Hītinihanga

Email scams

Sending bulk messages is one of the most common ways for scammers to target you, so you need to be careful with emails that arrive in your inbox, even if they look legit.

3 min read

What it is

The most common type of email scam is a ‘phishing’ scam.  A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.

In a phishing scam, the sender pretends to be someone trustworthy. This could be an organisation you trust– like a bank or government agency – or a person you know, like a colleague or supplier. 

A phishing email will ask you to click a link and enter personal information, open an attachment in the email, or buy a gift card or voucher.

Phishing is the email version of ‘smishing’ or text message scams.

Text message scams

What is phishing?

View transcript

[Visual] The video begins with an intro graphic displaying the video title ‘Protect yourself online phishing’ which is laid over branded colours (lilac, teal, deep purple) and design (circles). The animation moves into the opening transition with a package starting central on the screen.

[Audio] A backing track with an upbeat but calming tune begins and continues for the duration of the video.

[Audio narrator] There’s a package waiting for you. You have a tax refund due. Your car registration has expired. 

[Visual] The frame continues to have imagery pop, a car registration motif on the left, and envelope to the right – the package still central on screen.

[Audio narrator] Any of these sound familiar?

[Visual] The frame transitions with a phone sliding down central on screen, with speech bubbles popping up imitating text messages you may receive, the phone slides to the right of the frame with a laptop sliding in from the left – another speech bubble accompanies to indicate an email.

[Audio narrator] They probably do… since these messages are commonly used as phishing themes.

[Visual] New title graphic displays up on screen: What is phishing?

[Audio narrator] Phishing is a type of scam, where scammers send emails or messages to you, pretending to be from someone you trust – 

[Visual] Two people icons are on either side of the screen with an envelope moving from one person to another. The envelope stops in the middle and the contents inside pop out – with IRD showing as the sender.

[Audio narrator] …maybe a government agency, your bank, the courier, or even your boss. 

[Visual] The screen moves in to focus on the envelope and two more either side popup indicating one from the bank and the other from the courier. Each envelope then pops like a bubble and vanishes.

[Visual] A new envelope slides in from the left up next to a person icon. A big question mark in a speech bubble pops up and the letter inside pops out.

[Audio narrator] The idea is to trick you into believing the message is real, and to get you to click on a link or open an attachment– 

[Visual] new transition with circles burst in, a laptop central in frame, with a padlock on its screen. A password types across the screen.

[Visual] The padlock opens and a big yellow warning signal with an explanation mark appears over the laptop. Credit cards and licence card pulls down and sits at the left of the laptop. 

[Audio narrator] flows in with all with the aim of getting access to your personal details, like your bank login details, credit card information, or driver’s licence details.

[Visual] Circles appear quick changing the frame and moving to the next transition. A green background with lines of laptops and mobile phones appear layered across the screen. Each laptop and phone has an envelope on each of their screen. The frame begins to zoom out slowly, everything getting smaller and uncovering more laptops and phones. As the frame zooms out, yellow warning circles with ‘!’ start to pop onto random laptops and phones.

[Audio narrator] Scammers send thousands of these phishing messages a day, hoping to hook someone. And anyone can fall for one. It only takes a moment of distraction and in that moment it’s simple to fall for it. 

[Visual] A large hook comes down from the top of the frame and hooks one of the laptops with a warning bubble attached, it scoops it up and pulls it up quickly from its line.

[Visual] New title graphic displays up on screen: How to spot phishing?

[Audio narrator] Phishing is one of the most common scams targeting both individuals and businesses, and it shouldn’t be underestimated.

[Visual] People icons appear, one suggesting an individual on the left of the frame, and a group of three on the right – representing a business. A large hook slowly dangles down ominously; the individual icon slides off to the left of the frame and the business group disperses off to the right. The hook is left swinging.

[Audio narrator] Here are some ways you can spot a phishing email. First, look for any red flags:

[Visual] Circles appear quick changing the frame and moving to the next transition. A sole red flag appears in the frame centrally and waving. It pops away and bullet points appear: ‘what is the message about’

[Audio narrator] What is the message about? Does it relate to something that is specifically going on in your life right now? 

[Visual] A new bullet point appears ‘Is the message asking you to do something urgently?’

[Audio narrator] Is the message asking you to do something urgently?

[Audio narrator ] Next, start looking deeper.

[Visual] Circles appear quick changing the frame and moving to the next transition. An envelope flies in across the frame from the left and opens to indicate an email message from Inland Revenue. An imitation letter drops down from the top of the frame to take up the rest of the screen.

[Audio narrator] Check who has sent you the email.

[Visual] A yellow mark highlights the ‘From line’ which reads ‘From: Inland Revenue’

[Audio narrator] Here, it looks like this email has come from Inland Revenue. But if you click on the email address, the full email address will appear.

[Visual] The screen transitions to pull out the ‘from’ line. It reads: ‘From: Inland Revenue ,no-reply@krf.biglobe.example.com>’ It slowly zooms into the detail after the @sign.

