American Savings Bank Phishing – Credential & Phone Number Harvesting
This phishing campaign impersonates American Savings Bank (ASB) , a bank serving customers primarily in Hawaii. The page is designed to steal customers’ online banking credentials (Login ID and Password) along with their phone number, which can be used for identity theft or to bypass SMS-based two-factor authentication.
How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The message includes a link to this fake ASB login page. When the victim enters their Login ID, Password, and Phone Number and clicks “Log In,” the information is captured and sent to the attacker.
The goal:
The attacker aims to:
- Steal the victim’s ASB online banking credentials (Login ID and Password)
- Obtain the victim’s phone number, which can be used for SIM swapping or to intercept SMS-based two-factor authentication codes
- Gain unauthorized access to the victim’s bank account to transfer funds or commit fraud
Red flags to watch for:
- Suspicious URL: The page is hosted on a domain that is not
asbhawaii.comor any official American Savings Bank domain. Legitimate ASB online banking is accessed through the bank’s official website. Always check the address bar. - Unusual request for phone number on login page: Legitimate ASB login pages typically ask only for Login ID and Password. Requesting a phone number on the same page as the login credentials is uncommon and should raise suspicion.
- Minimal design: The page lacks the full branding, security notices, and navigation elements present on the legitimate ASB website. The design is generic and stripped down.
- Unsolicited login request: American Savings Bank does not send emails or messages with links requiring customers to log in to resolve account issues. Customers should always access online banking by typing the official URL directly or using the official mobile app.
- No security image or personalization: Legitimate ASB login pages may display a security image or phrase. This page lacks such features.
What to do if you encounter this:
- Do not enter your Login ID, Password, Phone Number, or any other personal information on this page.
- If you are an American Savings Bank customer, always access online banking by typing
asbhawaii.comdirectly into your browser or by using the official ASB mobile app. - If you have already entered your credentials, contact American Savings Bank immediately through their official customer service hotline to secure your account and change your password.
- Report the phishing page to ASB’s fraud department.
Why this scam is effective:
American Savings Bank has a loyal customer base in Hawaii, and the bank’s online banking portal is familiar to many. The page uses the bank’s logo and a simple, clean design that mimics the real login page. The request for a phone number may seem innocuous to victims who are used to providing it for security verification. However, legitimate ASB login pages do not ask for a phone number alongside Login ID and Password—this is a clear indicator of a phishing attempt.
Protective measures:
- Bookmark the official American Savings Bank login page and use that bookmark to access online banking—never click links in emails or messages.
- Use a password manager: It will autofill only on legitimate
asbhawaii.comdomains, not on phishing sites. - Enable two-factor authentication (2FA) on your ASB account if available, to add an extra layer of protection.
- Be suspicious of any unsolicited message that creates urgency and asks you to log in to your bank account.
- Check the URL carefully: Legitimate ASB domains end with
asbhawaii.com. Look for misspellings, extra words, or unusual top-level domains. - If in doubt, contact American Savings Bank directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.