ASB customers have been warned about scam text messages sent this week, asking people for personal information or to complete a fake two-step authentication process.

The text message that claimed to be from ASB stated a payment had been made to a new payee, and directed the recipient to a link to cancel the payment if this was not them.

Clicking on the link directed customers to a yellow and black webpage resembling ASB's own website, which asked customers to log in with their username and password.

The bank confirmed this text message was fake, and said it would never ask for customers' personal information or send them a link for Netcode authentication details.

The phishing websites had several URLs, including asb.newpayee.co.nz/login.php, fastnetclassic.info and online-asb-nz-is-certified.com.

All these fake webpages had the secure padlock symbol.

An ASB spokeswoman says legitimate messages from any bank would never ask customers to supply personal information, login details or second factor identification.

ASB asked customers who may have shared their information to contact the bank's fraud department and report the incident to Cert NZ.

The bank also advised changing passwords to their account immediately.

Figures from Cert NZ's third quarter report found cybersecurity incidents are at an all-time high.

Between July 1 and September 30​, 2610​ reports were made to the government agency, resulting in a total loss of $6.4 million.

That's a 255 per cent​ increase in losses from the previous quarter.

Email scams are the most commonly reported incidents.

Cert NZ reported a 101 per cent​ increase in compromised business emails compared to the second quarter, resulting in almost $1 million in losses.

Of the 2610 cybersecurity incidents reported to Cert NZ, phishing and credential harvesting, malware, scams and fraud, and unauthorised access were the four most common reports.

Stuff/Anuja Nadkarni