As many consumers have over time been repeatedly warned that legit businesses will not text or email them seeking personal or financial account info, those who signed up for text alerts may be particularly vulnerable to being tricked by a fraudulent text message. Consumers may find it difficult differentiating between an authentic alert -- and a smishing or phishing scam. The fraudulent messages are often camouflaged to appear very legit -- but instead are often laced with keystroke-logging malware and contain bogus contact numbers.
Complaints have started coming out in a number of cities about fraudulent texts that claim to be from various banks. The texts are generally simple; they make a blanket statement like "your account has been locked" and provide the recipient with a phone number to call so they can clear up the matter. In reality, however, there is no problem with the user's bank account and the phone number is being operated by scammers who hope to get basic information from callers such as the account owner's name and the account number.
In most cases the number is tied to an automated system, likely in an attempt to add legitimacy to the claim. Callers are directed through a series of prompts for information, after which point they are informed that the problem with their account has been corrected and that their credit card or debit card should be functioning normally again. Since the card was never deactivated, those who fall for the scam will assume that the information they provided was sufficient to get the card working again and won't give it a second thought until charges start showing up that they didn't authorize.
While not everyone will fall for one of these scams, those who aren't overly familiar with technology or those who have already signed up for text alerts from their bank may mistakenly believe that the texts are legitimate. Some variations of the SMiShing scam are easier to spot than others, especially if the text mentions a specific bank that you don't hold an account with. For those that receive texts which do mention their bank, however, it can be a lot easier to get sucked in. Even the generic texts with no specific bank mentioned can seem believable to those prone to worrying about their finances.
If you receive a text like this, the first thing that you should do is contact your bank directly to see if there is really a problem with your account. Don't ever call the number provided in the text message; either call your local bank branch or stop by and ask to speak to a manager. If the text is fraudulent, let your local police department know as well so they can investigate. Depending on how many reports they get, the police may even decide to issue a public statement letting people know that there is a fraud operation working in your area.
Stay informed and alert to the various hi-tech scams and report cyber crimes to the Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). For more information on how to file a complaint if you believe you've been defrauded, visit IC3.
See earlier blog for more info on how the SMiShing Scam works.
Leave a comment