How to keep yourself safe

Find out how to avoid infection from computer viruses and other ‘nasties’ such as hoax emails, phishing scams and spyware.

Safety basics

The basic must-dos to keep yourself safe online

Online fraudsters take advantage of poor security systems, entering computers through scam emails, when you navigate to certain pages online, or download software bundled with dangerous programs.

Here are some dos and dont's to consider

Double check a suspicious sender before you open or reply to an email Open emails from people or organisations you don’t know or trust
Scan all email attachments for viruses Click on any link in an email that asks you to respond with personal information
Always delete your junk mail Click on an email link from an unknown sender that asks you to pay bills or log onto a secure service
  Use a preview pane within your email account – this is the equivalent to opening an email automatically

Some viruses forward infected mail to entries in an address book. Therefore, you can also get an infected attachment from someone you know.

If you frequently receive suspicious or unsolicited emails, you should consider installing a spam filter or getting that service from your Internet Service Provider.

Check you’re on Westpac’s official site before logging in

Before you log in to online banking, check you’re connecting directly to the real Westpac online banking service. Do this by:

  • checking for the SSL secure connection symbol – a locked padlock 
  • double-clicking on the padlock symbol. Our certificate has been "digitally signed" by either Entrust or Verisign.

When viewing our online banking certificate always ensure that:

  • it’s been 'Issued to' or or
  • the 'Issued by' section refers to
  • the date specified is within a valid date range.

If the certificate details differ from this, don’t log in. Email us for further assistance and include a screen shot of the certificate in your email (if you can).

Keep your online banking password safe  

It’s a no-brainer, but make sure your online banking password is safe:

  • never give your online banking password to anyone
  • Note: no Westpac staff member should ever ask you for your password for any reason.
  • don't write passwords down or store them in a file on your computer – you also shouldn't use 'form-fill', AutoComplete or other similar password storage functions in your browser settings.
  • select a password that’s difficult to guess and change it regularly – we'll give you a prompt every 60 days. We suggest that you don't use any of the following: family, pet or street names, birth dates or other data easily connected to you.
  • don't use the same password for different websites.
  • ensure that no one can see your keyboard when you enter your Customer ID and password – this is especially relevant if using a public or work PC.

Sign up for email and text alerts

Signing up for our email and text alerts can help you keep tabs on your online banking activity, so you know if someone else has used your login ID or tried to make transactions. Just set this up in Original Online Banking.

More about email and text alerts

How Westpac keeps you safe online

Phishing and scams

Canterbury Phishing Scam

There have recently been a number of incidents in the Canterbury area where older members of the community have been targeted by a fraudulent scam.

The scammers are either telephoning or visiting members of the community claiming to be from a known company, such as a bank. They attempt either to get enough information from the customer to satisfy a bank’s identification process so that they can transfer funds from the customer’s account or to get hold of the customers debit card and their PIN.

To keep yourself safe, please remember the following:
  • never give your card PIN number or online banking username and password to anyone 
  • don’t let anyone else use your card 
  • don’t write down your PIN number 
  • check your account balances regularly 
  • notify your bank immediately if you have lost your card or disclosed your PIN number

Phishing, hoax emails and other scams

Phishing is a fraudulent attempt by a third party to steal your personal information, usually made through email. Here’s what to do if you receive one, and a look at the latest phishing scams that have been detected.

What to do if you receive a phishing email

If you believe you’ve received a Westpac-related phishing email, report it by forwarding the email to the following address:

This email address is for notification purposes only and you won’t receive an individual reply. If you have any queries relating to the email or any anything else, please use the Westpac communication form.

What actions should you take?
  • don’t click on the link contained in the email
  • don’t reply to the email
  • delete the email
  • update and perform an anti-virus scan on your computer
  • update and perform an anti-spyware scan on your computer

View the latest phishing scams

Am I on the real Westpac online banking site?

The Original Online Banking home page address (URL) is:

For Westpac One online banking, the address (URL) is:

If you're ever at a site with a login page that differs in any way from the above, you're not at an official Westpac online banking login page (refer images 1 and 2 below).

Westpac uses extended validation certificates (EV). If you're running a reasonably new browser, this will display the organisation information associated with the certificate. It should read “Westpac New Zealand Limited [NZ]” either to the left or right of the home page address.

Employment scams

With employment scams, criminals post fake job advertisements looking for people to act as New Zealand distribution agents.

