[{"data":1,"prerenderedAt":232},["ShallowReactive",2],{"insight-\u002Finsights\u002Fwhat-is-phishing-and-how-to-spot-it":3,"insight-surround-\u002Finsights\u002Fwhat-is-phishing-and-how-to-spot-it":219},{"id":4,"title":5,"author":6,"body":7,"date":204,"description":205,"draft":206,"extension":207,"meta":208,"navigation":209,"path":210,"readingTime":211,"seo":212,"stem":213,"tags":214,"__hash__":218},"insights\u002Finsights\u002Fwhat-is-phishing-and-how-to-spot-it.md","What is phishing — and how to spot it before it catches you","Jason Webb",{"type":8,"value":9,"toc":188},"minimark",[10,14,17,22,25,28,32,35,40,48,52,55,59,66,69,73,76,80,83,87,124,128,131,164,168,171,174,177,180],[11,12,13],"p",{},"Phishing is the reason most people get hacked. Not because they're careless, but because the emails and messages are genuinely convincing. I've seen smart, careful people get caught out by a well-crafted phishing email — there's no shame in it.",[11,15,16],{},"But once you know what to look for, you'll start spotting them almost instantly.",[18,19,21],"h2",{"id":20},"what-phishing-actually-is","What phishing actually is",[11,23,24],{},"Phishing is when someone pretends to be a trusted organisation — your bank, NZ Post, IRD, Netflix, Microsoft — to trick you into handing over your password, credit card number, or personal information. It usually arrives as an email, but it can also come as a text message (sometimes called \"smishing\") or even a phone call (\"vishing\").",[11,26,27],{},"The goal is almost always the same: get you to click a link and enter your details on a fake website that looks identical to the real one.",[18,29,31],{"id":30},"what-a-phishing-email-looks-like","What a phishing email looks like",[11,33,34],{},"They've come a long way from the days of Nigerian princes. Modern phishing emails often look completely professional. But there are tells:",[36,37,39],"h3",{"id":38},"the-sender-address-is-slightly-off","The sender address is slightly off",[11,41,42,43,47],{},"The email might say it's from \"NZ Post\" but the actual address is something like ",[44,45,46],"code",{},"nzpost-delivery@mail-notifications.com",". Always check the full email address, not just the display name.",[36,49,51],{"id":50},"it-creates-urgency-or-fear","It creates urgency or fear",[11,53,54],{},"\"Your account has been compromised.\" \"Your parcel couldn't be delivered.\" \"You have 24 hours to respond or your account will be closed.\" Real organisations don't threaten you with deadlines in emails. They especially don't ask you to fix things by clicking a link.",[36,56,58],{"id":57},"the-link-doesnt-go-where-it-says","The link doesn't go where it says",[11,60,61,62,65],{},"This is the big one. On a computer, hover your mouse over any link in the email — don't click it — and check the address that appears. If the email says it's from ANZ but the link goes to ",[44,63,64],{},"anz-secure-login.dodgy-domain.com",", that's phishing.",[11,67,68],{},"On a phone, press and hold the link to preview it instead of tapping.",[36,70,72],{"id":71},"it-asks-for-information-they-should-already-have","It asks for information they should already have",[11,74,75],{},"Your bank will never email you asking for your account number, password, or PIN. IRD won't ask for your myIR login via email. If someone's asking for information they should already know, that's a red flag.",[36,77,79],{"id":78},"the-greeting-is-generic","The greeting is generic",[11,81,82],{},"\"Dear Customer\" or \"Dear User\" instead of your actual name often signals a mass phishing campaign. Though increasingly, phishers do personalise — so a correct name alone doesn't make an email safe.",[18,84,86],{"id":85},"what-to-do-when-you-spot-one","What to do when you spot one",[88,89,90,98,104,118],"ol",{},[91,92,93,97],"li",{},[94,95,96],"strong",{},"Don't click anything."," Not the links, not the attachments, not the unsubscribe button.",[91,99,100,103],{},[94,101,102],{},"Don't reply."," Even replying