New notice says Kiwi Bank phishing email

New notice says Kiwi Bank phishing email

“You have a new notice” begins the latest phishing email targeting Kiwi Bank customers. This phishing email is a bone simple type of phishing email, but these emails can still be effective in luring users to malicious sites.

Kiwi Bank, for those who are not familiar, is a government owned enterprise that is a subsidiary of New Zealand Post. It was established in May 2001. Figure A shows the email that is being used by criminals to target Kiwi Bank customers.

The subject of the email is “You have a new notice”, whilst the sender is shown as “Kiwi Bank”. The email begins with “Dear valued Customer”. A single Kiwi Bank logo is located in the top left hand corner of the email. The bottom of the email contains fairly standard looking statements; one is a “DO NOT REPLY TO THIS EMAIL”, whilst the second is “ABOUT THIS MESSAGE”. One link is contained in the email; the text of the link is “Please login”.

The body of the email does not contain much information about what the email is about, other than that the recipient has a message. The user is told to login to their Kiwi Bank account to view the message.

As phishing emails go, this one is fairly simple. The email has three sentences; fairly short on content. The link however does give the email away. The link in this case leads to a phishing site, designed to capture the internet login credentials of the user.

In some ways, this phishing email is an oddity. It is not using a sense of urgency to try to trick users into clicking on the link. Rather, it appears to be playing on people’s curiosity. It is relying on people wanting to know what a message is about, and clicking on the link to find out.

Kiwi Bank have posted a number of useful tips on protecting yourself from emails scams such as this, but the key one is to not click on links. Kiwi Bank have been notified of this phishing email.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service