Blog

SMS Bank Fraud

SMS fraud, where fraudsters send unsolicited text messages to a victim for the purpose of obtaining the victim’s banking information, is on the rise. 

HOW TO IDENTIFY A THREAT:

The victim receives a text message alerting them of a suspicious debit that was attempted on their account with instructions to reply via a link or phone number to validate the legitimacy of the transaction.  With this spoofing technology it appears the texts and phone calls are coming directly from the victim’s bank. The goal is to get the victim to respond (or in some cases the fraudster initiates a follow-up phone call), where the impersonator then requests the victim to provide their account number or online banking credentials to validate their identity.  With this information the fraudster can clear out the victim’s account.

HOW TO PROTECT AGAINST THIS THREAT:

Cyber security experts recommend that account holders who receive a text message from their bank or credit card company, or from anyone asking them to do
something, to call the company back via their public telephone number, not the number that was provided to them in the text. 

Consumers should save their bank's phone number in their contacts so they can call them immediately if they ever get one of these texts or calls. They also should not use the same password for all their accounts or use passwords that can be easily guessed. Passwords should be frequently changed.

Consumer should always use multifactor authentication when its available and should know banks will
never ask their customers to transfer money to a new account.

ADDITIONAL RESOURCES:

Beware of SBI SMS scam! Bank warns users, shows how to stay safe from online fraud (hindustantimes.com)

SMS About Bank Fraud as a Pretext for Voice Phishing – Krebs on Security
Consumers who suspect they may have been a victim of SMS Fraud should contact their financial
institution immediately.