Last week, I published a warning about a text message scam impersonating BECU:
TEXT MESSAGE SCAM – Fraudsters Impersonate BECU- https://ssnoccrimewatch.blogspot.com/2021/11/text-message-scam-fraudsters.html.
Krebs on Security has published articles about a twist
to this theme.
Like the BECU scam, the scammers send out text
messages, claiming to be from a financial institution, with a warning about a
suspicious transaction. Here is an example of a scam message:
“Free Msg- J.P Morgan Chase Bank Alert-Did You Attempt
A Zelle Payment For The Amount of $5,000.00? Reply YES or NO Or 1 To Decline
Fraud Alerts.”
Zelle is a peer-to-peer payment service that
advertises fast payments that you can make to your friends or associates. Zelle
is offered as a service by many banks and credit unions.
In this case, the supposed J.P. Morgan Chase Bank is
asking you about a specific transaction. Instead of asking you to click on a
link, it asks you to reply, Yes or No. After you respond (with a Yes or No), you
will receive a phone call from a scammer pretending to be from the fraud
department. The scammer will want to “verify” your identity. What they request
as verification is your account username. Then, the scammer asks you to read
the passcode that was just sent to you via text or email.
This tactic takes advantage of the “forgotten
password” feature that most websites with accounts have. This is the feature
where if you have forgotten the password to your account, you enter your
username, then the account sends you a temporary password. Then you can enter
your account and change your password to one that only you know. The scammer,
after you give him your username, enters it then the account sends you the
temporary password. After you give the scammer the temporary password, the
scammer enters it taking control of your account.
The scammer uses Zelle to transfer funds to other
people.
You may think that since you gave the scammer information
allowing him to enter your account that you do not have any protection.
However, according to the Consumer Financial Protection Bureau, this amounts to
an unauthorized transaction since the scammer received the username and
password through fraud.
Legitimate financial institutions do send out text
messages notifying or querying their customers about suspicious transactions.
So, if your bank or credit card company uses text messages as an anti-fraud
technique, it could be difficult to determine the fraudulent texts from the
genuine texts.
Krebs on Security has a simple mantra to follow: Hang
up, Look Up, and Call Back,
Hang Up- If you receive a
call warning about fraud, hang up. Likewise, if you receive a text or an email
warning about fraud, do not click on any links or respond.
Look Up- If you think the
call or text might be legitimate, look up the number for customer service on
the back of your credit card, on a copy of the account monthly statement, or with
a web search. DO NOT USE ANY PHONE NUMBERS OR LINKS PROVIDED BY THE SUSPICIOUS
PHONE CALL, TEXT, OR EMAIL!
Call Back-
Call the institution and ask if they were trying to contact you.
Krebs on Security:
https://krebsonsecurity.com/2021/11/the-zelle-fraud-scam-how-it-works-how-to-fight-back/
https://krebsonsecurity.com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/
Consumer Financial Protection Bureau:
Zelle:
No comments:
Post a Comment