The scam was revealed by wrestling announcer Lenny Leonard, who says that when he’s not calling body slams and sleeper holds, he’s a “mid-level executive with a very large financial institution.” In a Twitter thread, he details the new scam and how not to fall for it.
Leonard warned on Thursday that he had been called by a scammer who had spoofed the legitimate phone number to his bank. The scammer then sent a fraud alert using this number, asking if he recognized a certain charge.
In Leonard’s case, he says that when he told the scammer that he’d have to call them back, the scammer told him to look at the back of his debit card to confirm that they were calling from the same number. After telling off the scammer, Leonard says he called his bank and, sure enough, no legitimate alert had been sent, nor had any unusual activity been seen on his account.
Leonard told his followers how to not fall for the scam.
“If you EVER have someone CALL YOU and say they are your bank, do NOT provide any information like that over the phone on an INBOUND CALL,” he wrote. “Tell them you need to call them back & make sure you are dialing the number on the back of your card NOT a # they give you”.
“I would just urge everyone to make sure they are sharing this with their less tech savvy friends and family because the text I got looked EXACTLY like a prior text I had gotten from the bank my account is with,” Leonard told Newsweek.
A representative from Chase also confirmed that the company was familiar with the scam.
“Unfortunately, scammers target consumers from many banks. We urge all consumers to never share their banking passwords or send money to someone who tells them that doing so will prevent fraud on their account. Bank employees won’t call, text or email consumers asking for this information, but scammers will,” Amy Bonitatibus, Chase’s chief communications officer, told Newsweek.
While spoofing a phone number is common with scammers, often it’s a fake number as well, though Western Bank warns their customers that fake calls can come from a number they recognize.
The bank also lists a variation on the scam Leonard warns of. In the version Western Bank describes, a scammer spoofs the legitimate customer service number of the bank, like before. But this time, anticipating a response like Leonard’s, the scammer will ask the victim to call them back using the same number that’s on the back of the debit card—which is the same as the one they’re spoofing.
In this variation, though, they’ll leave the phone connection active, fooling the victim with a fake dial tone. Once the victim dials, the scammer “answers,” in hopes that the victim will be fooled into thinking the scammer is indeed a legitimate employee.
One way to thwart this is to remember that a real bank employee will already have your information. Never offer up important information like a bank account number. Instead, ask the bank employee if you can confirm their information by asking them to read off what they have.
In addition, banks will never ask for a PIN, a full Social Security number or a customer’s online banking username and password. Banks already have access to customers’ accounts, and when it comes to Social Security numbers, a legit bank employee will only ask for the last four digits to confirm.
Internet Crime Report 2020″ (PDF). FBI Internet Crime Complaint Centre. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
The Phishing Guide: Understanding and Preventing Phishing Attacks”. Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.
The Big Phish: Cyberattacks Against U.S. Healthcare Systems”. Journal of General Internal Medicine. 31 (10): 1115–8. 2005). “A Leet Primer”. TechNewsWorld.
Security Usability Principles for Vulnerability Analysis and Risk Assessment”. Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC’07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.
Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content”. ACM Transactions on Computer-Human Interaction. 26 (5): 32.
Data Breach Investigations Report” (PDF). PhishingBox. Verizon Communications. Retrieved 21 March 2021.
Fifteen years of phishing: can technology save us?”. Computer Fraud & Security. 2019 (7): 11–16. doi:10.1016/S1361-3723(19)30074-0. S2CID 199578115. Retrieved 21 March 2021.
The Black Market for Netflix Accounts”. The Atlantic. Retrieved 21 March 2021.
Hacking Gets Personal: Belgian Cryptographer Targeted”. Info Security magazine. 3 February 2018. Retrieved 10 September 2018.
RSA explains how attackers breached its systems”. The Register. Retrieved 10 September 2018.
Epsilon breach used four-month-old attack”. itnews.com.au. Retrieved 10 September 2018.
What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analyzes”. SSRN Electronic Journal. doi:10.2139/ssrn.3427436. ISSN 1556-5068. S2CID 239250225. Archived from the original on 2021-03-21. Retrieved 2020-11-02.
More Remote Working Apps:
https://quintexcapital.com/?ref=arminham Quintex Capital
https://www.genesis-mining.com/a/2535466 Genesis Mining
https://jvz8.com/c/202927/369164 prime stocks
https://jvz3.com/c/202927/361015 content gorilla
https://jvz8.com/c/202927/366443 stock rush
https://jvz4.com/c/202927/296191 gluten free
https://jvz1.com/c/202927/286851 diet fitness diabetes
https://jvz8.com/c/202927/213027 writing job
https://jvz4.com/c/202927/358049 profile mate
https://jvz8.com/c/202927/376524 super backdrop
https://jvz2.com/c/202927/184902 gaming jobs
https://jvz4.com/c/202927/343405 PR Rage
https://jvz6.com/c/202927/371547 design beast
https://jvz3.com/c/202927/376879 commission smasher
https://jvz2.com/c/202927/376925 MT4Code System
https://jvz6.com/c/202927/375959 viral dash
https://jvz1.com/c/202927/376877 forex expert
https://jvz8.com/c/202927/376381 ada leadz
https://jvz2.com/c/202927/337292 DFY Suite 3.0 Agency+ information
https://jvz8.com/c/202927/291061 VideoRobot Enterprise
https://jvz8.com/c/202927/327447 Klippyo Kreators
https://jvz8.com/c/202927/324615 ChatterPal Commercial
https://jvz8.com/c/202927/299907 WP GDPR Fix Elite Unltd Sites
https://jvz3.com/c/202927/342585 VidSnatcher Commercial
https://jvz3.com/c/202927/320972 Storymate Luxury Edition
https://jvz2.com/c/202927/320466 iTraffic X – Platinum Edition
https://jvz2.com/c/202927/330783 Content Gorilla One-time
https://jvz2.com/c/202927/301402 Push Button Traffic 3.0 – Brand New
https://jvz2.com/c/202927/297271 Designa Suite License
https://jvz2.com/c/202927/310335 XFUNNELS FE Commercial
https://jvz2.com/c/202927/343635 MediaCloudPro 2.0 – Agency
https://jvz2.com/c/202927/353558 MyTrafficJacker 2.0 Pro+
https://jvz2.com/c/202927/365061 AIWA Commercial
https://jvz2.com/c/202927/357201 Toon Video Maker Premium
https://jvz2.com/c/202927/351754 Steven Alvey’s Signature Series
https://jvz2.com/c/202927/344541 Fade To Black
https://jvz2.com/c/202927/290487 Adsense Machine
https://jvz2.com/c/202927/315596 Diddly Pay’s DLCM DFY Club
https://jvz2.com/c/202927/355249 CourseReel Professional
https://jvz2.com/c/202927/309649 SociJam System
https://jvz2.com/c/202927/263380 360Apps Certification
https://jvz2.com/c/202927/377557 Instant Website Bundle
https://jvz2.com/c/202927/377194 GMB Magic Content
https://jvz2.com/c/202927/376962 PlayerNeos VR