[Audio narrator] Take a look at the details after the @ sign, this can tell you a lot. This should always match the company’s website address, you can usually find this on the ‘contact us’ page to check. So, after the @ sign here, we have

[Visual]  A yellow mark highlights the @krf.biglobe.example.com

[Audio narrator] If this was an email from Inland Revenue what follows the @ would include: ird.govt.nz

[Visual]  The frame changes to show an example which reads Jane.Doe@ird.govt.nz and a teal mark highlights @ird.govt.nz. The frame transitions back to the full email central on screen.

[Audio narrator] Next, look at what the email is asking you to do. Is there a link or an attachment included?

[Visual] A yellow mark highlights a line in second paraghraph of the email which reads: ‘Click the link’ and zooms in close to this part.

[Audio narrator] Ah-ha. Scammers are trying to force you to act – by either getting you to click a link (so you can submit your personal information), or open an attachment (that can then infect your computer).

[Visual]  The frame transitions back to the full email central on screen.

[Visual]  Mouse comes in and moves over towards the link that’s within the original email. The link is highlighted yellow and reads Refund-ird-govt.nz.com.

[Audio narrator] When you’re being asked to click on a link, before doing anything, hover over the link and the full website address will appear.

[Visual]  A longer link in a new bubble appears with many characters. It has words and characters that are not at all linked to IRD

[Audio narrator] Again, if it’s coming from a legitimate business,  the website address will match the company’s address. We can see clearly here that it doesn’t.

[Visual] Circles appear quick changing the frame and moving to the next transition. A mobile phone in central in frame. A yellow highlighted line appears on the phone, with a bubble popping out with the same longer unusual looking url as above.

[Audio narrator] You can also do this on your phone or tablet by pressing and holding the link.

[Visual] Circles appear quick changing the frame. Two people icons are either side of the frame with speech bubbles coming up indicating conversation. There’s question marks inside the bubble which then turns to the yellow warning signal ‘!’  indicating the person is unsure.

[Audio narrator] Finally – If anything seems a bit off, it’s best you don’t engage with the message at all. Instead, reach out to the company directly.

[Visual] Circles appear quick changing the frame and moving to the next transition. A mobile phone in central in frame. A yellow warning signal ‘!’  pops up onto the phone

[Audio narrator] You can also receive phishing messages via a text message. Please look out for the same things.

[Visual] Circles appear quick changing the frame and moving to the next transition. Bullet points appear: ‘Who is the text message coming from?’; Next bullet: Is the text asking you to do something urgently?’; Last bullet: ‘Is it asking you to click on a link?’

[Audio narrator] who it is coming from; is the message urgent; and if the message is asking you to click on a link.

[Visual] Circles appear quick changing the frame and moving to the next transition. One big bullet – Seems a bit suss? Report it to us.

[Audio narrator] If you spot something that doesn’t seem right, report it to us. We’ll help you. You’ll help others.

[Visual] Circles appear quick changing the frame and moving to the next transition. A laptop and a mobile phone pop in central in frame. A big hook swoops in and swings side to side before a large green tick in circle pops up over the top of all graphics. The hook falls off to the bottom of the screen.

[Audio narrator] Now you know more about phishing, how to spot it, and how to help protect yourself. We hope it helps you to feel more secure online.

[Visual] Circles appear quick changing the frame and moving to the next transition. End frame. ‘Own Your Online’ logo pops up in to centre of the screen. Supporting logos NCSC is placed on the top right and the NZ Government logo is place on the top left.

[Audio]  Music fades out.

How it works

Phishing is a type of email scam. A phishing email will ask you to either click a link and enter personal information, or open an attachment in the email.

Phishing emails can look and feel legitimate. They use the same design and logos as the company or organisation they’re pretending to be, and the same kind of language.

Most phishing emails look like they come from:

  • a bank
  • a social media site
  • a government agency
  • an online game, or
  • an online service with access to your financial details, like iTunes, Netflix or Google.

Reputable companies and organisations will never ask you to provide them with personal information by email.

Phishing emails that ask for personal information

The email will ask you to click a link, where you'll be prompted to enter personal information. This could be:

  • your credit card information
  • your internet banking details
  • personal information and documents, like your driver's licence or passport
  • usernames or passwords for your online accounts, including social media accounts, or Microsoft or Google accounts.

For example, you may be directed to a website that looks like your bank’s website, and asked to enter your internet banking login details. This will give the attacker access to both your login information, and your bank accounts.

Phishing emails with attachments

Clicking an attachment in a phishing email allows the sender to infect your computer with malicious software, or ' '. This gives them access to your personal information without you knowing.

For example, you might get an email saying that you’ve been charged for services you didn’t receive – like lawn mowing, for example – with an invoice for the job. If you open the invoice to check the details, it could download malware to your computer without you realising.

Malware

How do phishers get your email address?

Attackers can get lists of email addresses:

  • from contact details found on web pages and social media sites
  • from email lists or data breaches that are shared and sold online
  • by guessing addresses that might be in use.

Information leaks

Get help

If you receive an email message you think is a scam or phishing, do not respond or click any links. Even if the message looks legitimate, most organisations will not ask you to click links to enter information. If you think the message may be valid, contact the organisation via official channels, usually found on their website.

You can forward an email you suspect to be a phishing scam to phishpond@ops.ncsc.govt.nz or submit a report to us online:

Report an incident(external link)