Monday, November 22, 2021

BANK TEXT MESSAGE SCAM – A Different Trick to Take Over Your Account

Last week, I published a warning about a text message scam impersonating BECU:

TEXT MESSAGE SCAM – Fraudsters Impersonate BECU- https://ssnoccrimewatch.blogspot.com/2021/11/text-message-scam-fraudsters.html.

Krebs on Security has published articles about a twist to this theme.

Like the BECU scam, the scammers send out text messages, claiming to be from a financial institution, with a warning about a suspicious transaction. Here is an example of a scam message:

“Free Msg- J.P Morgan Chase Bank Alert-Did You Attempt A Zelle Payment For The Amount of $5,000.00? Reply YES or NO Or 1 To Decline Fraud Alerts.”

Zelle is a peer-to-peer payment service that advertises fast payments that you can make to your friends or associates. Zelle is offered as a service by many banks and credit unions.

In this case, the supposed J.P. Morgan Chase Bank is asking you about a specific transaction. Instead of asking you to click on a link, it asks you to reply, Yes or No. After you respond (with a Yes or No), you will receive a phone call from a scammer pretending to be from the fraud department. The scammer will want to “verify” your identity. What they request as verification is your account username. Then, the scammer asks you to read the passcode that was just sent to you via text or email.

This tactic takes advantage of the “forgotten password” feature that most websites with accounts have. This is the feature where if you have forgotten the password to your account, you enter your username, then the account sends you a temporary password. Then you can enter your account and change your password to one that only you know. The scammer, after you give him your username, enters it then the account sends you the temporary password. After you give the scammer the temporary password, the scammer enters it taking control of your account.

The scammer uses Zelle to transfer funds to other people.

You may think that since you gave the scammer information allowing him to enter your account that you do not have any protection. However, according to the Consumer Financial Protection Bureau, this amounts to an unauthorized transaction since the scammer received the username and password through fraud.

Legitimate financial institutions do send out text messages notifying or querying their customers about suspicious transactions. So, if your bank or credit card company uses text messages as an anti-fraud technique, it could be difficult to determine the fraudulent texts from the genuine texts.

Krebs on Security has a simple mantra to follow: Hang up, Look Up, and Call Back,

Hang Up- If you receive a call warning about fraud, hang up. Likewise, if you receive a text or an email warning about fraud, do not click on any links or respond.

Look Up- If you think the call or text might be legitimate, look up the number for customer service on the back of your credit card, on a copy of the account monthly statement, or with a web search. DO NOT USE ANY PHONE NUMBERS OR LINKS PROVIDED BY THE SUSPICIOUS PHONE CALL, TEXT, OR EMAIL!

Call Back- Call the institution and ask if they were trying to contact you.

 

 

Krebs on Security:

https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/

https://krebsonsecurity.com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/

 

Consumer Financial Protection Bureau:

https://www.consumerfinance.gov/compliance/compliance-resources/deposit-accounts-resources/electronic-fund-transfers/electronic-fund-transfers-faqs/

 

Zelle:

https://www.zellepay.com/

 

 

No comments:

Post a Comment