According to a 2021 survey by J.D. Power, 67% of bank customers today use their bank’s mobile app. The popularity is based on the advanced digital features of the apps, among which is the ability to receive personalized account alerts for low balances, large purchases, or unusual activity.
Customers no longer have to wait until their next statement comes out. Mobile bank alerts help customers stay on top of their finances in real time.
Scammers have devised schemes to take advantage of these very safeguards. With information gleaned from security breaches of credit reporting firm, Equifax, as well as breaches to other huge companies’ data bases, they often know the bank or credit union you are using. As helpful as this information may be for scammers, actual access to your accounts was not necessarily available.
A new type of phone scam has recently burst upon the scene. Banking and credit union customers have been receiving phone calls, supposedly from their financial institution, alerting them to a supposed purchase and asking the customer to verify they made the purchase.
To make the call seem legitimate, the actual name of the customer’s bank appears in the caller ID display, the scammer addresses the victim using the customer’s bank name as well as the customer’s actual name.
San Francisco lawyer and CEO, Pieter Gunst, received such a call and explained how effective the premise can be. Here’s what happened:
The fake bank representative asked, “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?”
Gunst replied, “No.”
The scammer continued, saying, “Ok. We’ve blocked the transaction. To verify that I am speaking to Pieter, what is your member number.”
Gunst, thinking the number by itself was useless, furnished it. However, Gunst wasn’t aware that a member number is often used in online banking as the customer’s username.
With Gunst having actually given them his username, the con man was able to quickly click the “Reset Password” or “Forgot Password” link, knowing that Gunst would receive a text message or email with a verification code to confirm his identity. The scammer claimed they had sent the code and asked Gunst to read it back. The scammer then used the code to change the password and take control of the account. In order to further sell the scam, they read out several real transactions for Gunst to verify.
Luckily for Gunst, the scammer pushed a little too far, asking for the PIN on his account so they could block it and send fraud alerts. Gunst realized his mistake and said, “That is BS!,” hung up and called his bank immediately.
Victims of such sophisticated schemes lost nearly $50 million in the latest reporting period. Here’s what you can do to protect yourself from joining the ranks of those victimized:
• If you receive such a call, don’t automatically assume it is your financial institution calling you. Tell the caller you can’t talk right now and call your bank or credit union directly to verify there is a problem.
• Don’t give out your member number or username.
• Never read back any verification codes sent to you.
• Never, ever furnish an account or card PIN to anyone. Legitimate banks and other financial institutions will never ask you for it. They don’t need it to block access to your account.
• If you are lured into giving a verification code or PIN, call your bank or institution immediately so they can lock your account and investigate the situation.
Follow these tips and be safe out there!
