i

Current phishing & scams

If you have received a suspicious-looking email, SMS text message or phone call, it may be a scam or a phish.

Not sure if it's really ASB?

    If you are an ASB customer and we notice something unusual on your account, we will send you a notification in the ASB Mobile Banking app and an SMS text. You can confirm whether the transaction is genuine or fraudulent by clicking the bell icon within the app.

    We may send you an SMS text or an email with a phone number to call us on. Find any ASB phone numbers here.

    We will never send you an SMS text message with a link to a website or an online banking log in page. Instead, we'll encourage you to type www.asb.co.nz directly into your browser and log in from there.

    We will never ask you by email or SMS text for your secure banking information. That includes account or credit card details, password, PIN number or Netcode details.

We take the protection of your money seriously and have systems in place so you can bank safely online. Find out more about how to protect yourself from fraud and scams.

Latest phishing and scams

We are aware of the following phishing and scams affecting our customers. The following emails and SMS texts are not from ASB, or in any way authorised by us. Stay vigilant for these or similar versions that might be aimed at you.

HI MUM SCAMS

We have recently celebrated Mother's Day, so what better time to discuss the 'Hi Mum' scam. 

These scammers typically send a text or instant message from an unknown number or account. It usually begins with 'Hi Mum' and often follows with an excuse about a flat battery, damaged or lost phone.  

A real example – "Hi mum I dropped my phone in the toilet and broke it could you text me back on 022 XXX XXXX when you can please on whatsapp"

Once the scammer gets a response, they play-off urgency by pretending to be in trouble and eventually requesting money or log-in information.  

Always verify any contact made out of the blue - by trying to get in touch through your usual trusted channels. 

If you can't, ask the scammer a personal question they couldn't answer, like 'what did we have for dinner last night' or 'where did you last go on holiday'.

The next time you get a 'Hi Mum' message - take a sec to check before you respond.

NZ Post Scams

Be aware of phishing text messages and emails made to look like they are coming from NZ Post. They are attempting to trick you into passing your personal or banking information on to scammers so they can steal your identity and exploit you for financial gain. The messages will say that you have an undelivered parcel and request that you click on a link to provide further information to enable delivery, arrange pick up or complete payment. The link is designed to take you to a fake website, where scammers can steal your personal information.

If you get one of these messages and you're unsure if it's a scam, take notice of the phone number or the email address it has originated from, and any suspicious links.

These are some examples of fake NZ Post text messages.
NZ Post will never:

  • Ask for any of your personal information by email or text (including usernames, financial information including password, credit card details or account information)
  • Send you an email from a domain other than nzpost.co.nz
  • Send you a text message from an email address
  • Send you a text message from a phone number outside of New Zealand
  • Use a messaging app like WhatsApp to communicate with customers

If you receive a text or email of this kind, do not click on any links and delete the message immediately. If in doubt, you can contact the company directly through their publicly listed information.

The next time you get an unexpected text or email, take time to check it thoroughly before you respond.

Cold call scams (impersonating bank staff)

A number of customers have received calls from scammers pretending to be from the ASB Fraud team and also other banks, telcos, and well-known organisations. The caller may state that your account is being hacked and that they are trying to protect your money. In some cases, people are being told to download remote access software and log into their internet banking.

Remember, do not share your personal or banking information, follow any instructions or transfer money. If you have received a phone call and think your account has been compromised, please call us on 0800 ASB FRAUD (0800 272 372) or +64 9 303 0332 if you're overseas, or visit your local branch.

How do you know if it's really ASB? Our fraud team may call customers from time to time to verify unusual transactions. However, we will:

  • Never ask you for your banking passwords, PINs, or two factor authentication codes
  • Never need to know your full credit card number - especially not the CVV (number on the back of your card)
  • Never require you to transfer money, purchase gift cards, set up cryptocurrency accounts or set up money remittance accounts
  • Never ask you to download software or remotely access your device.

If you're unsure who you are speaking to, hang up and phone the number listed on that company's legitimate website.

