How to Spot a Phishing Email

    Phishing emails are one of the most common ways people get hacked. They're designed to look like legitimate emails from banks, courier companies, government agencies, or services you use β€” but they're actually attempts to steal your login details, personal information, or money.

    This article will help you recognise the warning signs so you can protect yourself

    Watch This First

    The New Zealand Government's Own Your Online website has put together a short 3-minute video that walks through a realistic phishing example using a fake IRD email. It's one of the best quick explanations we've seen and is well worth watching before reading on.

    πŸ‘‰ Watch: How to spot a phishing email β€” Own Your Online

    What is a Phishing Email?

    A phishing email is a fraudulent message designed to trick you into:

    • Clicking a link that takes you to a fake website designed to steal your login details
    • Opening an attachment that installs malware on your computer
    • Providing personal information such as your bank details, IRD number, or passwords
    • Transferring money to a scammer's account

    The emails are often convincing β€” they may use logos, formatting, and language that looks identical to the real thing.

    Common Warning Signs

    The sender's email address looks wrong

    The display name might say "ANZ Bank" or "New Zealand Post" but the actual email address is something completely different. Always check the full email address β€” not just the name.

    For example:

    It creates a sense of urgency

    Phishing emails often try to panic you into acting quickly without thinking:

    • "Your account will be suspended in 24 hours"
    • "Immediate action required"
    • "Your parcel could not be delivered β€” pay now to reschedule"
    • "Unauthorised login detected β€” verify your account immediately"

    It asks you to click a link or open an attachment

    Legitimate companies rarely ask you to click a link in an email to verify your account or fix a problem. If in doubt, go directly to the company's website by typing the address yourself rather than clicking any link.

    The link address looks suspicious

    Before clicking any link in an email, hover your mouse over it to see the actual web address. If it doesn't match the company's real website address β€” don't click it.

    Tip: On a phone or tablet, press and hold the link to see the full web address before opening it.

    Poor spelling and grammar

    Many phishing emails contain spelling mistakes, awkward phrasing, or unusual formatting. This is a common giveaway β€” legitimate companies proofread their communications.

    It asks for personal or financial information

    No legitimate bank, government agency, or company will ever ask you to provide your password, PIN, full credit card number, or IRD number via email.

    It's unexpected

    Did you actually order a parcel? Do you actually have an account with that company? If you weren't expecting the email, treat it with suspicion.

    Common Phishing Scenarios in New Zealand

    Watch out for emails pretending to be from:

    • Banks β€” ASB, ANZ, Westpac, BNZ, Kiwibank β€” asking you to verify your account or confirm a transaction
    • NZ Post or CourierPost β€” claiming a parcel is waiting and asking for a small fee to release it
    • IRD / Inland Revenue β€” claiming you have a tax refund or outstanding debt
    • NZTA β€” claiming you have an unpaid fine
    • ACC β€” claiming you need to update your details
    • Netflix, Spark, Vodafone β€” claiming your payment failed and asking you to update your card details
    • Microsoft or Apple β€” claiming your account has been compromised

    Not Sure if a Link is Safe?

    Use Netsafe's free CheckNetsafe tool to check whether a website or link is legitimate before clicking:

    πŸ‘‰ CheckNetsafe Anti-Scam Tool β€” netsafe.org.nz

    What to Do if You Receive a Suspicious Email

    Don't click any links or open any attachments.

    1. If it claims to be from a company you use, go directly to that company's website by typing the address in your browser β€” don't use any links in the email
    2. If you're unsure whether it's legitimate, forward it to help@lanclub.nz and we'll check it for you
    3. If you think it's a scam, delete it

    What to Do if You Clicked a Link or Entered Your Details

    If you think you may have fallen for a phishing email β€” don't panic, but act quickly:

    1. Change your password immediately on the affected account β€” use your Bitwarden vault to generate a strong new one
    2. Enable MFA on the account if you haven't already
    3. Contact your bank immediately if any financial information was involved
    4. Submit a ticket at https://help.lanclub.nz or email help@lanclub.nz β€” we can check your computer for any malware that may have been installed
    5. Report it to CERT NZ at www.cert.govt.nz β€” New Zealand's cybersecurity agency

    A Quick Checklist

    Before clicking anything in an email, ask yourself:

    • Do I recognise the sender?
    • Does the email address match the company it claims to be from?
    • Was I expecting this email?
    • Is it trying to create urgency or panic?
    • Does the link address look legitimate?
    • Is it asking me for personal or financial information?

    If the answer to any of these raises a red flag β€” don't click. When in doubt, delete it or forward it to help@lanclub.nz and we'll check it for you.

    Useful NZ Resources

    Resource What it does Link
    Own Your Online NZ Government online safety hub β€” videos and guides ownyouronline.govt.nz
    CERT NZ Report cyber incidents and get NZ-specific advice cert.govt.nz
    Netsafe Free advice and scam checking tool netsafe.org.nz
    NZ Police Report fraud police.govt.nz

    Questions?

    If you're ever unsure about an email you've received, don't hesitate to forward it to help@lanclub.nz and we'll take a look. It's always better to check than to click.

    Published