Skip to main content

Beware of a fraudulent scam offering Heartland Bank bonds and term deposits - read more.

Scam alert

We are aware of a sophisticated scam offering investment bonds and fixed term deposits, using the Heartland Bank brand. The scammers have developed a fake comparison website, email addresses and phone numbers. They have made phone calls to people claiming to work for Heartland and sent emails with links to their website with fake Heartland Bank branded product fact sheets and application forms.

Before you invest, please be diligent and act with caution when participating in investment offers. Do not reply to unsolicited emails or phone calls and always check that you’re applying through verified Heartland Bank channels before transferring any money. If you are unsure, hang up and contact Heartland Bank using our verified channels.

Heartland Bank will not contact you by phone to offer you any investment products, including bonds and term deposits (although we may call you about a deposit account you already have).

How to spot a scam and what you need to do if you suspect one

If you receive an email from an address which doesn’t end in @heartland.co.nz then it is not from Heartland Bank. If the email includes a link, hover over the link to check the URL. If the URL doesn't start with https://www.heartland.co.nz or https://digital.heartland.co.nz then this is not Heartland Bank's website.

If you are searching for term deposits online, then always check the URL of the web page which you land on. Never provide your personal details on webpages and online application forms which do not have an authentic URL.

Go to ownyouronline.govt.nz for more information about how to protect yourself online.

If you suspect you have been targeted by an investment scam or detect any suspicious online behaviour regarding any Heartland Bank products, please email the Heartland security team immediately at [email protected]. We will investigate your issue and advise you of the appropriate action.

You can also report the scam to the Financial Markets Authority by emailing [email protected] For more information, visit their website www.fma.govt.nz/scams/report-a-scam/

Heartland Security

Your online security and identity is important to us and we work hard to make sure your details are kept safe. If you detect any suspicious online or behaviour or email scams, please contact our Heartland security team immediately. Email us at [email protected].

How we protect you

We have a number of measures in place to help keep your account and data safe.

We will never ask you to disclose your user ID or password over phone, email or in person, nor will we send you an email with a link to online banking. We use HTTPS encryption throughout our websites to ensure that any communication, transactions or online application data between your browser and our websites is safe and secure.

How secure is the Heartland Mobile App?

  • Sensitive data travelling across the internet between your device and our systems is encrypted twice*
  • We will lock your account automatically if the incorrect password is entered too many times
  • The app will time-out if it is left running with no activity
  • We conduct security assessments of our app and supporting infrastructure to ensure that potential vulnerabilities are identified and addressed. These assessments are carried out by a third party that specialises in information security

How to protect yourself

  • Check the website you’re on

    If you have doubts about the legitimacy of the website you’re on, remove the website address and re-enter www.heartland.co.nz into your browser address bar.

  • Don't respond to requests for your personal information

    We will never ask you for your online banking password. If you receive a phone call, email, or request for your password, contact us immediately on 0800 85 20 20 and press 1, or at [email protected]. If you're overseas at the time, you can call us on +64 9 927 9641. We’re available Monday to Friday, 8.00am – 5.30pm.

  • Install anti-virus and anti-spyware tools

    Ensure your antivirus is up-to-date. This helps increase the chances of detecting online threats.

  • Update your browser regularly

    For compatibility and increased security we recommend that you use the latest version of your browser.

  • Create a safe password

    The password you choose for online banking should be different to any other passwords you use across the internet. You should also try and avoid passwords that can be easy for anyone to guess such as your street name or number or date of birth. We recommend creating a password with a mix of lowercase and uppercase letters, numbers and symbols.

  • Never share your password

    Never disclose your password to anyone even if they say they’re calling from Heartland Bank. If you think someone else may know your password we recommend you change it immediately.

  • Update your password regularly

    We recommend you change your password every six months. It’s easy to change your password at any time online using the My Settings option.
    You could also consider a password manager. Password managers help by remembering all your passwords and may also check for data breaches, visit Cert NZ for information on choosing a password manager.

  • Ensure you log off after each session

    This is especially important if you use Heartland Digital at work on or a public computer.

Don't forget

  • To let us know if the electronic device you use to receive the passcode for access to your online banking is lost or stolen, or if you become aware of any unauthorised use.
  • To ensure your internet browser and/or devices are capable of supporting the encryption and other technical requirements of our online banking which we update from time to time, by updating your web browser.
  • You shouldn’t use an electronic device which contains software that has the ability to compromise passwords, PIN codes and/or data (such as spyware).

Types of online threats

These are some of the common threats that can be used to obtain your information.

  • Phishing emails

    These are typically emails you receive from a person or company trying to obtain your personal information such as your online banking username, password, account number or credit card details. These emails will direct you to a fake website that will look similar to the actual website and ask you to enter your personal details. These emails could also infect your computer with malware or viruses that may be used to capture your personal information without your knowledge.

    If you weren’t expecting to receive an email from us, or have concerns around its authenticity, then make sure you don’t respond or click on any of the links.

  • Spyware

    This is software that secretly collects your personal information by recording your keystrokes, which are then sent to various people over the internet. You can sometimes unknowingly download spyware while accessing a file sharing site, opening an email attachment or by clicking on a link in an email.

    To protect yourself from spyware make sure your anti-virus software is up to date and that your browser and software are up to date. If you think you’ve been compromised then update and run your anti-virus software and update all your passwords.

If you want to know more, see our Online Services Terms of Use.

Report a security issue

If you detect any suspicious online behaviour or email scams, please email our Heartland security team immediately. We will then investigate your issue and advise you of the appropriate action.

Email us at [email protected].

Back to top TOP