confirms your email address is active.",[91,105,106,109,110,117],{},[94,107,108],{},"Report it."," Forward it to the organisation being impersonated (most banks have a dedicated phishing email). In New Zealand, you can also report it to ",[111,112,116],"a",{"href":113,"rel":114},"https:\u002F\u002Fwww.cert.govt.nz\u002Findividuals\u002Fcommon-threats\u002Fphishing\u002F",[115],"nofollow","CERT NZ",".",[91,119,120,123],{},[94,121,122],{},"Delete it."," Once reported, get rid of it.",[18,125,127],{"id":126},"what-to-do-if-youve-already-clicked","What to do if you've already clicked",[11,129,130],{},"Don't panic — but do act quickly.",[132,133,134,140,146,152,158],"ul",{},[91,135,136,139],{},[94,137,138],{},"Change your password"," immediately for whatever account the fake site was imitating. If you use the same password anywhere else (and you know you shouldn't), change those too.",[91,141,142,145],{},[94,143,144],{},"Turn on two-factor authentication"," if you haven't already.",[91,147,148,151],{},[94,149,150],{},"Check your bank accounts"," for any transactions you don't recognise.",[91,153,154,157],{},[94,155,156],{},"Run a malware scan"," if you downloaded an attachment.",[91,159,160,163],{},[94,161,162],{},"Contact your bank"," if you entered any financial details. They deal with this every day and can freeze things fast.",[18,165,167],{"id":166},"the-ones-that-nearly-got-me","The ones that nearly got me",[11,169,170],{},"I'll be honest — I've had a couple land in my inbox that made me pause. A fake Xero invoice notification that looked pixel-perfect. A courier delivery text that arrived the same day I was actually expecting a parcel. The timing made it convincing.",[11,172,173],{},"The thing that saved me both times was the same: I didn't click the link in the message. I opened a browser, went directly to the real website, and logged in there. If there was genuinely a problem, it would show up in my actual account.",[11,175,176],{},"That single habit — never click, always go direct — blocks almost every phishing attempt.",[178,179],"hr",{},[11,181,182,183,187],{},"If you've received something suspicious and you're not sure whether it's real, ",[111,184,186],{"href":185},"\u002Fcontact","send it my way",". I'm always happy to take a look — better safe than sorry.",{"title":189,"searchDepth":190,"depth":190,"links":191},"",2,[192,193,201,202,203],{"id":20,"depth":190,"text":21},{"id":30,"depth":190,"text":31,"children":194},[195,197,198,199,200],{"id":38,"depth":196,"text":39},3,{"id":50,"depth":196,"text":51},{"id":57,"depth":196,"text":58},{"id":71,"depth":196,"text":72},{"id":78,"depth":196,"text":79},{"id":85,"depth":190,"text":86},{"id":126,"depth":190,"text":127},{"id":166,"depth":190,"text":167},"2026-05-20","Phishing is the most common way people get hacked, and it's getting harder to spot. Here's how it works and what to look for so you don't take the bait.",false,"md",{},true,"\u002Finsights\u002Fwhat-is-phishing-and-how-to-spot-it","5 min read",{"title":5,"description":205},"insights\u002Fwhat-is-phishing-and-how-to-spot-it",[215,216,217],"security","personal","small business","2PBXpYA_Q38WgCrSSNPU9kps4pswRGND-MyaG1ZJ1Kc",[220,226],{"title":221,"path":222,"stem":223,"description":224,"date":225,"children":-1},"Protecting yourself online — a no-nonsense guide","\u002Finsights\u002Fprotecting-yourself-online","insights\u002Fprotecting-yourself-online","The internet isn't scary, but it does reward people who pay attention. Here are the practical steps that actually matter for staying safe online.","2026-05-27",{"title":227,"path":228,"stem":229,"description":230,"date":231,"children":-1},"What to do when your computer is running slow","\u002Finsights\u002Fwhat-to-do-when-your-computer-is-running-slow","insights\u002Fwhat-to-do-when-your-computer-is-running-slow","A slow computer doesn't always mean you need a new one. Here are the things I check first — and the fixes that actually work.","2026-05-06",1779856047514]