i

Current phishing & scams

If you have received a suspicious-looking email, SMS text message or phone call, it may be a scam or a phish.

Not sure if it's really ASB?

    If you are an ASB customer and we notice something unusual on your account, we will send you a notification in the ASB Mobile Banking app and an SMS text. You can confirm whether the transaction is genuine or fraudulent by clicking the bell icon within the app.

    We may send you an SMS text or an email with a phone number to call us on. Find any ASB phone numbers here.

    We will never send you an SMS text message with a link to a website or an online banking log in page. Instead, we'll encourage you to type www.asb.co.nz directly into your browser and log in from there.

    We will never ask you by email or SMS text for your secure banking information. That includes account or credit card details, password, PIN number or Netcode details.

We take the protection of your money seriously and have systems in place so you can bank safely online. Find out more about how to protect yourself from fraud and scams.

Latest phishing and scams

We are aware of the following phishing and scams affecting our customers. The following emails and SMS texts are not from ASB, or in any way authorised by us. Stay vigilant for these or similar versions that might be aimed at you.

Cold call scams (impersonating bank staff)

A number of customers have received calls from scammers pretending to be from the ASB Fraud team and also other banks, telcos, and well-known organisations. The caller may state that your account is being hacked and that they are trying to protect your money. In some cases, people are being told to download remote access software and log into their internet banking.

Remember, do not share your personal or banking information, follow any instructions or transfer money. If you have received a phone call and think your account has been compromised, please call us on 0800 ASB FRAUD (0800 272 372) or +64 9 303 0332 if you're overseas, or visit your local branch.

How do you know if it's really ASB? Our fraud team may call customers from time to time to verify unusual transactions. However, we will:

  • Never ask you for your banking passwords, PINs, or two factor authentication codes
  • Never need to know your full credit card number - especially not the CVV (number on the back of your card)
  • Never require you to transfer money, purchase gift cards, set up cryptocurrency accounts or set up money remittance accounts
  • Never ask you to download software or remotely access your device.

If you're unsure who you are speaking to, hang up and phone the number listed on that company's legitimate website.

IRD Tax refund scams

Are you due a tax refund? Whether you are or not, beware of scammers sending fake emails, texts, social media messages and making cold calls, that say you have a tax refund owing.

Example:

This is an example of a fake email promising a tax refund of $874.84.

Clicking on the fake link could lead to your banking details, username, passwords and other private information being compromised.

The messaging can come in many forms, so be sure to stay vigilant. Some other examples are:

  • ‘your refund is now available to claim visit [FAKE LINK]’
  • ‘your tax refund is placed on hold pending account verification, to verify [FAKE LINK]’
  • ‘the last balance on your account has been paid twice due to a systems error please complete to get a refund [FAKE LINK]’
  • ‘your tax return was not completed please verify your details [FAKE LINK]’
  • ‘we couldn’t find an account to deposit your tax refund. Enter your details to process your payment at [FAKE LINK]’

Always be wary before clicking on any links and do your due diligence:

  • Go to the IRD’s publicly listed web site for up-to-date information and things to look out for
  • Don’t be rushed into replying. Take a ‘sec to check’
  • Is the IRD email address the correct one on the email?
  • Check the link by hovering your mouse over it. The address will appear at the bottom of your screen. Make sure this is correct before acting on it
  • For cold calls, don’t be afraid to ask the person’s name. Call them back on a publicly listed number to verify as genuine
  • Social media scammers use fake social media accounts:

1. Look at the number of followers. Fake social media accounts often show only a few followers.

2. Check the activity on the accounts, the number of posts made and how often they are made.

3. See when the account was created. A recent account may indicate it has been set up as a fake.

  • Remember, something that looks too good to be true, usually is.

Romance Scams (scenario)

Online friendships and romances aren't always what they seem. The following is a romance scam based on a real-life situation. After receiving a friend request on Facebook, the victim, an elderly lady living by herself, struck up a friendship with a man she hadn't met before. The man claimed to be an Irish engineer working in the United Arab Emirates. They messaged regularly over a 9-month period, although she never saw him face to face. The man led the victim to believe that he would travel to NZ, and they would get married. He asked for $10,000, saying he needed the money to pay bills and for air tickets and he would pay her back. To appear legitimate, he even sent her forged documents including invoices for air tickets and letters from his fake employer.  Believing that the man was honest and genuine the victim contacted ASB to send the funds. Fortunately, ASB bank staff were able to work with the victim and establish that the man was a scammer and in this case no money was lost. 

How to avoid a romance scam: 

  • Beware of any unsolicited friend requests from strangers. Requests can come via email, social media, dating sites or any other website or apps. 
  • When communicating, scammers will avoid speaking with their face showing on video calls. 
  • They are willing to spend months building trust and are quick to express their love and intimate feelings. 
  • They may start by requesting small amounts of money to test the waters, then build up to larger amounts. 
  • They will create a need of urgency requiring immediate action. Family problems, business problems, needing money for air tickets, pay bills, money for a medical emergency, money to escape a dangerous situation. 
  • Try not to overshare personal information such as family history and never share passwords or bank details.
  • Scammers are very convincing - speak to someone you trust like your friends, family or your bank before sending any money. 
  • Google their name - others may have reported them online. 

What to do if you have been scammed:

  • Don't feel embarrassed - reach out for advice. 
  • Contact your bank right away. 
  • Report it to the police. 
  • For free advice contact your bank and organisations such as Netsafe, Consumer protection, Age concern and ID Care.

Complex phishing scam targeting online buying/selling

Be aware that scammers operate as fake sellers and fake buyers. In this current scam, the scammer poses as a fake buyer to obtain internet banking details getting full access to your bank accounts. 

How it works: 

Using a fake profile, the scammer messages the seller to buy the item, including a link to a screen that requests the seller click on "Receive Money" to obtain payment. Clicking on the "Receive Money" link takes the seller to a screen where they select their bank. 

In the example above, ASB is selected but it could be any banking option. The seller is then taken to a fake ASB site that asks them to enter their bank username and password. This information goes straight to the scammer giving them everything they need to log in to the customer's online banking and begin emptying the funds from the seller's account. 

Scammers will go to extraordinary lengths to make things look legitimate - in this case, even using fake chat to support the scam. 

Tips when buying or selling items online:

  • Be ASB safe, type asb.co.nz into your browser to access your internet banking
  • Be vigilant against attempts to trick you into giving away your personal details, especially your banking username, passwords and netcode (two-factor authentication)
  • Avoid clicking on links, they can take you to fake websites
  • Use trusted methods of payment
  • Don't trust screen shots, scammers have ways of faking payment receipts or confirmation showing you they have paid
  • Check how active a buyer or seller has been on their account. Is it a recently created profile, incomplete, with few or no friends and no reviews?
  • If you are buying items that are local, large, or expensive, go to see the item in a public place
  • If the item needs to be shipped, make sure you get a tracking number
  • Beware of buyers overpaying for the item and requesting a refund for the difference

Can't find what you're looking for?

If you’ve received a suspicious email or SMS text. Don’t click on any links, download or install any attachments. Forward the email or take a screen shot of the SMS text and send to phishing@asb.co.nz. Then delete the suspicious email and text.

We have a dedicated team that investigates reported phishing attempts. Please note: Due to the volume of emails, we cannot respond directly to queries. You can also report it to CERT NZ.

Have you already clicked a link in a suspicious email or text?

ASBView the latest phishing attacks