About this site: Your privacy
- What phishing scams are
- Warning signs of a phishing attempt
- What you can do to avoid phishing and identity theft
- What can you do if you receive a phishing email, smishing message or vishing call
- Examples of past phishing attempts
- Reporting phishing attempts
Criminals use online phishing scams to get your personal information, money, and identity. They send out fraudulent emails to thousands of customers every day. Many promise a tax refund to customers.
Criminals are also using both SMS phishing (known as smishing) and Voice phishing (known as vishing) scams to get your personal information, money and identity. They send texts or make phone calls to customers every day. These scams are promising a tax refund to customers.
Phishing scams range from the sophisticated, convincing, and professional to those with poor English and obvious spelling and grammar mistakes.
Unfortunately, some people fall victim to these scams providing information, money, and even their identity to these online criminals.
|Inland Revenue will never include a hyperlink to a webpage that requires you to submit information|
If you receive an email or text message notifying you of a tax refund or asking for your tax information, here are some tips to determine if it is genuine:
- Does it include a hyperlink that asks you to submit information?
- Does it include a specific dollar value of the refund?
- Does it have errors in spelling or grammar?
If you answered "Yes" to any of those questions, delete the email or text message from your Inbox and Trash folder.
If you receive a phone call promising you a tax refund, then this is not genuine as Inland Revenue will not cold call you about a tax refund.
- Use our online services and secure mail to communicate with us. It’s fast, easy and safe.
Use strong passwords that have:
- at least eight characters
- a mixture of numbers, letters and symbols
- both upper and lower cases.
- Have a different password for each website you use.
- Never share your passwords with anyone - even someone you trust might accidentally give away your password.
- Never write your passwords down.
Before you enter your password check that the website address:
- begins with "https" (the "s" stands for secure)
- looks like the right website eg, contains the New Zealand government domain ("govt.nz").
- When accessing important accounts like Inland Revenue or your bank, always type the address into the address bar yourself and check it before you press enter. This will guard against you clicking a faked link that may redirect you to a malicious website.
If you receive a phishing email, please forward this to firstname.lastname@example.org before deleting the email from your Inbox and Trash folder.
If you receive a smishing message or a vishing call, please send an email to email@example.com or call and tell us (see "Contact us" for our details). Please give us this information:
- number that the text message or phone call (CallerID) originated from
- any name/s given by the text sender or phone caller
- any callback number/s given by the text sender or phone caller
details about the scam:
- amount of tax refund quoted
- any reference number given
- what information the scammer asked for
- any other detail that you feel is relevant to include.
|Do not give your personal information, IRD number, bank details or credit card details to these scammers.|
Image courtesy of Computer Security
Image courtesy of FraudWatch International
We do investigate and take action on reports of phishing and new attempts will be posted to this site.
To report a phishing attempt, please forward the email you received to firstname.lastname@example.org.
If you require further information relating to scams, please visit the Department of Internal Affairs website.
If you need tax or benefit assistance, please refer to our contacts list.
Date published: 18 Mar 2013
Back to top