i

ASB Scam Hub

Let's all get one step ahead of scammers.

Urgent help and current scams

    Our helpline

    Have you spotted suspicious or unfamiliar activity on your account? Our specially trained team are available 24/7 to help keep you safe.

    Get help

    Received something suspicious

    Got something phishy? Check out the latest scams targeted at our customers.

    Current scams

    Would you like to report a suspected security vulnerability?

    Discovered a possible security vulnerability affecting an ASB service?

    Report it here

What is a scam?

Scams and fraud are on the rise, they're getting more sophisticated and harder to detect which means it's easier to get caught out. 

Scams are malicious attempts to try and trick you into giving away your money, login details, credit card details or any type of personal information.

Anybody can be a target. Scammers are devious, they will rush you into decisions and will often take advantage of you while you're busy or multi tasking. Check out our tips and tricks to keep you and your hard-earned money safe. 

Scammers will take advantage of your good nature.

  • It's ok to hang up if you're suspicious of who is on the other end of the call.

  • It's ok to ignore a call from an unknown number. 

  • It's ok to not respond to someone you don't know. 

Remember to never share your login details, password or PIN with anyone.  ASB will never ask you for your login details or remote access to your computer and online banking.

What is ASB doing to keep you safe?

 

Protecting you and your accounts is our priority. That's why we're committed to helping you get one step ahead of scammers.

  • Our scams and fraud contact line is available 24/7 at 0800 ASB FRAUD (0800 272 372), offering support with customers with security concerns. 
  • We use advanced artificial intelligence (AI) protection to detect suspicious and unusual behaviour, alerting potential fraudulent activity on your account.
  • Our secure digital messaging functionality within the ASB Mobile Banking app allows you to let us know if a transaction in question is genuine or wasn't made by you.
  • When you call ASB, two step verification allows ASB to send you a secure in-app notification to help verify your identity and confirm it's you calling. If you receive a call claiming to be from ASB, you can also request us to send you an in-app notification to verify that it is ASB calling.
  • We're working alongside CERT NZ, the FMA and NetSafe to raise awareness around online safety and current scams.

How to protect yourself

    Enable push notifications

    Downloading the ASB Mobile Banking app and enabling push notifications allows us to send you important security alerts.

    Type asb.co.nz into your address bar

    We will never send an email or text with links to online banking. Always log in by typing asb.co.nz into your address bar, or using the ASB Mobile Banking app.

    Use a strong and unique password

    Use a phrase you can remember and add numbers/special characters like 3veryCh1ckenL0vrsBeetles!

    Set daily payment limits

    Lower the amount that can be paid from your account in a single day.

    Complete an ASB Security Checkup

    Log in to FastNet Classic internet banking or your ASB Mobile Banking app. Click your name in the top right-hand corner (FastNet Classic) or the top right cog (ASB Mobile Banking App), select security (ASB Mobile Banking App) and then select "Security Checkup".

    Enable two-step verification

    Two-step verification helps protect your account from unauthorised activity. We may ask you to confirm your identity when logging in or making payments. Learn more.

Types of scams

  • Phishing is a type of scam where the scammer poses as a legitimate entity, often through deceptive emails, text messages (SMShing) or websites, in order to trick you into revealing sensitive information like passwords, credit card details, or personal identification.
     
    These communications are designed to appear trustworthy and usually have a sense of urgency in the messaging. It's important to be vigilant and verify the authenticity of any requests for sensitive information online to protect against phishing attacks.
     
    Check the email address or number this has come from and if it looks "phishy" contact the company on their trusted email, phone number or webpage. Always delete these type of emails and install antivirus to help detect these malicious emails.
     
    Never click any links in text messages. Contact the organisation directly on trusted contact details. Always delete these type of text messages.
     
    If you receive a suspicious text, you can report it to the Department of Internal Affairs free of charge by forwarding it to 7726. Once reported, you'll receive a text response asking you to complete a report. This will help stop others falling for the same scam.
  • An investment scam is a fraudulent scheme where individuals or entities promise high returns on investments, so they can steal the victims' funds.

