Beware if your bank sends you a text message saying something’s amiss and to call immediately. If you make that call, something could really go wrong.
It seems regional banks and credit unions are prime targets for criminals using phishing schemes to steal account numbers, passwords and other sensitive information. Law enforcement officials say the scheme has been going on for a year, but has escalated in recent months. According to IDG Connect:
“The criminals pick a bank — say a credit union in Medford, Oregon — then they bombard every phone in Medford’s 541 area code with a phishing message sent by SMS (Short Message Service) telling the victims to call a fake 800 number that looks like it’s from a local credit union. Because they’re targeting a bank in the region, the bad guys have a pretty good chance of hitting real customers who may not have heard about the scam.
“They use the open-source asterisk software to set up a fake voice-operated system and steal information when people enter their account numbers, passwords and other sensitive information to authenticate themselves on the system. When the criminals use this information to transfer money overseas, the banks take the loss.”
Regional banks and small credit unions are particularly vulnerable because national financial institutions have security teams to guard against such scams. Nick Newman of the National White Collar Crime Center says, “With a regional bank, their entire IT team might be only five people.”