Don't get hooked - beware of phishing from online criminals (About this site)

You are here: Home › About this site › Your privacy

About this site
E pa ana ki te pae tukutuku nei

Don't get hooked - beware of phishing from online criminals

What phishing scams are
Warning signs of a phishing attempt
What you can do to avoid phishing and identity theft
What can you do if you receive a phishing email, smishing message or vishing call
Examples of past phishing attempts
Reporting phishing attempts

What phishing scams are

Criminals use online phishing scams to get your personal information, money, and identity. They send out fraudulent emails to thousands of customers every day. Many promise a tax refund to customers.

Criminals are also using both SMS phishing (known as smishing) and Voice phishing (known as vishing) scams to get your personal information, money and identity. They send texts or make phone calls to customers every day. These scams are promising a tax refund to customers.

Phishing scams range from the sophisticated, convincing, and professional to those with poor English and obvious spelling and grammar mistakes.

Unfortunately, some people fall victim to these scams providing information, money, and even their identity to these online criminals.

Note
Inland Revenue will never include a hyperlink to a webpage that requires you to submit information

Warning signs of a phishing attempt

If you receive an email or text message notifying you of a tax refund or asking for your tax information, here are some tips to determine if it is genuine:

Does it include a hyperlink that asks you to submit information?
Does it include a specific dollar value of the refund?
Does it have errors in spelling or grammar?

If you answered "Yes" to any of those questions, delete the email or text message from your Inbox and Trash folder.

If you receive a phone call promising you a tax refund, then this is not genuine as Inland Revenue will not cold call you about a tax refund.

What you can do to avoid phishing and identity theft

Use our online services and secure mail to communicate with us. It’s fast, easy and safe.
- Register for Inland Revenue's online services
- Register for Inland Revenue's secure mail
Use strong passwords that have:
- at least eight characters
- a mixture of numbers, letters and symbols
- both upper and lower cases.
Have a different password for each website you use.
Never share your passwords with anyone - even someone you trust might accidentally give away your password.
Never write your passwords down.
Before you enter your password check that the website address:
- begins with "https" (the "s" stands for secure)
- looks like the right website eg, contains the New Zealand government domain ("govt.nz").
When accessing important accounts like Inland Revenue or your bank, always type the address into the address bar yourself and check it before you press enter. This will guard against you clicking a faked link that may redirect you to a malicious website.

What can you do if you receive a phishing email, smishing message or vishing call

If you receive a phishing email, please forward this to phishing@ird.govt.nz before deleting the email from your Inbox and Trash folder.

If you receive a smishing message or a vishing call, please send an email to phishing@ird.govt.nz or call and tell us (see "Contact us" for our details). Please give us this information:

number that the text message or phone call (CallerID) originated from
any name/s given by the text sender or phone caller
any callback number/s given by the text sender or phone caller
details about the scam:
- amount of tax refund quoted
- any reference number given
- what information the scammer asked for
- any other detail that you feel is relevant to include.