    These scammers often use persuasive tactics and false information to lure you into handing over your money. They may present themselves as legitimate investment firms, offering products like stocks, real estate, or cryptocurrency. Returns may be higher than normal market returns, although normally not enough to raise suspicion with their victims.  Once the funds are handed over, the scammer typically disappears or provides fake updates to delay suspicions. 

    It's important to be cautious and conduct thorough research before making any investment, especially if the opportunity seems too good to be true. Take your time to investigate the company - thoroughly. Before you make any decisions, you should speak to a licensed financial advisor or professional.

  • Romance scams involve deceptive individuals who create fake romantic relationships with the intention of exploiting you emotionally and financially. These scammers often pose as genuine love interests on online dating platforms, social media, or even through email. They use affectionate messages and build a sense of trust and intimacy with their targets. Once trust is established, they may fabricate a crisis or financial need and ask for money or personal information. People who are emotionally invested, may be more susceptible to providing financial support. 

    It's important to be cautious and sceptical when developing online relationships, especially if requests for money or sensitive information arise. Don't send money, card or bank details or important identity documents like your passport to someone you've only met online: No matter how long you've been messaging them.

    Never agree to transfer money for someone else. That is called money laundering - which is a serious offence.

  • Impersonation scams involve a deceitful attempt by a scammer to pose as a trusted individual, organisation, or authority figure. These scams can take various forms, such as fraudulent phone calls,  text messages, or even in-person encounters. The goal is to gain your trust and manipulate you into providing sensitive information or money. 

    Common examples include tech support scams, where scammers pretend to be IT experts, and Bank staff impersonation, where they claim to represent your bank. Staying cautious and verifying the identity of unfamiliar contacts is crucial in protecting against impersonation scams.

    If this happens hang up immediately and call 0800 ASB FRAUD (0800 272 372 or +64 9 303 0332 if you're overseas). You can also ask ASB to send you a notification through the app, this is known as 2 step verification.

    If you receive a suspicious text, you can report it to the Department of Internal Affairs free of charge by forwarding it to 7726. Once reported, you'll receive a text response asking you to complete a report. This will help stop others falling for the same scam.

  • A job scam is a fraudulent offer of work that is intended to mislead people seeking legitimate employment. It will usually involve working remotely from home requiring no previous experience for high wages and the lure of fast money for little effort.

    The scammers objective is to deceive job seekers into giving away their money, bank account details or disclosing other private information to use for criminal purposes.

    Be wary of unsolicited job offers that are found on social media platforms or sent via SMS or via services like WhatsApp or Facebook Messenger. Look out for employers with no physical address that require money up front and where you are asked to use your own bank account or open other bank accounts to move money through.

    Check out any offers of work carefully and research the 'company' that reached out to you to verify the job offer. Remember if it sounds to good to be true, it most likely is.

  • An online buy and sell scam is when someone poses as a buyer or a seller on a buy and sell social media page or group, or sets up a fake business. Often, this happens on the likes of Facebook Marketplace or Trade Me. Scammers usually exploit your optimism by offering goods or services that may not exist at a price that seems too good to be true.

    If you're buying, inspect the goods in person, check the seller's reviews, ask for more photos and be cautious if the price seems too good to be true. 

    If you're a seller, only use trusted payment methods, don't take screenshots as proof payment. Check your bank account before sending goods. And don't click on any links a buyer sends you to confirm purchase or postage.

  • Fake websites are deceptive online platforms designed to mimic legitimate websites. They are created by cybercriminals with the intent to trick you into believing you are interacting with a reputable organisation, like a bank, online store, or government agency.

    These fraudulent sites often look very similar to the real ones, with convincing logos, layouts, and content. They may prompt you to enter personal information, such as login credentials or credit card details, which is then stolen by the perpetrators for malicious purposes. 

    Avoid falling victim to fake websites, by verifying the website's authenticity - check the URL, look for security indicators, and avoid clicking on suspicious links.

