BANK SCAMS
KIWISCAN • NZ SCAM CHECKER

Bank scams in New Zealand: what they look like, and what to do.

Fake “unusual activity” alerts, login verification links, and urgent payment requests are designed to rush you. KiwiScan helps you spot the red flags fast — without clicking anything.

Check a message now See bank scam red flags What to do next

Common bank scam examples

These are the most common patterns KiwiScan sees in NZ.

“Unusual login — verify now”

Often includes a link to a fake login page, or asks for a code (OTP) to “secure your account”.

Banks do not need your OTP to “secure” your account.

“Fraud team calling — confirm transfer”

Caller claims to be your bank and pressures you to “move money to a safe account” (which is theirs).

Hang up and call your bank using the number on your card.

“Payment required / direct credit”

Message claims you must pay a fee immediately or your account will be locked. Sometimes includes a “bill”.

Threats + urgency are a common scam pressure tactic.

Bank scam red flags

If you see any of these, treat it as suspicious until verified.

Risky links

  • Short links (bit.ly, tinyurl) or weird domains
  • “verify / login / secure / update” in the link path
  • Domain doesn’t match the bank name
  • “Tap here” link in an SMS is the most common trap

Urgency & pressure

  • “Immediate action required” / “Account locked in 30 minutes”
  • Threats (fees, closure, police, debt recovery)
  • Pushes you to rush and not think
  • Tries to keep you on the phone while you transfer money

Credential / code requests

  • Asks for a login, password, or card details
  • Asks for a one-time passcode (OTP) sent to your phone
  • Asks you to install an app for “security”
  • “Confirm your identity” with a link

Remote access traps

  • Requests AnyDesk / TeamViewer / “remote help”
  • Claims they need access to “reverse” a transfer
  • Asks you to log in while they “watch”
  • Anything that gives them control is high risk

What to do next

Pick the situation that matches you — then follow the steps.

Step 01

Don’t click. Don’t reply.

If it came via SMS or email, treat it as untrusted. Do not use any links, phone numbers, or attachments.

If it claims “bank”, open your bank app directly instead.
Step 02

Check via official channels

Open your bank app, or type the bank website yourself. If you need to call, use the number on the back of your card (not the message).

This avoids fake “support” lines and phishing pages.
Step 03

If you clicked or paid

Contact your bank immediately. Ask them to freeze cards/accounts and stop transfers. Change your password from a trusted device.

The earlier you act, the higher the chance of stopping it.
FAST SAFETY SHORTCUTS

Need the “what do I do now” steps?

If you clicked a link, paid money, or shared details — use these pages for immediate actions.

I clicked a link I paid money I shared details

Bank scams FAQ

Quick answers to common questions.

Is a bank SMS ever real?

Some banks send legitimate notifications, but scammers copy the exact format. The safe rule: don’t use links or numbers in the message. Open your bank app directly and check there.

What does KiwiScan treat as HIGH risk?

Usually a hard indicator: a link/shortlink, a phone/WhatsApp handle, a payment request, a login/OTP request, or any install/remote-access instruction. Those are the strongest “act now” signals.

What if the message looks official and includes my name?

Scammers can personalise messages using leaked data. Personalisation does not prove legitimacy. Verify using your bank app or official website typed manually.

Got a suspicious “bank alert” message?

Don’t guess. Paste it into KiwiScan and get clear next steps.

SCAN NOW