A new phishing scam is hitting banking customers—and this time, the scammers make it seem like their messages are coming from the real customer service line or fraud prevention hotline.
The scam was revealed by wrestling announcer Lenny Leonard, who says that when he’s not calling body slams and sleeper holds, he’s a “mid-level executive with a very large financial institution.” In a Twitter thread, he details the new scam and how not to fall for it.
FRAUD SCAM ALERT: a thread
As some of you know my day job is as a mid-level executive with a very large financial institution
Wanted to send a heads up about a scam that we are not only seeing at my bank but was attempted on me as well with one of my accounts at another bank
— Lenny Leonard (@WWNLennyLeonard) April 21, 2022
Leonard warned on Thursday that he had been called by a scammer who had spoofed the legitimate phone number to his bank. The scammer then sent a fraud alert using this number, asking if he recognized a certain charge.
“When you reply no, they IMMEDIATELY call you from the number that appears to be your banks legit phone number but they are masking their true number,” Leonard wrote. “They will ask to verify personal & account information in an attempt to access your funds & once they gain access you’re f***ed.”
In Leonard’s case, he says that when he told the scammer that he’d have to call them back, the scammer told him to look at the back of his debit card to confirm that they were calling from the same number. After telling off the scammer, Leonard says he called his bank and, sure enough, no legitimate alert had been sent, nor had any unusual activity been seen on his account.
Leonard told his followers how to not fall for the scam.
“If you EVER have someone CALL YOU and say they are your bank, do NOT provide any information like that over the phone on an INBOUND CALL,” he wrote. “Tell them you need to call them back & make sure you are dialing the number on the back of your card NOT a # they give you”.
Leonard told Newsweek that though he didn’t have too much more to add beyond what he already wrote, he did urge people to share the warning with friends and family.
“I would just urge everyone to make sure they are sharing this with their less tech savvy friends and family because the text I got looked EXACTLY like a prior text I had gotten from the bank my account is with,” Leonard told Newsweek.
A representative from Chase also confirmed that the company was familiar with the scam.
“Unfortunately, scammers target consumers from many banks. We urge all consumers to never share their banking passwords or send money to someone who tells them that doing so will prevent fraud on their account. Bank employees won’t call, text or email consumers asking for this information, but scammers will,” Amy Bonitatibus, Chase’s chief communications officer, told Newsweek.
While spoofing a phone number is common with scammers, often it’s a fake number as well, though Western Bank warns their customers that fake calls can come from a number they recognize.
The bank also lists a variation on the scam Leonard warns of. In the version Western Bank describes, a scammer spoofs the legitimate customer service number of the bank, like before. But this time, anticipating a response like Leonard’s, the scammer will ask the victim to call them back using the same number that’s on the back of the debit card—which is the same as the one they’re spoofing.
In this variation, though, they’ll leave the phone connection active, fooling the victim with a fake dial tone. Once the victim dials, the scammer “answers,” in hopes that the victim will be fooled into thinking the scammer is indeed a legitimate employee.
One way to thwart this is to remember that a real bank employee will already have your information. Never offer up important information like a bank account number. Instead, ask the bank employee if you can confirm their information by asking them to read off what they have.
In addition, banks will never ask for a PIN, a full Social Security number or a customer’s online banking username and password. Banks already have access to customers’ accounts, and when it comes to Social Security numbers, a legit bank employee will only ask for the last four digits to confirm.
By
Source: Scammers Have a New Way to Phish for Bank Account Information, Banker Says
.
Woman With Missing Dog Gets Scam Texts Threats To Expose Affair to Her Wife
Accused Leader of GoFundMe Scam With Homeless Vet Sentenced to 27 Months
How ‘The Tinder Swindler’ Made This Woman Realize She Was Being Scammed
Phishing for phishing awareness”. Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.
Phishing attacks and countermeasures”. In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.
Internet Crime Report 2020″ (PDF). FBI Internet Crime Complaint Centre. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.
The Phishing Guide: Understanding and Preventing Phishing Attacks”. Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.
The Big Phish: Cyberattacks Against U.S. Healthcare Systems”. Journal of General Internal Medicine. 31 (10): 1115–8. 2005). “A Leet Primer”. TechNewsWorld.
Security Usability Principles for Vulnerability Analysis and Risk Assessment”. Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC’07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.
Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content”. ACM Transactions on Computer-Human Interaction. 26 (5): 32.
Data Breach Investigations Report” (PDF). PhishingBox. Verizon Communications. Retrieved 21 March 2021.
Fifteen years of phishing: can technology save us?”. Computer Fraud & Security. 2019 (7): 11–16. doi:10.1016/S1361-3723(19)30074-0. S2CID 199578115. Retrieved 21 March 2021.
The Black Market for Netflix Accounts”. The Atlantic. Retrieved 21 March 2021.
Spear Phishing: Who’s Getting Caught?”. Firmex. Archived from the original on 2014-08-11. Retrieved July 27, 2014.
Hacking Gets Personal: Belgian Cryptographer Targeted”. Info Security magazine. 3 February 2018. Retrieved 10 September 2018.
RSA explains how attackers breached its systems”. The Register. Retrieved 10 September 2018.
Epsilon breach used four-month-old attack”. itnews.com.au. Retrieved 10 September 2018.
What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analyzes”. SSRN Electronic Journal. doi:10.2139/ssrn.3427436. ISSN 1556-5068. S2CID 239250225. Archived from the original on 2021-03-21. Retrieved 2020-11-02.
Threat Group-4127 Targets Google Accounts”. secureworks.com. Archived from the original on 2019-08-11. Retrieved 2017-10-12.