IRD Tax refund scams

Are you due a tax refund? Whether you are or not, beware of scammers sending fake emails, texts, social media messages and making cold calls, that say you have a tax refund owing.

Example:

This is an example of a fake email promising a tax refund of $874.84.

Clicking on the fake link could lead to your banking details, username, passwords and other private information being compromised.

The messaging can come in many forms, so be sure to stay vigilant. Some other examples are:

  • ‘your refund is now available to claim visit [FAKE LINK]’
  • ‘your tax refund is placed on hold pending account verification, to verify [FAKE LINK]’
  • ‘the last balance on your account has been paid twice due to a systems error please complete to get a refund [FAKE LINK]’
  • ‘your tax return was not completed please verify your details [FAKE LINK]’
  • ‘we couldn’t find an account to deposit your tax refund. Enter your details to process your payment at [FAKE LINK]’

Always be wary before clicking on any links and do your due diligence:

  • Go to the IRD’s publicly listed web site for up-to-date information and things to look out for
  • Don’t be rushed into replying. Take a ‘sec to check’
  • Is the IRD email address the correct one on the email?
  • Check the link by hovering your mouse over it. The address will appear at the bottom of your screen. Make sure this is correct before acting on it
  • For cold calls, don’t be afraid to ask the person’s name. Call them back on a publicly listed number to verify as genuine
  • Social media scammers use fake social media accounts:

1. Look at the number of followers. Fake social media accounts often show only a few followers.

2. Check the activity on the accounts, the number of posts made and how often they are made.

3. See when the account was created. A recent account may indicate it has been set up as a fake.

  • Remember, something that looks too good to be true, usually is.

Romance Scams (scenario)

Online friendships and romances aren't always what they seem. The following is a romance scam based on a real-life situation. After receiving a friend request on Facebook, the victim, an elderly lady living by herself, struck up a friendship with a man she hadn't met before. The man claimed to be an Irish engineer working in the United Arab Emirates. They messaged regularly over a 9-month period, although she never saw him face to face. The man led the victim to believe that he would travel to NZ, and they would get married. He asked for $10,000, saying he needed the money to pay bills and for air tickets and he would pay her back. To appear legitimate, he even sent her forged documents including invoices for air tickets and letters from his fake employer.  Believing that the man was honest and genuine the victim contacted ASB to send the funds. Fortunately, ASB bank staff were able to work with the victim and establish that the man was a scammer and in this case no money was lost. 

How to avoid a romance scam: 

  • Beware of any unsolicited friend requests from strangers. Requests can come via email, social media, dating sites or any other website or apps. 
  • When communicating, scammers will avoid speaking with their face showing on video calls. 
  • They are willing to spend months building trust and are quick to express their love and intimate feelings. 
  • They may start by requesting small amounts of money to test the waters, then build up to larger amounts. 
  • They will create a need of urgency requiring immediate action. Family problems, business problems, needing money for air tickets, pay bills, money for a medical emergency, money to escape a dangerous situation. 
  • Try not to overshare personal information such as family history and never share passwords or bank details.
  • Scammers are very convincing - speak to someone you trust like your friends, family or your bank before sending any money. 
  • Google their name - others may have reported them online. 

What to do if you have been scammed:

  • Don't feel embarrassed - reach out for advice. 
  • Contact your bank right away. 
  • Report it to the police. 
  • For free advice contact your bank and organisations such as Netsafe, Consumer protection, Age concern and ID Care.

Can't find what you're looking for?

If you’ve received a suspicious email or SMS text. Don’t click on any links, download or install any attachments. Forward the email or take a screen shot of the SMS text and send to phishing@asb.co.nz. Then delete the suspicious email and text.

We have a dedicated team that investigates reported phishing attempts. Please note: Due to the volume of emails, we cannot respond directly to queries. You can also report it to CERT NZ.

Have you already clicked a link in a suspicious email or text?

ASBView the latest phishing attacks