The following information is intended to address any general concerns clients may have around the security of online enquiries and transactions.

OnePath makes every effort to ensure optimal security of your data and all transactions at all times; clearly, protecting our clients is also good business for us. However, no matter how much we do, there are still some risks in transacting online. You also need to take some action to protect yourself. The following information is designed to help you do this.


Internet security threats


Phishing refers to the online fraud technique of sending official-looking email messages with return addresses, links and branding, all of which appear to have come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website where account holders are misled into entering their customer names and security details on the pretence that these security details must be updated or changed. Once this information is given, it can then be used on legitimate sites to take your money.

It is important that you are suspicious of any emails asking for your account information and think very carefully before meeting such requests; see more on OnePath’s standard email practices below.

Imitation of OnePath websites

OnePath monitors the internet to find imitation websites, which is often the first step made by phishers. We then work with the appropriate authorities to have these websites closed down as quickly as possible.

Advance fee fraud

You may already have heard of ‘advance fee fraud’, where emails offering large sums of money are sent to thousands of email addresses, with a modest ‘fee’ required in order to cover legal fees, open an account or pay customs charges. Sometimes the money offered is as a result of a lottery for which you have never bought a ticket. Sometimes the money is held in an account overseas but the account owner cannot access it. They promise a percentage of the money in return for your help. In both cases, various fees have to be paid.

Do not respond to these emails. They are a fraud and you will not receive any of the promised money.

We include this warning as we are aware that the criminals carrying out these frauds have in the past used the name OnePath, or an OnePath subsidiary, as part of this scam.

Spyware and adware 

Spyware is a type of software that covertly collects user information while connected to the internet.

Adware is a type of spyware used by marketers to track a user’s internet habits and interests for the purpose of customising future advertising material. Adware can monitor information such as sites visited, articles read, types of pop-ups and banners the user clicks on. The information is then used to customise future advertisements directed to the user, or it can be sold to a third party for the same purpose.

Virus and worms 

A virus is a software program that is able to replicate itself when a set of conditions have been satisfied. These conditions usually involve human interaction. Once activated, a virus can be very destructive, including overwriting the files of a local hard disk.

A worm is a self-replicating software program that attempts to spread to other computers. As with a virus, a worm can be very destructive.

Trojans (or Trojan horses)

Trojans are software programs that disguise themselves as an application on an individual’s computer. This type of program does not replicate itself like a virus or worm, but it can be just as harmful. For example, one known Trojan horse promotes the idea it will attempt to remove viruses from a computer. However, instead of removing them, it infects the computer further.

OnePath’s standard practices

OnePath may on occasion communicate with clients by email. So how can you tell if an email is genuinely from us or if it is fraudulent?

OnePath will address you by name in any emails.

OnePath will not embed hyperlinks in emails that take you to sites where you must enter your security information.

OnePath will never ask for you to confirm your details by email.

If you have any doubts about any email that is apparently from OnePath, please contact us by sending an email to insurance@onepath.co.nz or calling 0508 464 999.

Verifying websites

The following are steps you can take to make sure the site you are entering really belongs to OnePath, and is a secure site.

Check that the website is secure – the URL (address) will begin with https://

Address Bar   


If https, the secure lock icon, a small padlock, will appear on the lower bar of the browser.

Trusted Sites

Click on the padlock icon to see the details of the security certificate. The certificate shows who owns the site; it should be OnePath NZ. Check that the details and validity are correct.

We work with well known certification authorities such as Verisign, GlobalSign and Thawte.


If you have any doubts about a website, please contact OnePath by sending an email to insurance@onepath.co.nz or calling 0508 464 999.

Protecting yourself

Take care of your personal information

Your account numbers, customer number, PIN, memorable date and customer identification number are the 'keys' to your account. Never write them down, give them to anyone else or include them in an email. Remember that protecting your customer number, PIN and security details is your responsibility.

Take care of your computer 

Update your computer by installing the latest software and patches, to prevent hackers or viruses exploiting any known weaknesses in your computer. 

Install and update virus protection, to protect against viruses corrupting your computer and to prevent hackers installing Trojan viruses on your computer.

Install and update anti-spyware tools.

Install and update personal firewalls.

Only use programs from a known trusted supplier.

Be wary of banners, ads and pop-ups while on the internet. Do not click on them, no matter how enticing they may appear.

Review terms and conditions when you install free programs or subscribe to services from the internet. 

Beware of spam emails

Use a spam filter to avoid even seeing these messages.

Never respond to a spam message; your email address is then recorded as 'live' and the spamming will increase.

Should you read a spam message, remember – if it sounds too good to be true, it probably is!


More information

The Anti-Phishing Working Group provides statistics on phishing attacks and advice for individuals and companies.

For more information, please contact OnePath by sending an email to insurance@onepath.co.nz or calling 0508 464 999.