  • advertise via online recruitment sites, newspapers or email
  • ask new ‘agents’ for their NZ bank account details into which they receive funds on behalf of the company
  • then wire funds overseas, retaining 5-10% of the funds as their ‘commission’.

Often, the funds being deposited into the New Zealand agent’s account are stolen. The criminals behind these scams:

  • pose as overseas companies
  • acquires funds by sending out a spam email (or similar)
  • use the ‘agents’ for money laundering
  • can include a virus or Trojan keyboard logger in emails that captures personal information (including online banking passwords) from unprotected computers.

Remember, if a job offer seems too good to be true, it probably is. If the job is such that you’re to receive payment for just transferring money through your account, you should contact the bank and police immediately.


Latest phishing scams

The latest phishing scams to watch out for

We were notified of the following email phishing scam on  26 April 2017:

Alert April

Email phishing scam  21 March 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac staff member, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to We currently are working with the relevant authorities in relation to this issue.

Alert March

We were notified of the following email phishing scams on  9 March 2017:

Alert March

Alert March

We were notified of the following email phishing scam on  14 February 2017:

Alert Feb

We were notified of the following Facebook phishing scam on  14 December 2016:
A fake profile called "Westpac Carelines" is messaging customers asking for credit card details

Alert December

We were notified of the following phishing scams on the 29 November 2016:

Alert November

We were notified of the following phishing scams on the 25 November 2016:

phishing email

phishing email



We were notified of the following phishing scam on the 4 November 2016:

phishing email


We were notified of the following phishing scam on the 9 June 2016:

Alert 7 June]

We were notified of the following phishing scam on the 7 June 2016:

Alert 7 June]


We were notified of the following phishing scam on the 3 June 2016:

email lure

We were notified of the following phishing scam on the 24 May 2016:

email lure

We were notified of the following phishing scam on the 12 April 2016:

email lure

We were notified of the following phishing scam on the 29 March 2016:


We were notified of the following phishing scam on the 01 March 2016:

01032016 phishing

We were notified of the following phishing scam on the 26 February 2016:

26022016 phishing

We were notified of the following phishing scam on the 18 November 2015:

Phishing Scam 1811

We were notified of the following phishing scam on the 13 November 2015:

13112015 Phishing Scam


Secure your computer

Protect your computer with security measures

Protecting yourself means doing things like always logging out from your online banking, not having the same passwords across multiple sites, and being wary of phishing scams. Here’s what else you might want to consider to help  protect your computer from nasty viruses or scams.

Install anti-virus software

Get protection from viruses that could damage your computer and its programs:

  • update your anti-virus software regularly
  • set your computer to automatically check for new virus definitions regularly.

Also choose a reputable anti-virus software provider – try:

Install a personal firewall

 Install a protective shield between your computer and the Internet, called a firewall. It can stop unauthorised people from:

  • accessing and reading private information on your computer
  • placing viruses on your computer while you’re connected to the Internet.

 Choose a reputable personal firewall software provider – try:

Install anti-spyware software

Eradicate spyware programmes that track what you are doing on the Internet.

These hidden programs are:

  • often bundled together with file sharing, email virus or browser accelerator programs
  • usually installed without your knowledge.

Spyware is used to collect personal Internet usage information and confidential data such as passwords, in some instances. Choose a reputable anti-spyware software provider. Ad-Aware or Spybot Search and Destroy are free. These are available from PC World.

Keep your browser and operating system up to date

From time to time, security weaknesses or bugs are found in browsers and operating systems. To ensure you have the most up-to-date security features:

  • install Service Packs issued by the software company as quickly as possible
  • make regular checks on your software vendor’s website (or request an automated alert if available)
  • apply new security patches as soon as possible.
Get updates for your Internet browser

Avoid downloading programs, installing software or downloading files from an unknown source, or
websites that are not considered a trusted source.

Using other computers 

If you access your accounts using a computer in a cyber café, a library or your workplace take care. Try to ensure the computer has the latest anti-virus software, firewall protection, anti-spyware software and browser software installed.

Is your computer infected?

If your computer has been infected, it may be acting ‘weirdly'. Take action if your computer:

  • has unusual icons appearing on your desktop or Start menu
  • has extra toolbars
  • programmes lock up frequently
  • homepage is changing.

In some cases, unobtrusive or covert issues – such as keyboard logging or spyware – may not be obvious. We recommend you review your online transactions regularly. Also ensure all activity has been initiated by you and email us to report anything that seems suspicious or odd.