Risk Insight

ASIC issues second round of warnings against share sale fraud

By Jonathan Perkinson

04 July 2025

Share Share
banking background
Share

    What you need to know

    • In June 2025 ASIC issued Media Release 25-107 warning industry and consumers of share sale fraud alongside Information Sheet 237 giving guidance to AFS licensees as to how they can mitigate risks.
    • The most recent ASIC publications add to a prior similar investor alert of stolen shares due to identity theft in October 2024, and a warning to superannuation trustees for weak scam and fraud practices in January 2025.
    • Share sale fraud exploits weaknesses in licensee's onboarding, identity and fraud checking processes. ASIC's publications signal the regulator's expectations for effective controls in this area.

    What you need to do

    • Review ASIC's recent guidance and the steps ASIC has asked licensees to take, including applying the observations from ASIC's review of the measures Australian banks are taking to protect their customers from scams in Rep 761 and Rep 790.
    • Take steps to understand the tactics being used by scammers and the vulnerabilities scammers seek to target.
    • Review the strength of your controls over the vulnerabilities being targeted by scammers. If a scammer gains access to your customer's identity or account details, would you be able to stop them?
    • Document your review, the conclusions you reach and the rationale for actions taken (or not taken) to demonstrate you have taken reasonable steps to respond to the threat and regulatory warnings.

    Our take

    To help illustrate the warning, ASIC has published a fictional case study based upon incidents reported in 2024 on share sale fraud affecting 'Jane' that involves the following steps:

    • A scammer gains access to Janes information, possibly through mail theft
    • The scammer impersonates Jane to gain access to her share registry account
    • The scammer opens an online brokerage account in Janes name and instructs the transfer of shares from Jane's registry account to the fraudulent brokerage account
    • The scammer liquidates the shares into a fraudulent bank account opened in Jane's name and withdraws the proceeds of the sale.

    The scam involves market participants, online brokerages, share registries and banks. Each party has a responsibility to make sure they are dealing with the real 'Jane' and have in place measures to flag unusual or high-risk account activity.

    While the number of incidents of share sale fraud is believed to be small, the significance of a successful event can be substantial. Successful events may identify weaknesses in a licensee's control environment which may expose a licensee to liability if inadequate controls have contributed to a customer's loss.

    We believe it is important for licensees to heed ASIC's warning and document the steps taken in response, even if there is no history of share sale fraud affecting customers. Maintaining an up to date view of the strength of measures in place to protect customers from fraud and scams is an important function for maintaining and AFS license.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia trading under ABN 74 996 309 133 and is part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services. For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 2 July 2025 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts