Skip to content
KiwiScan™
Home KiwiScan How it Works
Scam Library
Bank Scams IRD & Government Scams Courier & Delivery Scams Marketplace & TradeMe Scams Phone Call & Voicemail Scams Investment & Crypto Scams Job & Recruitment Scams Romance & Social Media Scams Subscription & Free Trial Scams Password Reset & Account Alerts Utility & Telco Scams What To Do Next → View All Categories →
Safety Center
Privacy & Safe Use Disclaimer Report a Scam What To Do If You Clicked What To Do If You Paid What To Do If You Shared Details
About Contact FAQ
Legal
Privacy Policy Terms
Check a Scam
Home KiwiScan How it Works
Scam Library
Bank Scams IRD & Government Scams Courier & Delivery Scams Marketplace & TradeMe Scams Phone Call & Voicemail Scams Investment & Crypto Scams Job & Recruitment Scams Romance & Social Media Scams Subscription & Free Trial Scams Password Reset & Account Alerts Utility & Telco Scams What To Do Next
Safety Center
Privacy & Safe Use Disclaimer Report a Scam What To Do If You Clicked What To Do If You Paid What To Do If You Shared Details
About Contact FAQ
Legal
Privacy Policy Terms
ACCOUNT ALERTS
KIWISCAN • NZ SCAM CHECKER

Account alerts: verify before you panic.

Account-alert scams try to trigger a fast reaction:
• “Password reset requested” when you didn’t request it
• “Suspicious login” or “Account locked” warnings
• “Verify your identity” links that steal logins and OTP codes

Check a message now See red flags What to do next

Common account alert scam patterns

Some alerts are real. Scams copy the look and push you into a bad click.

Fake reset email/SMS

“Reset your password now” with a link. The link goes to a fake login page designed to steal your password.

Never reset via links in messages. Open the app/site yourself.

“Suspicious login” warning

They claim someone logged in and you must “verify” urgently. Often includes a shortlink or strange domain.

Check security activity only inside the real account settings.

OTP / code harvesting

They ask for a verification code (“I sent you a code by mistake” or “confirm this login”). That code can give them access.

Never share one-time codes with anyone.

How to verify a real account alert

Same rule every time: don’t use the message link.

Open the service directly

  • Use your saved bookmark or type the address yourself
  • Or open the official app (bank, email, social media, etc.)
  • Check “Security / Devices / Login activity” inside settings
  • If unsure, change password from inside the real account page

Treat codes as keys

  • OTP codes can approve a login or password reset
  • Never read codes to anyone over phone/chat
  • Don’t copy/paste codes into random sites
  • If you entered a code, change password immediately

Account alert scam red flags

These are strong scam signals.

Links + shortlinks

  • Any link asking you to “verify”, “unlock”, or “reset”
  • Shortened URLs or domains that don’t match the service
  • Login page opens immediately after clicking
  • Requests for password, card details, or OTP codes

Urgency and fear

  • “Immediate action required”
  • “Account will be closed” threats
  • “Final warning” language
  • Pressure to act before you can think

Sender looks “close”

  • Misspellings or odd sender domains
  • Random numbers pretending to be a brand
  • Weird formatting, broken logos, unusual wording
  • “Reply with YES” or “send your code” instructions

Requests for access

  • They ask to remote in or screen share
  • They ask you to install an “authenticator” or “security” app
  • They ask for recovery codes or backup codes
  • They ask for identity documents via chat links

What to do next

These steps help you secure your account quickly.

Step 01

Verify the safe way

Ignore the link. Open the real app/site yourself and check security activity. If anything looks wrong, change password from inside the account.

This avoids phishing completely.
Step 02

Reset + enable 2FA

Use a unique password and enable 2FA. Review recovery email/phone settings and remove anything you don’t recognise.

Recovery settings are often targeted after phishing.
Step 03

If you entered details

Change passwords immediately, sign out of all devices, and contact support if needed. If banking was involved, contact your bank straight away.

Fast action can prevent account takeover.
FAST SAFETY SHORTCUTS

Need immediate steps?

If you clicked a link, paid money, or shared details — these pages walk you through what to do next.

I clicked a link I paid money I shared details

Account alerts FAQ

Quick answers to common questions.

What if the password reset email is real?

Still don’t click the email link. Open the official app/site and change your password from inside settings. Then review recent logins/devices.

What does KiwiScan treat as HIGH risk for account alerts?

Any hard indicator: a link/shortlink, a phone/WhatsApp handle, a payment request, a login/OTP request, install/download/remote-access prompts, or crypto wallet/transfer instructions.

What if someone asks me for my code “by mistake”?

It’s a common takeover trick. Don’t share it. If you did share a code, change your password immediately and sign out of all devices.

Got a “security alert” message?

Paste it into KiwiScan and verify the link before you log in.

SCAN NOW
KiwiScan™
NZ scam checker • Privacy-first Check a Scam
Home KiwiScan Tool How it Works Scam Categories (Hub) About Contact FAQ
Bank Scams IRD & Government Scams Courier & Delivery Scams Marketplace & Trade Me Scams Phone Call & Voicemail Scams Investment & Crypto Scams Job & Recruitment Scams Romance & Social Media Scams Subscription & Free Trial Scams Password Reset & Account Alerts Utility & Telco Scams General Safety & What To Do Next View All Categories
Privacy & Safe Use Disclaimer Report a Scam What To Do If You Clicked What To Do If You Paid What To Do If You Shared Details
Privacy reminder: Don’t paste passwords, OTPs, or bank card numbers.
Privacy Policy Terms
KiwiScan provides scam-awareness guidance for New Zealand. Always verify via official channels before paying or sharing information.
© KiwiScan™
Privacy & Safe Use Privacy Policy Terms
Run a scan