SMS fraud, where fraudsters send unsolicited text messages to a victim for the purpose of obtaining the victim’s banking information, is on the rise.
HOW TO IDENTIFY A THREAT: The victim receives a text message alerting them of a suspicious debit that was attempted on their account with instructions to reply via a link or phone number to validate the legitimacy of the transaction. With this spoofing technology it appears the texts and phone calls are coming directly from the victim’s financial institution. The goal is to get the victim to respond (or in some cases, the fraudster initiates a follow-up phone call), where the impersonator then requests the victim to provide their account number or online banking credentials to validate their identity. With this information, the fraudster can clear out the victim’s account.
HOW TO PROTECT AGAINST THIS THREAT: Cyber security experts recommend that account holders who receive a text message from their bank or credit card company, or from anyone asking them to do something, call the company back via their public telephone number, not the number that was provided to them in the text.
Consumers should save their bank’s phone number in their contacts so they can call them immediately if they ever get one of these texts or calls. They also should not use the same password for all their accounts or use passwords that can be easily guessed. Passwords should be frequently changed. Consumers should always use multi-factor authentication when available and should know banks will never ask their customers to transfer money to a new account.
Consumers who suspect they may have been a victim of SMS Fraud should contact their financial institution immediately.