ASB Scam Update

An online buy and sell scam is when someone poses as a buyer or a seller on a buy and sell social media page or group, or sets up a fake business. Often, this happens on the likes of Facebook Marketplace or Trade Me. Scammers usually exploit your optimism by offering goods or services that may not exist at a price that seems too good to be true.

If you're buying, inspect the goods in person, check the seller's reviews, ask for more photos and be cautious if the price seems too good to be true. 

If you're a seller, only use trusted payment methods, don't take screenshots as proof payment. Check your bank account before sending goods. And don't click on any links a buyer sends you to confirm purchase or postage.

A number of customers have received calls from scammers pretending to be from the ASB Fraud team and also other banks. The caller may state that your account is being hacked and that they are trying to protect your money. In some cases, people are being told to download remote access software and log into their internet banking.

Remember, do not share your personal or banking information, follow any instructions or transfer money. If you have received a phone call and think your account has been compromised, please call us on 0800 ASB FRAUD (0800 272 372) or +64 9 303 0332 if you're overseas, or visit your local branch.

How do you know if it's really ASB? Our fraud team may call customers from time to time to verify unusual transactions. However, we will:

• Never ask you for your banking passwords, PINs, or two factor authentication codes
• Never need to know your full credit card number - especially not the CVV (number on the back of your card)
• Never require you to transfer money, purchase gift cards, set up cryptocurrency accounts or set up money remittance accounts
• Never ask you to download software or remotely access your device.
  

If you're unsure who you are speaking to, hang up and phone the number listed on that company's legitimate website.

Scammers are impersonating authority figures like the Police to exploit people’s trust and steal their money.

This type of scam usually starts with a cold call, with the scammer claiming to be a member of the Police and needing your help to catch a ‘corrupt employee of a bank’.

To appear legitimate, they will provide a false Police ID number and say your savings are in danger. They will claim to need your help to secure your money and stop the ‘corrupt bank employee’ dealing in counterfeit currency. The scammer will instruct you to go into your bank branch and withdraw a large sum of money and take it home. It will later be picked up by the scammer posing as a courier.

While there are occasions where legitimate Police officers would contact you, they will never ask for details about your bank cards, PIN, passwords, or for you to withdraw money. If you want to establish if the 'officer' is genuine, ask for their full details and hang up. Then contact the Police by calling 105, tell them you think you may be talking to a scammer and request them to confirm whether their details are legitimate.

Online friendships and romances aren't always what they seem. The following is a romance scam based on a real-life situation. After receiving a friend request on Facebook, the victim, an elderly lady living by herself, struck up a friendship with a man she hadn't met before. The man claimed to be an Irish engineer working in the United Arab Emirates. They messaged regularly over a 9-month period, although she never saw him face to face. The man led the victim to believe that he would travel to NZ, and they would get married. He asked for $10,000, saying he needed the money to pay bills and for air tickets and he would pay her back. To appear legitimate, he even sent her forged documents including invoices for air tickets and letters from his fake employer.  Believing that the man was honest and genuine the victim contacted ASB to send the funds. Fortunately, ASB bank staff were able to work with the victim and establish that the man was a scammer and in this case no money was lost. 

How to avoid a romance scam: 

• Beware of any unsolicited friend requests from strangers. Requests can come via email, social media, dating sites or any other website or apps. 
• When communicating, scammers will avoid speaking with their face showing on video calls. 
• They are willing to spend months building trust and are quick to express their love and intimate feelings. 
• They may start by requesting small amounts of money to test the waters, then build up to larger amounts. 
• They will create a need of urgency requiring immediate action. Family problems, business problems, needing money for air tickets, pay bills, money for a medical emergency, money to escape a dangerous situation. 
• Try not to overshare personal information such as family history and never share passwords or bank details.
• Scammers are very convincing - speak to someone you trust like your friends, family or your bank before sending any money. 
• Google their name - others may have reported them online. 
  

What to do if you have been scammed:

• Don't feel embarrassed - reach out for advice. 
• Contact your bank right away. 
• Report it to the police. 
• For free advice contact your bank and organisations such as Netsafe, Consumer protection, Age concern and ID Care.

Be aware of fake websites created by scammers, offering financial services such as term deposit comparison calculators or investment platforms offering market beating returns.

These images are an example of fake websites that have been designed for the sole purpose of phishing. After collecting your personal information, a scammer may contact you by phone, SMS or email, in an attempt to deceive or pressure you into buying false investments.

Scammers are very convincing and often pose as representatives from banks or other well-known financial institutions. They can imitate websites, document design, repurpose logos, employee names and will mimic processes such as ID verification, even going as far to give you access to view your new “investments” online.

You should always stay wary of other fake websites.

• For names of businesses or individuals to be wary of, visit the Financial Markets Authority website.
• Check the financial services providers register online on the New Zealand Companies Register to see whether the company is registered in New Zealand to provide financial services.
• Due diligence on any suspicious websites can include checking with the Financial Markets Authority website. If you come across a website that is posing as an ASB page and you’re unsure, type www.asb.co.nz directly into your browser and contact us through our details on our website.
  
• Treat investment approaches with caution. Something that looks too good to be true most likely is.
• Get a second opinion or advice from a financial advisor who can help you spot any red flags.
  

Remember, scammers can be persistent and very convincing. Please be cautious and don’t be rushed into anything.

If you believe you may have fallen victim to a scam, please contact your bank immediately.

