Kiwibank Access verification required
The above heading is the subject line for another Kiwi Bank phishing email. This one is very simple, and we suspect it is the work of an individual, rather than a concerted attack by a criminal group. Nevertheless, there have been a number of these types of emails stopped by our email filters, so we present it here. The email does follow the usual pattern: Kiwibank access verification required, click on link to rectify matters.
Figure A shows the email. It’s very plain as phishing emails go. No Kiwi Bank logos or branding are used. The subject line of the email (as mentioned earlier) is “Kiwibank Access verification required”. The sender of the email is shown as “KiwiBank”. The email begins with “Dear Valued Customer”. A sole link is contained in the email. The text of the link is in the form of a URL with the words kiwi bank forming part of the URL.
The reason for the email is that the user needs to re-confirm their account details for continued access. No reason is given beyond a rather nebulous statement that it is “part of our security procedure”. The entire body of the email, in fact, consists of one sentence.
Even though this is a blatant looking phishing email, be warned: these types of emails can still snare victims. The obvious signs that this is a fake email are the greeting and the link contained in the email. The greeting is not personalised. Banks always send emails addressing the name of the account holder. The second sign is the link, mousing over the link shows that it goes to a phishing site. The phishing site itself is not particularly sophisticated.
This phishing email is the second one targeting Kiwi Bank users that we have seen this year. Analysing this particular email suggests that it is the work of one or two individuals at most. Delete it if you receive it.