Friday, January 7, 2022

Bank transfer scam alert

Many banks use Zelle when you want to transfer money to someone at a different bank.  There is a scam going around that you need to know about.  Basically, it goes like this:

1. You get a text message claiming to be from your bank, asking if you authorized a large cash transfer.

2. When you text back that you did not, you get a phone call from your bank's "Security group".  The scammer spoofs the outgoing caller ID so it looks like it's coming from your bank.

3. To "verify your identity" the caller asks you for the email address associated with your account.  They then tell you they are sending you a text with a security code, and ask you to read it back to them.

Do not do anything in #3!  What the scammer does is initiate a "forgot password" request at your bank's web site which generates the security code.  If you give them the email address and security code they can log in as you and drain your bank account.

Remember, your bank will never ask you for your email address, or password, or to read them a security code.  That's why you have to set up a "security question" for your account - what was the name of your first pet, that sort of thing.  They will use that to verify that it is actually you.

Brian Krebs has a detailed writeup on this.

4 comments:

LindaG said...

Thanks for this. Wish these people would get an honest job.

You all be safe and God bless.

Jerry said...

When you get a suspicious e-mail or text do NOT click on the link or reply to the text. The first thing to do is ask yourself if you were expecting this transaction. If no report the scam to your financial institution. Either call your financial institution and ask if they sent it or take the offending text into your local office and ask people you know if they sent it.

Feral Ferret said...

As Jerry said, if you are not sure, CALL your financial institution at the number you already have on file and ask them. Do not respond to the text.

This is just basic security for avoiding phishing attacks. The same applies to any emails you receive claiming to be from your financial institution that request information or that come from a different email address than normal.

Also goes for PayPal and similar. I receive close to a dozen phishing emails pretending to be PayPal every week to a couple of my email addresses that do NOT have a PayPal account associated with them.

Adrian said...

I have decided that if I receive ANY message from someone with an Indian, accent or someone who sounds like he/she is an Indian that I will hang up immediately. I know that this sounds like I am some kind of a racist, but I have been fooled and deceived several times by someone with an Indian accent. They are extremely competent, very skillful and very convincing. I have let them take over my computer and was helpless to control them. Don't bother to tell. me I am stupid or gullible because I know I am. Just be warned!