New Zealand loses hundreds of millions of dollars to fraud and scams each year. Online banking fraud is a major and growing part of this. Here’s how to protect yourself and what to do if something goes wrong.
Your bank will NEVER ask for your full password, PIN, or to transfer money to a "safe account." If you receive such a request — by phone, email, or text — hang up or delete it and call your bank directly on the number on the back of your card.
Common NZ Banking Scams in 2026
1. Phishing Emails and Texts (Smishing)
Fraudsters send emails or texts that look exactly like messages from your bank. They typically:
- Claim there’s suspicious activity on your account
- Say your account will be suspended unless you verify details
- Include a link to a fake login page that looks real
How to spot it: Your bank will never email you a link to log in and ask for your full password. If you’re unsure, go directly to your bank’s website by typing the URL yourself — never click email links to log in.
2. Phone Scams (Vishing)
A caller claims to be from your bank, the police, IRD, or even Microsoft. They may:
- Know some of your personal details (name, partial account number) — this doesn’t make them legitimate
- Claim your account has been compromised
- Ask you to transfer money to a “safe account” to protect it
- Ask for your password or one-time passcode (OTP)
Reality: Your bank’s fraud team will NEVER ask you to transfer money to another account, provide your full password, or read out a one-time code. Hang up and call your bank directly.
3. Invoice Fraud / Payment Redirection
Common for businesses and property purchasers. A fraudster intercepts email communications with your accountant, solicitor, or supplier and changes the bank account number on an invoice.
- A property buyer pays their deposit to a fraudster’s account instead of the vendor’s solicitor
- A business pays a supplier invoice to a fraudulent account
Protection: Always verify new bank account details by phone before making large payments — call the recipient on a known number, not one provided in the suspicious email.
4. Investment Scams
“Too good to be true” returns — fraudulent investment platforms promising 15-30% annual returns with “no risk.” NZ victims have lost millions through these.
- Typically run as Ponzi schemes
- Often advertised on social media with fake celebrity endorsements
- May appear professional with fake NZ FSP registration numbers
Protection: Check the FMA register (fma.govt.nz) before investing with any entity. If they’re not licensed in NZ, don’t invest.
5. Romance Scams
Fraudsters build online relationships over weeks or months, then request money transfers citing emergencies. NZ seniors are particularly targeted.
Signs: They never want to meet in person or video call, they’re always in a crisis that requires money, and the “relationship” escalates unusually quickly.
6. Buy Now, Pay Later and Loan Scams
Fake lenders who charge upfront “application fees” before disappearing. No legitimate NZ lender charges fees before approving a loan.
How NZ Banks Handle Fraud Liability
NZ bank fraud liability is a grey area — unlike some countries, NZ doesn’t have a formal mandatory reimbursement scheme for fraud victims.
General principles:
| Situation | Likely outcome |
|---|---|
| Card stolen and used without your knowledge | Bank typically reimburses |
| Phishing — you entered credentials on a fake site | Bank may or may not reimburse — outcome varies |
| Authorised push payment — you transferred money to a scammer | Bank often declines to reimburse (you “authorised” it) |
| Third-party breach (bank’s systems hacked) | Bank liable |
The most difficult cases are authorised push payment scams — where you transfer money yourself to a fraudster (e.g., the “safe account” scam). Banks often argue you authorised the payment. This is a known gap in NZ consumer protection.
If your bank refuses to reimburse and you believe you were defrauded, escalate to the Banking Ombudsman — see below.
How to Protect Yourself
Passwords and Authentication
- Use a unique, strong password for your bank — different from every other account
- Enable two-factor authentication (2FA) — most NZ banks now offer this via SMS or app
- Never share your password, PIN, or one-time passcode with anyone — including someone claiming to be from your bank
- Use a password manager (1Password, Bitwarden) — avoids reusing passwords
Devices and Networks
- Keep your phone and computer updated — security patches close vulnerabilities
- Avoid banking on public Wi-Fi — use mobile data or a VPN if necessary
- Lock your phone with biometrics or a PIN — if lost, someone can’t access your banking app
Payment Habits
- Never click email links to log in — type your bank’s URL directly
- Verify new payees by phone before large transfers
- Check your statements regularly — at least weekly — for unrecognised transactions
- Set up transaction alerts in your banking app — instant notification of every payment
If You Think You’ve Been Scammed
Act immediately — speed is critical in recovering funds.
- Call your bank immediately on the fraud line (number on back of card)
- Report to Police at police.govt.nz (required for your bank’s fraud team process)
- Report to CERT NZ at cert.govt.nz — New Zealand’s cyber security agency
- Report to NetSafe at netsafe.org.nz — particularly for online scams
- Contact the Banking Ombudsman at bankomb.org.nz if your bank disputes your fraud claim
Key NZ Contacts for Fraud
| Organisation | Contact | Purpose |
|---|---|---|
| Your bank | Number on back of card | Immediately freeze account, dispute transaction |
| CERT NZ | cert.govt.nz | Cyber security incidents and phishing reports |
| NetSafe | netsafe.org.nz / 0508 638 723 | Online safety advice and scam reporting |
| NZ Police | 105 or police.govt.nz | Report financial crime |
| Banking Ombudsman | bankomb.org.nz | If bank disputes your fraud claim |
| FMA | fma.govt.nz | Investment scams, unlicensed entities |
| Scamwatch NZ | Consumer NZ: consumer.org.nz | Information on known scams |
Banking App Security Tips
- Don’t store your password in the phone’s notes app or anywhere accessible
- Use biometric login (Face ID / fingerprint) rather than a 4-digit PIN
- Log out of internet banking after each session on shared devices
- Check the app is official — download only from the App Store or Google Play
Next Steps
- Banking fees NZ — keep costs low as well as safe
- Overdraft NZ — understand your account’s safety nets
- Best banks for seniors NZ — seniors face heightened scam targeting
- Compare NZ banks — if your bank’s fraud handling has let you down