Be aware of phishing text messages and emails made to look like they are coming from NZ Post. They are attempting to trick you into passing your personal or banking information on to scammers so they can steal your identity and exploit you for financial gain. The messages will say that you have an undelivered parcel and request that you click on a link to provide further information to enable delivery, arrange pick up or complete payment. The link is designed to take you to a fake website, where scammers can steal your personal information.

If you get one of these messages and you're unsure if it's a scam, take notice of the phone number or the email address it has originated from, and any suspicious links.

These are some examples of fake NZ Post text messages.
NZ Post will never:

• Ask for any of your personal information by email or text (including usernames, financial information including password, credit card details or account information)
• Send you an email from a domain other than nzpost.co.nz
• Send you a text message from an email address
• Send you a text message from a phone number outside of New Zealand
• Use a messaging app like WhatsApp to communicate with customers
  

If you receive a text or email of this kind, do not click on any links and delete the message immediately. If in doubt, you can contact the company directly through their publicly listed information.

The next time you get an unexpected text or email, take time to check it thoroughly before you respond.

Be aware that scammers operate as fake sellers and fake buyers. In this current scam, the scammer poses as a fake buyer to obtain internet banking details getting full access to your bank accounts.

How it works:

Using a fake profile, the scammer messages the seller to buy the item, including a link to a screen that requests the seller click on "Receive Money" to obtain payment. Clicking on the "Receive Money" link takes the seller to a screen where they select their bank.

In the example above, ASB is selected but it could be any banking option. The seller is then taken to a fake ASB site that asks them to enter their bank username and password. This information goes straight to the scammer giving them everything they need to log in to the customer's online banking and begin emptying the funds from the seller's account.

Scammers will go to extraordinary lengths to make things look legitimate - in this case, even using fake chat to support the scam.

Tips when buying or selling items online:

• Be ASB safe, type asb.co.nz into your browser to access your internet banking
• Be vigilant against attempts to trick you into giving away your personal details, especially your banking username, passwords and netcode (two-factor authentication)
• Avoid clicking on links, they can take you to fake websites
• Use trusted methods of payment
• Don't trust screen shots, scammers have ways of faking payment receipts or confirmation showing you they have paid
• Check how active a buyer or seller has been on their account. Is it a recently created profile, incomplete, with few or no friends and no reviews?
• If you are buying items that are local, large, or expensive, go to see the item in a public place
• If the item needs to be shipped, make sure you get a tracking number
• Beware of buyers overpaying for the item and requesting a refund for the difference
  

Are you due a tax refund? Whether you are or not, beware of scammers sending fake emails, texts, social media messages and making cold calls, that say you have a tax refund owing.

Example:

This is an example of a fake email promising a tax refund of $874.84.

Clicking on the fake link could lead to your banking details, username, passwords and other private information being compromised.

The messaging can come in many forms, so be sure to stay vigilant. Some other examples are:

• 'your refund is now available to claim visit [FAKE LINK]'
• 'your tax refund is placed on hold pending account verification, to verify [FAKE LINK]'
• 'the last balance on your account has been paid twice due to a systems error please complete to get a refund [FAKE LINK]'
• 'your tax return was not completed please verify your details [FAKE LINK]'
• 'we couldn't find an account to deposit your tax refund. Enter your details to process your payment at [FAKE LINK]'
  

Always be wary before clicking on any links and do your due diligence:

• Go to the IRD's publicly listed web site for up-to-date information and things to look out for
• Don’t be rushed into replying. Take a 'sec to check'
• Is the IRD email address the correct one on the email?
• Check the link by hovering your mouse over it. The address will appear at the bottom of your screen. Make sure this is correct before acting on it
• For cold calls, don't be afraid to ask the person's name. Call them back on a publicly listed number to verify as genuine
• Social media scammers use fake social media accounts:

1. Look at the number of followers. Fake social media accounts often show only a few followers.

2. Check the activity on the accounts, the number of posts made and how often they are made.

3. See when the account was created. A recent account may indicate it has been set up as a fake.

• Remember, something that looks too good to be true, usually is.

Scammers are posting advertisements on social media, particularly on Facebook, Instagram and WhatsApp where they are posing as account managers, mentors and tutors offering cash incentives or gift vouchers to entice people to invest in Crypto. They are claiming high returns, in some cases 6 monthly returns of 300%.

To make things appear legitimate they are using fictitious and compromised social media accounts and posting a mix of falsified screenshots displaying fake accounts, balances and reviews in support of the scam.

Be sceptical of any opportunity that seems too good to be true, even if the information has been passed on to you by someone you know. Treat investment information with caution. Something that looks too good to be true most likely is. Get a second opinion or advice from a financial advisor who can help you spot any potential red flags.

Remember, scammers can be persistent and very convincing. If you believe you may have fallen victim to a scam, contact your bank immediately.

Get a second opinion or advice from a financial advisor who can help you spot any potential red flags and check if an investment company may have already been flagged by the Financial Markets Authority at fma.govt.nz/scams.

While many online advertisements are legitimate, scammers will create and promote fake ads for trusted brands.

Promoted ad scams take place on popular search engines or social media. We have seen an increase in this type of scam with an online 2degrees promoted ad scam prevalent (example).

The scammers' goal is to trick people into believing that they are buying a product or service from a legitimate source. Scammers will copy a brands marketing using a legitimate brands logos and imagery. When a consumer clicks on the ad they are taken to a fake website created by the scammer.

Take your time before entering your card details or any other private information into online sites. Check the domain name, especially when logging in, making a phone call to a promoted number or providing financial information.

Check for anything that looks unusual in the URL no matter how small, and think twice before sharing any personal or banking information online.

If you think you've fallen victim to a promoted ad scam call your bank immediately.