To Call or Not To Call: New Scam Campaign Targeting Financial Institution Customers
A Scam Warning
A SCARS Insight
Scams Evolve Into New Methods And New Platforms
Identity thieves and scammers are preying on bank, credit union members, and financial institution customers using more unconventional methods.
Instead of cold calling targets or sending a fake link to harvest confidential information, these scammers are asking you to call them.
Bitdefender Antispam Lab reports a flood of phishing emails that claim your card was locked or flagged.
Just in the past month tens of thousands of fraudulent emails urging recipients to call phony telephone numbers to resolve some issue and reactive their Credit Cards or Debit Cards.
Examples:
You can find a list of email variations in the list below:
- Credit Union Support Service: Your card has been reported. To reactivate call to 194******22.
- CU Support Service: Your card has been reported. To reactivate call to 1-248-***-***1.
- You have received a C.U. alert. CaLL now free : 1-40*-***-**44.
- CUNA Support Service: Your card has been reported. To reactivate call to 17******260.
- FCU Support Service: Your card has been reported. To reactivate call to 1248******1.
- You have received a F.C.U. alert. CaLL now free : 140******44.
- N.C.U.A. Support Service: Your card has been reported. To reactivate call to 1-760-***-**38.
- NCUA Support Service: Your card has been reported. To reactivate call to 173******74.
- Your C.U. Card been suspended. CaLL now free : 17******260 and follow instructions.
- Your C.U. card has been flagged. Call 194******22 to remove this issue.
- Your C.U. card has been frozen for the moment. Please contact 1-248-***-***1 for details
- Your NCUA card was blocked. Please contact 140******44 for unlock
Regardless of the financial institution, they will look similar.
What can happen if you call the number?
Users who call the number are likely to end up talking to an identity thief or scammer who will ask for their online banking or other financial account passwords and usernames.
The criminal might even attempt to log into your account while talking to you. If you have additional security measures enabled that require entering a verification code received via text or email, the scammer will also ask for it by making up an excuse. With this information, they can raid your bank account and steal your identity.
How to stay safe
The good news is that many individuals who receive these messages won’t necessarily have an account at the mentioned financial institution. If you have any concerns, contact your bank or financial institution by calling the support number found on the official website or the back of your card.
Don’t attempt to call the number even if you know it’s a scam. The scammers will know that your contact information is “good” and they will most likely target you with additional scams.
What your bank will never do!
While most banks and financial institutions will have email and text-based alerting systems to notify customers, there are some things your financial institution will never do:
- It will not send unsolicited emails or texts asking you to call an unknown number to resolve a security issue
- It will never ask you to give personal and sensitive information such as full Social Security numbers, passwords, PINs, verification codes, CVVs or any similar data via the phone, email or text
As a rule of thumb, you should never give out personal information to any service provider or individual who contacts you unexpectedly, especially by email or phone or text. The only time a bank customer should be providing his data is either in-person at your local branch or via the official website when applying online for a loan or credit card, or on the official phone number provided by your bank or financial institution.
Whenever you receive a suspicious email, text, or call, there are always steps you can take to safeguard your data.
Verify directly with your service provider and save a copy of the information related to the fraud attempt to share with your bank and law enforcement. By reporting malicious activity, you can help protect other members, your family, and friends from similar attacks.
You can report these to:
- reportfraud.FTC.gov
- Report the phone numbers and email addresses on www.Anyscam.com
- Report them to your national cybercrime police
[COMMENT REMOVED BECAUSE IT PROMOTES SCAMBAITING]