Watch out for a new social engineering phone scam!
This scam is targeting bank customers through SMS or text messages. The cons pretend to be with a bank’s fraud department and inquire about fraudulent “suspicious withdrawals.”
Generally, precautionary measures such as text message verification are used to protect sensitive accounts from real fraudulent activity.
But now that is being put into question by scammers subverting that process and tricking victims into believing their con by using the bank’s actual phone number (spoofed) to text you.
Pieter Gunst did not suspect anything fishy when answered a call earlier this month that appeared to come from his bank. “A lady identified herself as Cindy at my particular bank, and told me there had been a fraud attempt on my account,” he said.
The caller asked Gunst, a California resident, if he’d attempted a withdrawal in Miami. After Gunst said “No,” she asked for his bank member identification, and he gave it to her.
“And at that point the lady said, ‘OK, we’re going to send you a one-time verification PIN so we can check your identity,'” Gunst told national correspondent Jericka Duncan.
The scammer used Gunst’s ID to prompt a text message from the bank’s real phone number, like others he’d received before, with that verification code. He read it back over the phone, which allowed the caller to access his account and list off actual bank transactions.
“The fact that they used the bank’s own infrastructure to send that code to me, which then allowed them to reset my password, made it very credible,” said Gunst.
It was only when the caller asked Gunst for his bank PIN number that he realized something was wrong, hung up, and called the bank’s real fraud line to lock his account.
Katherine Hutt, with the Better Business Bureau, said, “A lot of scams come in through the phone, and more and more we see them coming in through text message.”
Hutt said it should raise a red flag if any caller asks for your name, address, Social Security number, or account numbers. And the best way to make sure you’re really talking to your bank? Just call the number on your card.
“Whether it’s a small local community bank or credit union or one of the biggest banks in the country, their phone number can be spoofed, so you just have to be really careful,” Hutt said.
If you need assistance with cybersecurity contact DarkHound SecOps at [email protected].
Source: CBS News
Image Source: https://www.pexels.com/photo/iphone-technology-iphone-6-plus-apple-17663/