FBI issued an alert earlier this month detailing a new way scammers have been successfully swindling victims in the USA. The criminals use social engineering to trick victims into thinking that they are transferring funds to themselves. Bad actors initially approach the potential victims via text messages and then continue the interaction via phone. The engagement with the scammers sometimes continues for days until the cybercriminals complete one or more fraudulent transactions and leave the victim wondering where all the money went.
Imposters present themselves as bank representatives. They have done their homework well as, in some cases, they know the full name of their victim, date of birth, name of financial institutions, and current address. Sadly, most of this information is readily available by data brokers online, and anyone can access it. In some cases, fake bank representatives also know the last four digits of a victim’s social number and the last four digits of their banking account.
Once the victims respond to the initial fraud warning alert, the scammers call from what appears to be a legitimate 1-800 number and start working on stealing the victim’s money. The goal is for the potential victim to be convinced that they’ve become a fraud victim and need to reverse a fraudulent payment.
The scammers use payment apps connected to the victim’s bank account. Those apps are often used to quickly transfer funds and only require the recipient’s email or a mobile number. Using the bank’s legitimate website or money transfer app, the scammers get the potential victim to remove an email address or a phone number associated with the account. Then the criminal adds an email or phone number that the scammers control. After the details have been changed, the criminal asks the victim to “reverse” a payment which ends up going to another bank account.
FBI wants you to be very cautious with unsolicited calls. Instead of responding directly, you can “call back” your bank on a verified customer service number and enquire whether there is anything unusual going on in your account. The government agency also advises victims to report suspicious activity. If you get a text message and are worried, you can forward it to law enforcement and your bank’s fraud department for investigation. Having turned-on multi-factor authentication is also important – it adds a second layer of security that sometimes is what stops scammers from moving forward with their plan to scam you. Finally, keep in mind that banks will never ask you to move money around, and if bankers know your mailing address or full name, this should not be considered a proof of legitimacy from the caller.
Over the years, there have been several high-profile data breaches containing billions of records. With so much information available online for everyone to see, scammers have the tools needed to launch successful attacks. The best way to protect yourself is by being vigilant and having security software alerting you when potential scammy text messages and emails reach you.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