How the Russians hacked the DNC and passed its emails to WikiLeaks”
More Remote Working Apps:
https://quintexcapital.com/?ref=arminham Quintex Capital
https://www.genesis-mining.com/a/2535466 Genesis Mining
http://www.bevtraders.com/?ref=arminham BevTraders
https://www.litefinance.com/?uid=929237543 LiteTrading
https://jvz8.com/c/202927/369164 prime stocks
https://jvz3.com/c/202927/361015 content gorilla
https://jvz8.com/c/202927/366443 stock rush
https://jvz1.com/c/202927/373449 forrk
https://jvz3.com/c/202927/194909 keysearch
https://jvz4.com/c/202927/296191 gluten free
https://jvz1.com/c/202927/286851 diet fitness diabetes
https://jvz8.com/c/202927/213027 writing job
https://jvz6.com/c/202927/108695 postradamus
https://jvz1.com/c/202927/372094 stoodaio
https://jvz4.com/c/202927/358049 profile mate
https://jvz6.com/c/202927/279944 senuke
https://jvz8.com/c/202927/54245 asin
https://jvz8.com/c/202927/370227 appimize
https://jvz8.com/c/202927/376524 super backdrop
https://jvz6.com/c/202927/302715 audiencetoolkit
https://jvz1.com/c/202927/375487 4brandcommercial
https://jvz2.com/c/202927/375358 talkingfaces
https://jvz6.com/c/202927/375706 socifeed
https://jvz2.com/c/202927/184902 gaming jobs
https://jvz6.com/c/202927/88118 backlink indexer https://jvz1.com/c/202927/376361 powrsuite
https://jvz3.com/c/202927/370472 tubeserp
https://jvz4.com/c/202927/343405 PR Rage
https://jvz6.com/c/202927/371547 design beast
https://jvz3.com/c/202927/376879 commission smasher
https://jvz2.com/c/202927/376925 MT4Code System
https://jvz6.com/c/202927/375959 viral dash
https://jvz1.com/c/202927/376527 coursova
https://jvz4.com/c/202927/144349 fanpage
https://jvz1.com/c/202927/376877 forex expert
https://jvz6.com/c/202927/374258 appointomatic
https://jvz2.com/c/202927/377003 woocommerce
https://jvz6.com/c/202927/377005 domainname
https://jvz8.com/c/202927/376842 maxslides
https://jvz8.com/c/202927/376381 ada leadz
https://jvz2.com/c/202927/333637 eyeslick
https://jvz1.com/c/202927/376986 creaitecontentcreator
https://jvz4.com/c/202927/376095 vidcentric
https://jvz1.com/c/202927/374965 studioninja
https://jvz6.com/c/202927/374934 marketingblocks https://jvz3.com/c/202927/372682 clipsreel
https://jvz2.com/c/202927/372916 VideoEnginePro
https://jvz1.com/c/202927/144577 BarclaysForexExpert
https://jvz8.com/c/202927/370806 Clientfinda
https://jvz3.com/c/202927/375550 Talkingfaces
https://jvz1.com/c/202927/370769 IMSyndicator
https://jvz6.com/c/202927/283867 SqribbleEbook
https://jvz8.com/c/202927/376524 superbackdrop
https://jvz8.com/c/202927/376849 VirtualReel
https://jvz2.com/c/202927/369837 MarketPresso
https://jvz1.com/c/202927/342854 voiceBuddy
https://jvz6.com/c/202927/377211 tubeTargeter
https://jvz6.com/c/202927/377557 InstantWebsiteBundle
https://jvz6.com/c/202927/368736 soronity
https://jvz2.com/c/202927/337292 DFY Suite 3.0 Agency+ information
https://jvz8.com/c/202927/291061 VideoRobot Enterprise
https://jvz8.com/c/202927/327447 Klippyo Kreators
https://jvz8.com/c/202927/324615 ChatterPal Commercial
https://jvz8.com/c/202927/299907 WP GDPR Fix Elite Unltd Sites
https://jvz8.com/c/202927/328172 EngagerMate
https://jvz3.com/c/202927/342585 VidSnatcher Commercial
https://jvz3.com/c/202927/292919 myMailIt
https://jvz3.com/c/202927/320972 Storymate Luxury Edition
https://jvz2.com/c/202927/320466 iTraffic X – Platinum Edition
https://jvz2.com/c/202927/330783 Content Gorilla One-time
https://jvz2.com/c/202927/301402 Push Button Traffic 3.0 – Brand New
https://jvz2.com/c/202927/321987 SociCake Commercial https://jvz2.com/c/202927/289944 The Internet Marketing
https://jvz2.com/c/202927/297271 Designa Suite License
https://jvz2.com/c/202927/310335 XFUNNELS FE Commercial
https://jvz2.com/c/202927/291955 ShopABot
https://jvz2.com/c/202927/312692 Inboxr
https://jvz2.com/c/202927/343635 MediaCloudPro 2.0 – Agency
https://jvz2.com/c/202927/353558 MyTrafficJacker 2.0 Pro+
https://jvz2.com/c/202927/365061 AIWA Commercial
https://jvz2.com/c/202927/357201 Toon Video Maker Premium
https://jvz2.com/c/202927/351754 Steven Alvey’s Signature Series
https://jvz2.com/c/202927/344541 Fade To Black
https://jvz2.com/c/202927/290487 Adsense Machine
https://jvz2.com/c/202927/315596 Diddly Pay’s DLCM DFY Club
https://jvz2.com/c/202927/355249 CourseReel Professional
https://jvz2.com/c/202927/309649 SociJam System
https://jvz2.com/c/202927/263380 360Apps Certification
https://jvz2.com/c/202927/359468 LocalAgencyBox
https://jvz2.com/c/202927/377557 Instant Website Bundle
https://jvz2.com/c/202927/377194 GMB Magic Content
https://jvz2.com/c/202927/376962 PlayerNeos VR