Article 5Y7MT Cybercriminals Are Doing Their Homework in Latest Banking Scam

Cybercriminals Are Doing Their Homework in Latest Banking Scam

by
msmash
from Slashdot on (#5Y7MT)
A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. From a report: The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework. "In addition to knowing the victim's financial institution, the actors often had further information such as the victim's past addresses, social security number, and the last four digits of their bank accounts," the IC3 said. The con starts off as many that target individuals do nowadays: With a text message. In this case it's not a phishing attempt, it's an attempt to ascertain whether the person receiving the message is susceptible to further manipulation. Posing as the target's bank, the message asks whether a large charge ($5,000 in the example the FBI gives) was legitimate and asks for a reply of YES or NO. Replying no leads to a follow-up text: "Our fraud specialist will be contacting you shortly. This is where social engineering comes in, and the FBI is painting a picture of a sophisticated operation. The "fraud specialists" contacting users reportedly "speak English without a discernible accent," and once they establish credibility with the victim they move on to "helping" them "reverse" the fake transaction. It gets even more insidious here: The charges that are being refuted aren't bank charges directly: they are payments being made through an instant payment app like Venmo or CashApp. The fraudster never asks for a password or any information that might clue someone in that they're being strung along. Instead, the caller asks the victim to use their bank website or app to remove their email address from the digital payment app (thereby unlinking the app and bank account), which the fraudster then asks for. Next, the victim is asked to send the same amount as the fake payment to themselves using their own email address, which has already been added to an account the criminal controls.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments