Kiwibank target of phishing scam

Experts reveal Kiwibank phishing campain directs to spoofed website in the US.

An email purporting to be from New Zealand’s Kiwibank - urging customers to update their personal information - is a malicious phishing campaign, warns security vendor Sophos.

Using the Kiwibank logo, the email tricks customers into clicking on the provided link in order to update their personal information and ensure their eligibility for the bank’s policy if guaranteeing their money.

The email said: “…We are so confident with our online banking security system that we guarantee your money…Please proceed to your Kiwibank online banking personal internet banking now for more update on your account maintenance.”

According to Paul Ducklin, head of technology, APAC at Sophos the Website appears to be a legitimate website. The site is now blocklisted and off the air and the genuine owner of the site is left to sort out the mess.

"SophosLabs currently estimates that 70 per cent of malicious web pages abused by phishers and malware spreaders are not directly associated with cybercriminals, but rather are legitimate sites which have been broken into
and 'borrowed' for criminal activity,” said Ducklin.

Kiwibank has published a warning on its legitimate site urging customers which have clicked on the link to immediately change their passwords and contact the bank.

"Computer security begins at home," said Ducklin, recommending consumers and small businesses to take advantage of the many security guidelines that are available online.