Clear answers for how KiwiScan works, what the results mean, and what to do if you clicked, paid, or shared details.
Tip: Try keywords like “OTP”, “refund”, “NZTA”, “bank”, “screenshot”.
What it is, and what it isn’t.
KiwiScan is a New Zealand-focused scam checker. You paste suspicious text, email snippets, or links, and it returns a clear risk level (LOW / MEDIUM / HIGH) plus practical “what to do next” steps.
Yes — KiwiScan is free to use. Online safety should be accessible.
No. Scam detection isn’t perfect. KiwiScan helps you choose the safest next move: don’t click, verify via official channels, and act quickly if you paid or shared details.
No. KiwiScan is an independent safety tool. If you’re in danger, money has been lost, or identity info was shared, contact the appropriate official service immediately.
What LOW / MEDIUM / HIGH usually mean.
Usually looks like a normal notification with no risky indicators (no link traps, no credential request, no payment prompt). Still verify via official channels if anything feels off.
Suspicious pattern or urgency, but missing a “hard indicator” like a risky link or direct payment/login request. Treat as suspicious and verify safely (bank app, typed URL, official number).
High risk usually means at least one hard indicator is present: a link, a payment demand, a credential/OTP request, a download/install prompt, or a contact handle pushing you off-platform.
What to do based on what happened.
Close the page, don’t enter details, and run a device safety check. If you downloaded anything or entered passwords, act immediately: change passwords and contact your bank if banking details were involved.
Use the step-by-step guide here: What to do if you clicked.
Sometimes, especially if you act fast. Contact your bank immediately and tell them it was a scam transaction. Save evidence (screenshots, reference numbers, wallet addresses, chats).
Follow the guide here: What to do if you paid.
Change passwords, enable 2FA, and lock down email first (because email resets everything). If you shared ID docs, take identity protection steps and monitor accounts.
Use the guide here: What to do if you shared details.
Best practices for safe scanning.
Paste the suspicious text, the sender name/number (if present), and the link (if present). Replace personal information with placeholders like NAME, ADDRESS, EMAIL.
See: Privacy & safe use.
Yes — screenshots are useful for scam texts in images. Avoid uploading screenshots that contain banking app screens, account balances, full addresses, or identity documents.
No. Scammers often include fake “support numbers”. If it claims to be your bank, telco, or a government service, verify using an official number from your card, bill, or the organisation’s official website you typed yourself.