    If you have a secure, authenticated way to reach an organisation (an app or portal) use these rather than search engine results. Do some research on the organisation or person you are dealing with before giving anyone your money or personal information. Don't rely on reviews written on the website itself - search for independent reviews on other sites.

  • remote access scam is when someone requests you to download software that shares remote access to your device. This will allow scammers to take control of your device and get hold of your personal information without you knowing. 

    If you receive a phone call out of the blue about your computer and remote access is requested - hang up immediately - even if they mention a well-known company.

    If you have given remote access to a scammer, turn your computer off immediately, this will end the remote access session.

  • Malware, short for malicious software, refers to any type of software or code intentionally designed to cause harm to your computer system, network, or device. Malware is typically created by cybercriminals and is often disguised as legitimate software or hidden within seemingly harmless files. Once it infects a system, it can carry out harmful activities like stealing sensitive information, damaging files, or even taking control of the device.

    Protecting against malware involves using antivirus programs, regularly updating software, and being cautious when downloading files or clicking on links from untrusted sources. Be wary of free downloads and website access, such as music, games, movies and adult sites. They may install harmful programs without you knowing.

How to protect your business

Whatever your business or size, every business needs cyber protection

    Keep all your digital devices up to date. Software updates (also known as patches) don't just add new features - they often fix security vulnerabilities with your devices too, making it harder for cyber criminals to take advantage of exploits to access your systems and information.

    Always double check invoice details before making a payment. For example, you can compare new invoices with ones you've received in the past or call the provider to help spot anything that may look suspicious.

    Backup your data. Creating one or multiple backups of your business' data is a crucial step in building Cyber resilience in your business. If your business data is compromised in any way - eg. lost, leaked or stolen - a backup lets you restore it quickly so your business can keep running.  

    Security matters. Register to our 'Security Matters' newsletter to keep up-to-date with recent scam trends and top tips to keep you and your business safe.

    Stop and think before clicking that link! Cyber criminals may send you messages containing links or strange attachments to catch you off guard and gain access to your systems or information.

Types of scams targeting businesses

  • Using stolen credit card details, a scammer identifies a business and places an order to purchase goods. They provide payment details via email or over the phone as if they were a legitimate customer from overseas.

    They ask the business to add the international freight costs to the order and ask to have the freight handled by a fake shipping company. The business is asked to pay the freight costs directly to the fake shipping company via international money transfer.

    The scammer does not expect to receive the goods and doesn't care that the real card holder will soon discover their card details have been stolen and dispute the transaction. By this stage the scammer has received payment for freight and the business owner is out of pocket for potentially thousands of dollars.

    Tips to avoid being scammed:

    - Beware of communication using generic email addresses such as Gmail, Yahoo etc.

    - Only deal with reputable international shipping providers.

    - Beware of anyone using multiple cards to complete an order.

    - If you are concerned, make a small, partial refund (28 cents for example) back to the card used and ask the customer to confirm the refund amount.

    - Beware of anyone too busy to talk on the phone and insisting to communicate only by email.

    - Never use funds received via credit card to complete an International Money Transfer.

  • Altered invoice scams can be hard to recognise as they're usually invoices or requests for payments that you were already expecting.

    If a scammer gains access to a business email account, they will be able to discover when large payments are due. The scammer will then send an email from the business' email address asking the customer to pay into a different bank account, saying that they have recently changed banks.

    Tips to avoid being scammed:

    - Check invoice details with ones you have received in the past.

    - If in doubt, call the business that sent the invoice on its publicly listed number.

    - Ensure your staff are trained to recognise potential red flags.

    - Have strong cyber protection - make sure your devices are up to date, data is backed up, you are using strong passwords, Two-factor authentication and have security against viruses and malware.

  • Accommodation scams target hotels and motels. Scammers will make a booking online or via email using stolen credit card details.

    They will request that the booking is cancelled, often providing a serious reason, such as the death of a family member. They will ask for a refund to a separate account, either to a different card or via International Money Transfer.

    Once the legitimate card holder realises their card has been stolen and sees the payment, they raise a charge back through their bank and the business owner may be liable for the loss.

