Fraudsters use spoof texts in new bank scam
June 9th 2015
Many of us are familiar with 'social engineering' phone calls and emails claiming to be from our bank, but actually sent by criminals in an attempt to gain our confidential financial details. In a new twist to this type of fraud, criminals are using spoof text messages Financial Fraud Action UK (FFA UK) has warned.
For information and advice on spam and scam messages, click here.
The scam text messages claim that there has been fraud on the recipient's account or that the account details need to be updated. They encourage recipients to call a number or visit a website, often claiming the matter is urgent. However the telephone number or website is actually controlled by the fraudster, enabling them to steal security details which can be used to access the victim’s bank account and steal money.
To make the texts seem authentic, fraudsters use specialist software which alters the sender ID on a message so that it appears with the name of a bank as the sender. This can mean that the text becomes included within an existing text message thread on the recipient’s phone.
Through a second route the fraudsters take, the texts warn that the recipient will soon receive a call from their bank’s fraud department. However it is actually the fraudster that then calls the victim and attempts to trick them into revealing their full security details.
Intelligence also suggests that fraudsters are sending scam texts which appear to be from a landline number, asking the recipient simply to call their bank. This is in the hope that the victim will phone the number from which the text was sent, which is controlled by the fraudster, rather than the bank’s regular customer service telephone number.
Financial Fraud Action UK’s advice on how to avoid becoming a victim of this scam:
• Be suspicious of any text message that asks you to provide sensitive personal information, passwords or to make transactions.
• If you’re asked to call the number given in the text message and the number is unknown to you or suspicious, call your bank on a number that you trust – such as the one on the back of your card – to check the number and message is authentic.
• Do not call the phone number a text message has been sent from; instead call your bank on a number that you trust.
Remember your bank will never:
• Phone you to ask for your 4-digit card PIN
or your online banking password, even by tapping them into the telephone keypad.
• Ask you to update your personal details by following a link in a text message.
• Tell you over the phone how to respond to a text message confirming a transaction.
• Ask you to transfer money to a new account for fraud reasons, even if they say it is in your name.
Katy Worobec, Director of Financial Fraud Action UK, said: “These text messages can look very authentic, so it’s important to be alert. Always be wary if you receive a message out of the blue asking you for any personal or financial details. If you’re ever at all suspicious, call your bank on a number that you know. Remember, fraudsters are after your security details – don’t reveal anything unless you are absolutely sure who you are dealing with.”
By Get Safe Online