It’s likely you’ve received phishing emails in the past, which might have appeared to be from ASB or other well-known brands.
Although people are becoming more aware of these scams and how to identify them (especially when they come through email), attackers are using more sophisticated techniques to harvest sensitive information, such as online ads.
Today we’re going to go over some of these new phishing techniques so that you’re equipped to spot them. We’ll also share our top tips for keeping yourself safe online.
What is phishing?
Phishing is a cyber-attack that uses bait to get your sensitive information (like usernames, passwords and credit card details) or encourages you to click something that downloads malware on your computer. These requests often appear to be from trustworthy organisations.
Forms of phishing
Attackers can use various channels to phish their victims, such as the ones detailed below.
The most common form of phishing is via email. Scammers will often send emails that request a call-to-action, such as clicking a link and entering your personal details.
To gather banking information, scammers create websites which looks almost identical to a bank’s website and then send emails to trick customers into providing their banking information. The scammers then use this information to make fraudulent transactions, steal identities or access sensitive information.
These types of emails will often have subject lines like “ASB - Account Notification!” and “ASB Notice - Verify your details”. They’ll try and create a sense of urgency so that you feel you have to enter your details.
Some links might also install malware on your computer that can damage it.
Remember that we will never ask you to update, confirm or change your personal information through email.
Using Google ads is one of the newest forms of phishing that we’ve seen. Sometimes when you search on Google, you’ll see paid ads as the first search results. A little yellow box with the word “Ad” differentiates these from regular search results.
Some scammers create fake ASB ads to entice customers into clicking and providing banking information, thinking they are accessing the legitimate ASB website.
One of the most obvious ways of differentiating between our legitimate Google ads and phishers’ ads is to verify the URL to ensure it’s our legitimate website – https://www.asb.co.nz. Beware of URLs that look almost identical as you could easily be tricked.
We recommend typing https://www.asb.co.nz directly into your address bar to ensure you go to our website, especially when you want to log in to your accounts. If you want to access the website quickly, you can add it to your favourites bar.
Social media is another area where phishing attacks are unfortunately becoming more common. Keep an eye out for fake profiles and make sure you only accept friend requests from people that you know.
None of this is to say you should be afraid of using the internet, because you shouldn’t be. The internet is a great tool for banking, administration and for connecting with friends. It’s also a great tool if you’re a business owner. But it’s important to be vigilant and equip yourself with the right knowledge about phishing attacks and cyber security in order to protect yourself and use the internet securely.
Tips for keeping safe and secure online
- Type the website address. Rather than searching on Google for our website, type https://www.asb.co.nz directly in to the address bar.
- Look for the padlock. In the address bar, look out for https in the URL and the padlock symbol. These show that a website is secure. Our website has both these indicators.
- Use the ASB Mobile app. If you’re using a smart phone to check your bank account, use the ASB Mobile app. This is quick and easy and it eliminates the chance of clicking an unsafe link.
- Contact the company directly. If you’re unsure about the validity of an email, contact the supposed sender using the contact information found on their official website. You can find ours here or call us on 0800 803 804.
- Check the email address. If you receive an email, check the sender’s email address. While the name on the email might be “ASB Bank”, if it isn’t from our official domain name (asb.co.nz) it won’t be from us. Beware though as attackers can also imitate legitimate email addresses – make sure you’re checking for multiple signs of validity.
- Check the links. If you hover over a link, you’ll see where it really leads. While the text might say asb.co.nz in the body of the email, hovering over the link will reveal where it truly leads to. If you’re suspicious, don’t click the link.
- Don’t open attachments. If you’re unsure about an email or message and think it’s suspicious, do not open any attachments as they might install malicious software on your computer.
- Don’t share your personal information via email. Never send sensitive information via email. Similarly don’t enter it through a link sent in an email either. Sensitive information includes your credit card number, bank account number, address, full name, usernames and passwords. We will never ask you to enter, update or change your personal details through email.
For more information about potential phishing threats, you can see our security alerts.
What to do if you spot a phishing attack
If you receive an email that is claiming to be from us but you think it’s fraudulent, forward it to firstname.lastname@example.org and then delete the email. If it’s from another company, report it to them using their contact details on their official website.
If you spot a fraudulent ad, or any other type of phishing attacking our brand, send us the details (and a screenshot if you’ve got one) to email@example.com.
If you’ve shared your personal details and banking information with what you now believe to be a scammer, change your internet banking password and contact us immediately.
Remember the internet is a great tool but it’s important to be vigilant about staying safe and secure.