If you get an SMS message supposedly from your bank about a fraud alert, be wary. The FBI has issued a warning about cybercriminals circulating fake fraud alerts to trick victims into handing over their cash.
The scheme tries to scare you into believing the scammers are representatives of your bank. An automated SMS message will appear on your phone, claiming to be a fraud alert from a banking institution. It’ll then ask if you recently made an instant payment in the thousands of dollars.
If the victim responds to the message, the scammers will then proceed to call back by spoofing the 1-800 number from the banking institution. They’ll then claim they work for the bank’s fraud department and do so while speaking in English, without a discernible accent.
To fool their victims, the scammers will resort to researching their victims’ histories to learn their past addresses, Social Security numbers, and the last four digits of their bank accounts. “In many cases, the cyber actors engaged with victims for several days,” the FBI notes.
Once the trust has been established, the scammers will tell victims the fraudulent charge was made on their bank account through a digital instant payment app. "These payment apps are meant for the quick transfer of funds between registered users, with only the recipient's email or mobile number needed to initiate an instant payment transaction," the FBI said.
The scammers will then walk the victim through the various steps to reverse the payment. But in reality, the cybercriminals are trying steal the funds.
“Using the bank's legitimate website or application, the actor instructs the victim to remove their email address from their digital payment app,” the FBI said. “The actor, after asking for the victim's email address, adds it to a bank account controlled by the actor.”
The victim will then be told to send another payment transaction, under the belief they’re reversing the charge and merely sending the money to themselves. However, the victims are actually transferring the money to the scammers.
To protect yourself, the FBI is urging the public to be on guard against “unsolicited requests to verify account information” from your bank. “If a call or text is received regarding possible fraud or unauthorized transfers, do not respond directly,” the agency added.
Instead, it’s best to contact your bank through verified phone numbers and emails, which can be found on your banking institution’s website. Fraud alerts from your bank also usually come through official channels such as the bank's mobile app or verified email domains.
The FBI adds: “Be skeptical of callers that provide personally identifiable information, such as Social Security numbers and past addresses, as proof of their legitimacy. The proliferation of large-scale data breaches over the last decade has supplied criminals with enormous amounts of personal data, which may be used repeatedly in a variety of scams and frauds.”
For more tips, check out our guide on avoiding phishing scams.