Emails purporting to be from Kiwibank and asking customers to upgrade to a new security system are spam, the bank is warning.

A number of people have received the fake emails -- one was even sent to the Herald newsdesk email address -- pretending to inform customers of a new security system to protect against "malicious cyber attack".

The email reads: "Dear Customer, We the Kiwibank security teams work day and night to keep your Kiwi Online account safe and secure from malicious cyber attack.

"We have improved our security system to protect you against such threats.


"We advise you to upgrade to our new system to secure and safeguard your account."

It then provides a link to a "log on" function to start the process.

Kiwibank confirmed the emails were spam, saying fraudsters would go to sophisticated lengths in their attempt to fool customers into parting with their hard-earned cash.

"In the past, you would often find there was broken English or grammatical mistakes [in the emails], but they wised up to that and use quite clever interpreters now," a Kiwibank spokesman said.

Such emails were sent out "all the time", he said, but "fortunately, people are wise to them now".

"It's not nearly like it used to be, because people are much wiser and do know that you will never be sent an email from the bank that requires you to put in your access and pin."

If in doubt, don't hesitate to telephone your bank to make sure, he said.


• Use a secure password, and do not write it down or share it with anyone. Change it every few months.


• Install anti-virus software on your computer, and regularly download updates to keep your computer safe.

• Only log into internet banking from the bank's secure website, or your bookmark bar. Never log into internet banking via a link from an email -- including if the email looks like it's been sent by your bank -- or via a link from another website.

• Never tell anyone else your password -- including in a response to an email request, even if that email appears to have been sent from your bank.

• Avoid logging into internet banking on a shared computer, such as one at the library, internet cafe or shop.

• Similarly, avoid using public networks to access your online account, such as free Wi-Fi services in libraries, cafes or airports.

• Do not leave your computer unattended while logged into internet banking.

• Be suspicious of emails and phone calls that appear to be from your bank asking for account information. Contact your bank on a number your are familiar with and you know is legitimate to confirm the email or phone call is genuine.

• Always log out and clear your computer's cache at the end of each session.

• Monitor your accounts regularly, paying attention to all transactions to make sure there is no suspicious activity.