KEY POINTS:
Kiwibank has been hit for the second time in two weeks by internet scammers.
The latest phishing scam happened yesterday, when thousands of New Zealanders were sent emails asking them to register for a Kiwibank "Customer Appreciation Day" this Thursday.
The emails came from a fake sender "Kiwibank [mailto:customers@kiwibank.co.nz]" and directed the bank's customers to a bogus site where they were asked to register their account details and pin numbers.
The message also invited customers to drop in at any Kiwibank branch on Thursday for coffee and cake, saying the bank wanted to thank them for their loyalty.
Last night, Kiwibank said the email was a hoax - and there would be no coffee or cake.
Claims that customers could win $30,000 and a Mercedes-Benz SLK by registering their account details for the Customer Appreciation Day were also untrue.
"Kiwibank can't afford prizes like that," spokesman Bruce Thompson said.
He said the bank did not know the source of the scam. However, a similar scam late last month had come from the United States and it was likely the same scammers had struck again.
On both occasions, the bank was able to shut down the fake sites within hours with the help of internet providers overseas.
Mr Thompson said customers were becoming increasingly awake to such scams and the bank had received several calls as soon as the messages started arriving yesterday morning.
He was able to reassure customers who had been fooled: "Nobody will lose money because we're on it."
Although customers are becoming more wary about disclosing their bank account details, the phishing scams (the use of fraudulent emails to steal personal information) have become more sophisticated.
An early scam targeting Kiwibank customers managed to misspell the bank's name.
Today, many scams now direct customers to sites that look exactly like the real bank sites.
Larger banks, including the ASB, the BNZ and Westpac, have been targeted by internet scammers for several years.
Mr Thompson said Kiwibank took the problem seriously. It had already been hit by scams from Asia, Russia and North America.
"There's always a slightly different angle with each one but, the bottom line is, they want your information," he said.
People also needed to be aware that the fraudsters looked for "mule accounts" they could use to transfer funds taken from other accounts.
They would target the holders of legitimate accounts and then pose as overseas business owners who needed an account in New Zealand but were unable to set one up.
They would ask the customer to transfer the funds into an overseas account but tell him or her to keep a percentage as commission.
Mr Thompson said some customers had unwittingly become mules, but whether they knew what they were doing or not, it was illegal because they were receiving stolen money.
He said to avoid becoming a victim of online fraud, bank customers should not give their pin or access number to anybody requesting that information via email, or any email guiding people to a site requesting that information.
"That's not how banks operate," Mr Thompson said.
