Please configure

How to spot a scam

Email Scams

Phishing, spear phishing, whaling and spoofing are types of scam emails.

Phishing scams are sent to a large group of people, with no particular targeting. They are fake emails that come from people pretending to be from a trusted organisation e.g. your bank, telecommunications provider or even from the Government. Phishing emails ‘fish’ for information so they generally ask for personal information, such as credit card details or your account password. Learn more on Phishing.

Spear Phishing uses the same approach as Phishing expect they personalise the email to sound more convincing.

Whale Phishing is a heavily targeted scam, they will personally address you and pose to be from someone you know or trust e.g. your boss.

Spoofing is when someone forges an email to make it look like it has come from a specific email address. If someone receives an email from you, but you didn't send it, then someone has spoofed your email address.

If you receive an email that looks like it's from a generic Xtra or Spark email address, it may not have come from Spark. This includes emails that look like they're from:


Note: any genuine emails you receive from Spark will only ever include links to the Spark website ( If you think you have received a suspicious email from us, please contact us. We will never ask you for passwords or account information by email.

See a list of verified email scams

  • Immediate calls to actions e.g. “URGENT” are good signs of phishing
  • Bad spelling or grammar
  • A link in the email that looks suspicious or directs to somewhere unrelated. Be careful because they can hide the suspicious link with a hyperlink – hover over a link to see if the web address is legitimate and relates to the email content.
  • Generic greetings like ”Hello” or “Dear customer” this is a sign of a mass email post. However, scammers can also use your name to be more convincing, or sign the email off from someone you know e.g. your boss. – this is called whale phishing.
  • The email asks for personal information – a reputable company will never ask for personal information like your password, credit card number etc. over email.
  • The email threatens you to take action e.g. You must pay your account now or you will lose connection immediately.

Let's look at an example phishing email:

Spam email example
  1. An email address you don't recognise should get you thinking.
  2. Immediate calls to action like "URGENT" are good signs of phishing.
  3. With everything else going on, this attachment is sure to contain a few surprises. Always check before you click!
  4. They haven't used a name here. Could have originally been a mass email post. Don't get complacent if your name is in there. 'Spear' and whale phising can target individuals.
  5. Bad spelling and grammar is a good sign that something is not right.
  6. That link starts of well - but then gets a little suspicious
  7. Asking you to enter your personal details like this is a sure sign.
  8. Always hover over links to see if the web address is legitimate and relates to the email's content.

Read more on how to stay safe online

Phone Scams

Phone scams present themselves in various different forms. There are a range of strategies a scammer employs to trick the victim including number spoofing. This is where a scammer disguises the original caller ID with a number they choose e.g. a local kiwi number, but the call is actually coming from overseas.

See a list of verified phone scams

  • It’s a cold call you weren’t expecting. The scammer claims they have identified a problem in the customer’s modem/ computer or that their WiFi has been hacked or running slow due to a recent Fibre install or virus. They offer to help by taking control of the home computer through Team Viewer. Spark does not call customers unexpectedly to say they have a virus on their computer or their modem.
  • If the customer is suspicious, they often provide a New Zealand number for the customer to call back on. This number is owned by the scammers as well and the phone is answered ‘Hello, Spark help desk’.
  • The scammer claims to be from Spark’s Help desk and offer their Spark staff number to prove they are an employee. They even offer to give you details of their manager to call.
  • They may know your full name, address and birthday. This information can be found through research online or bought on the black-market and you should not assume they are legitimate for knowing these details.
  • The scammers call from an international call centre with a large number of staff - it is often very noisy in the background.
Was this article helpful for you?
Thanks for your feedback.
Thanks for your feedback.