Well this has apparently been going on for a couple of weeks but this can be a warning to those who have not seen it yet; I've just received an e-mail from someone claiming to be Kiwibank.
I have called Kiwibank to report this and forwarded the e-mail (firstname.lastname@example.org is the address to send it to if you have one) and apparently they know about this already.
/* EMAIL **/
(from) Kiwi Bank
(subject) Update & Re-confirm your account details.
(mailed by) ptd.net
You have one new Security Message !
Update and Re-confirm your account details.
Click here to Log In
/* /EMAIL **/
ptd.net looks like a US ISP (PenTeleData - http://ptd.net/tiki-index.php)
onionshed.com (22.214.171.124) doesn't load an HTTP page but appears to be registered to:
registrant-organization: Onion Shed
registrant-street1: PO Box 43
(http://who.is/whois/onionshed.com/) and is hosted by http://1and1.com/ (lol!)
Now, my geek senses were tingling even before I opened this e-mail as I am not a current Kiwibank customer. The only correspondence I have ever had with them was a few months ago regarding opening an account (I wanted to check out their money manager http://heaps.co.nz/) but I didn't open one as I decided to wait until later this year.
My most urgent concern is that the e-mail address this was sent to - the one I use exclusively for banking/private mail - seems to be in the hands of spammers.
I am concerned that there might have been a leak of customer information somewhere as that e-mail is closely guarded (its a little paranoid, I know) and hasn't been used publicly anywhere online and definitely not in conjunction with Kiwibank (other than said e-mail registration).
I find this slightly annoying as I'm not sure what I can do about this; I deliberately have throwaway Gmail/Hotmail/Hushmail e-mail addresses to use with internet forums, Facebook and the myriad of other places an e-mail address can be leaked easily.
What can I do when an important and trusted NZ company leaks - accidentally or not - my private e-mail address? Has anyone else had an e-mail address they would rather not have shared thrown out into the internet by a company?