Scammers Have a New Way to Phish for Bank Account Information, Banker Says

A new phishing scam is hitting banking customers—and this time, the scammers make it seem like their messages are coming from the real customer service line or fraud prevention hotline.

The scam was revealed by wrestling announcer Lenny Leonard, who says that when he’s not calling body slams and sleeper holds, he’s a “mid-level executive with a very large financial institution.” In a Twitter thread, he details the new scam and how not to fall for it.

Leonard warned on Thursday that he had been called by a scammer who had spoofed the legitimate phone number to his bank. The scammer then sent a fraud alert using this number, asking if he recognized a certain charge.

In Leonard’s case, he says that when he told the scammer that he’d have to call them back, the scammer told him to look at the back of his debit card to confirm that they were calling from the same number. After telling off the scammer, Leonard says he called his bank and, sure enough, no legitimate alert had been sent, nor had any unusual activity been seen on his account.

Leonard told his followers how to not fall for the scam.

“If you EVER have someone CALL YOU and say they are your bank, do NOT provide any information like that over the phone on an INBOUND CALL,” he wrote. “Tell them you need to call them back & make sure you are dialing the number on the back of your card NOT a # they give you”.

“I would just urge everyone to make sure they are sharing this with their less tech savvy friends and family because the text I got looked EXACTLY like a prior text I had gotten from the bank my account is with,” Leonard told Newsweek.

A representative from Chase also confirmed that the company was familiar with the scam.

“Unfortunately, scammers target consumers from many banks. We urge all consumers to never share their banking passwords or send money to someone who tells them that doing so will prevent fraud on their account. Bank employees won’t call, text or email consumers asking for this information, but scammers will,” Amy Bonitatibus, Chase’s chief communications officer, told Newsweek.

While spoofing a phone number is common with scammers, often it’s a fake number as well, though Western Bank warns their customers that fake calls can come from a number they recognize.

The bank also lists a variation on the scam Leonard warns of. In the version Western Bank describes, a scammer spoofs the legitimate customer service number of the bank, like before. But this time, anticipating a response like Leonard’s, the scammer will ask the victim to call them back using the same number that’s on the back of the debit card—which is the same as the one they’re spoofing.

In this variation, though, they’ll leave the phone connection active, fooling the victim with a fake dial tone. Once the victim dials, the scammer “answers,” in hopes that the victim will be fooled into thinking the scammer is indeed a legitimate employee.

One way to thwart this is to remember that a real bank employee will already have your information. Never offer up important information like a bank account number. Instead, ask the bank employee if you can confirm their information by asking them to read off what they have.

In addition, banks will never ask for a PIN, a full Social Security number or a customer’s online banking username and password. Banks already have access to customers’ accounts, and when it comes to Social Security numbers, a legit bank employee will only ask for the last four digits to confirm.


Source: Scammers Have a New Way to Phish for Bank Account Information, Banker Says


More contents:

Woman With Missing Dog Gets Scam Texts Threats To Expose Affair to Her Wife

Accused Leader of GoFundMe Scam With Homeless Vet Sentenced to 27 Months

How ‘The Tinder Swindler’ Made This Woman Realize She Was Being Scammed

Phishing for phishing awareness”. Behaviour & Information Technology. 32 (6): 584–593. doi:10.1080/0144929X.2011.632650. ISSN 0144-929X. S2CID 5472217.

Phishing attacks and countermeasures”. In Stamp, Mark; Stavroulakis, Peter (eds.). Handbook of Information and Communication Security. Springer. ISBN 978-3-642-04117-4.

Internet Crime Report 2020″ (PDF). FBI Internet Crime Complaint Centre. U.S. Federal Bureau of Investigation. Retrieved 21 March 2021.

The Phishing Guide: Understanding and Preventing Phishing Attacks”. Technical Info. Archived from the original on 2011-01-31. Retrieved 2006-07-10.

The Big Phish: Cyberattacks Against U.S. Healthcare Systems”. Journal of General Internal Medicine. 31 (10): 1115–8. 2005). “A Leet Primer”. TechNewsWorld.

Security Usability Principles for Vulnerability Analysis and Risk Assessment”. Proceedings of the Annual Computer Security Applications Conference 2007 (ACSAC’07). Archived from the original on 2021-03-21. Retrieved 2020-11-11.

Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content”. ACM Transactions on Computer-Human Interaction. 26 (5): 32.

Data Breach Investigations Report” (PDF). PhishingBox. Verizon Communications. Retrieved 21 March 2021.

Fifteen years of phishing: can technology save us?”. Computer Fraud & Security. 2019 (7): 11–16. doi:10.1016/S1361-3723(19)30074-0. S2CID 199578115. Retrieved 21 March 2021.

The Black Market for Netflix Accounts”. The Atlantic. Retrieved 21 March 2021.

Spear Phishing: Who’s Getting Caught?”. Firmex. Archived from the original on 2014-08-11. Retrieved July 27, 2014.

Hacking Gets Personal: Belgian Cryptographer Targeted”. Info Security magazine. 3 February 2018. Retrieved 10 September 2018.

RSA explains how attackers breached its systems”. The Register. Retrieved 10 September 2018.

Epsilon breach used four-month-old attack”. Retrieved 10 September 2018.

What Phishing E-mails Reveal: An Exploratory Analysis of Phishing Attempts Using Text Analyzes”. SSRN Electronic Journal. doi:10.2139/ssrn.3427436. ISSN 1556-5068. S2CID 239250225. Archived from the original on 2021-03-21. Retrieved 2020-11-02.

Threat Group-4127 Targets Google Accounts”. Archived from the original on 2019-08-11. Retrieved 2017-10-12.

How the Russians hacked the DNC and passed its emails to WikiLeaks”

More Remote Working Apps:     Quintex Capital   Genesis Mining   BevTraders  LiteTrading  prime stocks  content gorilla  stock rush  forrk  keysearch  gluten free  diet fitness diabetes  writing job  postradamus  stoodaio  profile mate  senuke   asin  appimize  super backdrop  audiencetoolkit  4brandcommercial  talkingfaces  socifeed  gaming jobs   backlink indexer  powrsuite  tubeserp  PR Rage  design beast  commission smasher  MT4Code System  viral dash  coursova  fanpage  forex expert  appointomatic  woocommerce  domainname  maxslides  ada leadz  eyeslick  creaitecontentcreator  vidcentric  studioninja  marketingblocks  clipsreel  VideoEnginePro  BarclaysForexExpert  Clientfinda  Talkingfaces  IMSyndicator  SqribbleEbook  superbackdrop  VirtualReel  MarketPresso  voiceBuddy  tubeTargeter  InstantWebsiteBundle  soronity  DFY Suite 3.0 Agency+ information  VideoRobot Enterprise  Klippyo Kreators  ChatterPal Commercial  WP GDPR Fix Elite Unltd Sites  EngagerMate  VidSnatcher Commercial  myMailIt  Storymate Luxury Edition  iTraffic X – Platinum Edition  Content Gorilla One-time  Push Button Traffic 3.0 – Brand New  SociCake Commercial  The Internet Marketing  Designa Suite License  XFUNNELS FE Commercial  ShopABot  Inboxr  MediaCloudPro 2.0 – Agency  MyTrafficJacker 2.0 Pro+  AIWA Commercial  Toon Video Maker Premium  Steven Alvey’s Signature Series  Fade To Black  Adsense Machine  Diddly Pay’s DLCM DFY Club  CourseReel Professional  SociJam System  360Apps Certification  LocalAgencyBox  Instant Website Bundle  GMB Magic Content  PlayerNeos VR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: