Expect follow-up scam calls/texts (they may sound “more informed”).
  • Be cautious with any “verification” requests or urgent warnings.
  • Do not confirm additional details over the phone.
  • Use official channels only (bank apps, typed URLs, known numbers).
Knowledge-based “trust building” is a common scam technique.

Report it (and protect yourself)

Reporting helps NZ agencies track patterns and warn others.

NEXT STEP

Report the scam and keep records.

Use KiwiScan’s reporting page for the official NZ options and what to include. Keep your screenshots and references in one folder.

Report a scam Browse scam library

Quick answers

Common questions after sharing personal details.

How do I know if my identity has been used?

Watch for unexpected emails/SMS, new account notifications, failed login alerts, or letters about services you didn’t sign up for. If you see anything suspicious, contact the provider using official contact details.

Should I change passwords even if I only shared my name and address?

If you didn’t share logins or codes, you may not need to change everything immediately — but you should be alert for follow-up scams. If you reuse passwords or the scammer got your email access, then yes: change them.

Someone called pretending to be my bank after this happened. What do I do?

Hang up and call your bank back using the number on your card, inside your banking app, or from their official website. Never trust numbers provided by the caller.

Want to confirm what you’re dealing with?

Scan the original message and KiwiScan will guide you.

SCAN NOW