    Tips to avoid being scammed:

    - Scammers will target businesses that accept card details over the phone or via email.

    - Only refund back to the original card used.

    - If you are concerned, make a small, partial refund (28 cents for example) back to the card used and ask the customer to confirm the refund amount.

  • Scammers will cold call a business pretending to be from a legitimate business, offering savings on tax bills. Sometimes these false savings are up to 50% or they may even offer small business loans.

    They may say they are offering discounts because they have vouchers which are about to expire.

    The scammer will pay the tax bill to the IRD using card details they have illegally acquired, and the business pays the discounted amount to the scammer.

    Once the card holder discovers the fraudulent transaction, they challenge it with their bank, which leaves the victim out of pocket and with a tax bill still to pay.

Is it a scam?

  • We will never send you a text message with a link.
  • We will never send you a link to an unsecure website.
  • If we sent you a text with a phone number to call, you can verify it on asb.co.nz before you pick up the phone.
  • If we notice something unusual on your account or if we need to verify any abnormal activity, we will send you a notification in the ASB Mobile Banking app or FastNet classic.
  • We won't ask you to make transfers to protect your money or to help catch criminals and hackers.

If something seems off, check asb.co.nz for our contact details and check in with us.

Could it happen to you?

How Sandra lost $80,000

61-year-old Sandra received a phone call from Daniel who said he was from her internet provider. Daniel said that Sandra had a problem with her internet connection and if she didn't act soon, it would be disconnected. She agreed to let Daniel help her, and downloaded and installed a computer program that gave Daniel access to her computer. Daniel also asked her to read out the special code he claimed he texted to her. So, Sandra read out the number in the text to him.

That day, Daniel scammed Sandra out of more than $80,000.

Would you hang up?

Test yourself

How Tim was scammed out of $950

35-year-old Tim got an email that seemed to come from ASB labelled as 'Urgent'. The email informed him there was an unrecognised login to his account. It said he needed to verify his account details by clicking on a link in the email and entering his login details. Tim was worried that his account would be blocked and immediately clicked the link to verify his account details. He entered his username and password.

A few weeks later, Tim was scammed out of his holiday savings of $950.

Would you recognise a phishing email?

Take the quiz

Questions you might have

    • If you are speaking to someone you think may be defrauding/scamming you, stop all contact immediately.
    • If you have made any payments - do not make any more.
    • Call us immediately on 0800 ASB FRAUD (0800 272 372). The sooner we know about it the greater the chance we have to get your money back.
  • ASB will never send you a message or contact you over the phone to ask for your internet banking passwords or full card details.

    If you have clicked on a suspicious link:

    • Close your browser.
    • Call us immediately on 0800 ASB FRAUD (0800 272 372) so we can help secure your account.
    • Empty your browser cache and clear your browse history.
    • Perform a virus scan on your computer using anti-virus software.
    • Forward the message to us at phishing@asb.co.nz and then delete it.
  • Fraudsters/Scammers will often make you feel a sense of urgency. The bank, police or any government agency will never ask you to send money away.

    If you're unsure about the person you're speaking to:

    • Politely hang up the phone.
    • Find a contact number for their company by searching online and phone them to confirm (don't use any phone number they provide to you).
    • If you have concerns about your bank account, call us 24/7 on 0800 ASB FRAUD (0800 272 372).
  • ASB will never: ask for your internet banking passwords or full cards details via email, text, phone or voice message.

    ASB does: send security alerts via your ASB Mobile App or Fastnet Classic internet banking if our fraud monitoring systems detect anything unusual on your account.

    If you have any concerns call us 24/7 on 0800 ASB FRAUD (0800 272 372).

Need help?

Call us

If you're worried that there has been a breach in your ASB account security, please get in touch with us immediately on 0800 ASB FRAUD (0800 272 372 or +64 9 303 0332 if you're overseas. Our team are here to help 24/7.

There are also many organisations that can help, including:

For any other queries, please contact us below.

0800 803 804

Easy English

Read our ‘Scams and Fraud’ guide in Easy English.

Scams and Fraud in Easy English