Keeping your account safe

At Summer we take the security of your personal information seriously and take steps to keep this information private.

During COVID-19 there may be an increase in cyber-attacks. We encourage our members to be vigilant across their online activities during this time and be careful of phishing emails.  

To help protect your account we:

  • Will never ask for your login details via email or phone
  • Automatically log sessions out after 10 minutes of inactivity
  • Will send a confirmation email when changes are made to your account

There are also a number of things you can do to help protect your Summer KiwiSaver scheme account.

  • Keep your password safe by not sharing it with others, writing it down, saving password details on shared or public computers or using the same password across all your logins. Learn more about how to create a good password from CERTNZ.
  • Install anti-virus software on your computer and keep these up-to-date, running regular checks.
  • Run updates - In addition to providing new features, updates issued may also be about fixing known security issues. Take the time to look at the updates recommended.
  • Keep your operating system and web browser up-to-date.
  • Log out when you are finished checking your Summer account. This is especially important if you are using a shared or public computer.
  • Connect from a secure URL. To check the URL is secure look for ‘https’ at the start. You should also see a padlock symbol. Typing directly in to your browser will help ensure you are accessing the true website.
  • Be aware of phishing emails or spam phone calls. See below for more about phishing.  
  • Check for unusual activity, for example profile changes which you didn’t make. At Summer we always send out email confirmation of any changes applied so if you receive an email and haven’t made a change, please contact us.

Credential dumps

Sometimes personal information can be compromised, such as during a data breach. This can mean information, such as email addresses and passwords are published online and can be exploited.

If your information has been part of a breach you should change the password for the applicable accounts straight away. This includes other accounts that you have used the same or similar passwords for.

Read more about data breaches and credential dumps on the CERTNZ website.

What is phishing?

Phishing is when scammers pretend to be trusted brands to trick people into giving out their personal information, such as account login details or money. Two of the more common phishing tactics are sending authentic looking emails or via phone calls. With phishing emails, they often create a sense of urgency and prompt you to click a website link, which may ask you to enter sensitive information or download a virus to your computer.

What to do if you think you have received a phishing email?

If you are in any doubt about the authenticity of communications you have received from Summer, please let us know.

If you are suspicious of an email:

  • Don’t open any attachments or click any links within it
  • Check the actual email address it was sent from, as phishing emails often impersonate the display name 
  • Check where the links really lead by hovering your mouse over them. If the URL shown when you hover over the link looks suspicious then treat the email as a phishing email
  • Don’t reply to the email
  • Forward us a copy of the email then delete it

You can find out more about Phishing on CERTNZ

Make it easy to access your Summer account

You can save a shortcut to your device for faster access in future. Simple instructions can be found here.

If you think you have given out personal details or have any concerns about your Summer account, we suggest changing your password via the 'Manage my account' menu and contacting us immediately.