Look Out For Bank Communications Spoofing
03/22/2023
Bank Communications Spoofing
Have you ever received a spoofing message? The FBI defines spoofing as “when someone disguises an email address, sender name, phone number, or website URL – often just by changing one letter, symbol, or number – to convince you that you are interacting with a trusted source.” Some scammers choose to spoof the URLs of financial institutions when targeting consumers. Read on for more information about bank communications spoofing.
Text Spoofing
Text spoofing occurs when scammers text victims, usually from a short code number (a five- or six-digit number typically used by organizations), to impersonate a bank they may or may not use. This text will usually include a link or phone number. The text will claim your account has been compromised or you need to confirm a purchase by clicking the link and logging into your account. However, these links can install malware on your device and lead to spoofed websites where login information is stolen. Instead of clicking the link in a text, it is always recommended to call your bank via a verified phone number to confirm activity or call the number on the back of your debit or credit card.
Remember: Carefully examine any URL or phone number sent in any text messages; scammers use slight differences to gain your trust.
Phone Spoofing
There have been many reports lately of scammers spoofing bank phone numbers. This is commonly referred to as Caller ID spoofing and uses technology to deliberately falsify the number shown on your caller ID display. Scammers will then claim to work for the bank and ask you to verify any number of things like transactions or information. The scammer usually has enough information about the victim obtained through phishing or the black market to gain their trust.
Once these scammers have gained your trust, they usually employ one of two tactics. In order to verify you now, the scammer will ask for your full account number, online banking credentials, or remote access to your device. After they have this information, the scammer will transfer your money out of your account. The other tactic scammers take is to inform you that they have noticed unusual activity. They convince you that the best way to safeguard their money is to transfer it to a “vault bank account.” This account does not exist, and legitimate banks do not ever suggest this.
Remember: Companies generally do not contact you to ask for your login credentials. If you doubt the identity of the person contacting you, hang up and call your bank via a verified phone number or call the number on the back of your debit or credit card.
Website Spoofing
There are several ways consumers can be on the lookout for spoofed website URLs. The first is to evaluate domain names. Sometimes scammers will make similar domain names to popular sites, such as Netflix.movies.com instead of Netflix.com. Consumers should then look at the quality of website design. Low quality visuals, strange layouts, and poor design can all be evidence of a spoofed website. Finally, consumers should pay attention to contact information and check it against bank statements or bank cards.
If your bank uses a .BANK URL, like The Savings Bank, it is even easier to distinguish between a legitimate and spoofed website. A .BANK domain is not only more secure than a .COM, but scammers cannot get a .BANK domain like they can a .COM. All .BANK domains must meet certain security requirements as well as be a verified member of the banking industry. These special domains include encryption measures and authentication emails for consumer safety.
Conclusion
Bank communications spoofing can make consumers nervous; however, you can rest assured that your bank is here for you! If you have any questions or concerns about communications you are receiving, call the number on your bank statement or card. If you or someone you know is the victim of a spoofing scam, report the incident to the FBI’s Internet Crime Complaint Center (IC3).
Sources:
https://www.bbb.org/all/spot-a-scam/how-to-identify-a-fake-website
https://www.aarp.org/money/scams-fraud/info-05-2012/caller-id-scams-on-rise.html
https://www.bbb.org/article/scams/18596-scam-alert-hit-delete-on-phony-banking-texts
https://u.bank/blog/post/what-is-a-bank-url