In an emerging scam, individuals are receiving calls from what appears to be their financial institution’s customer service phone number to confirm “fraudulent charges” on their accounts. However, these phone numbers are spoofed and are coming from scammers impersonating financial institutions.
Scammers may ask individuals to confirm information, from their name and address to their username, as well as a few “charges” on their account. They will often say these charges are coming from out of state to ensure the individual disputes them. Upon confirmation the charges are incorrect, the scammer may say the individual’s username and password have been compromised, along with their credit or debit card. To fix this, they say they will be sending the individual a text or email in the following 24 hours with a link to follow for new login information and a confirmation number.
During the call, criminals may ask individuals to confirm the last eight digits of their card or provide their full Social Security number (SSN) to verify their identity. Additionally, scammers may say the charges are being placed with a certain type of mobile phone and ask the individual if they know anyone who has that kind of phone – and what type of phone they have – all irrelevant questions a financial institution would not need to ask.
At this point, many would assume this is a scam. However, identity thieves may be able to provide a name, employee ID and confirmation number upon request, making it challenging to determine if this is legitimate or not. Even if an individual has an anti-scam feature on their mobile phone in which all scam calls are immediately sent to voicemail, these calls can still get through if they have called their financial institution’s customer service line previously.
If an individual becomes suspicious and asks the scammer to confirm information that a financial institution should have on file, such as the last four digits of the account number, they will not be able to. And as with most scams, criminals create a sense of urgency saying if the individual does not give them the information requested now, all the work they have done so far will be lost and their account will still be compromised.
If successful, the scammer typically changes the account number, locks the owner out, and empties the funds from the account. Unfortunately, once this occurs, there is little a financial institution can do to recover the funds. To avoid this, here are a few red flags to watch for:
- The call may come at any time, including late at night and on the weekends. Remember, a financial institution will only contact you during regular business hours, and typically only when prompted.
- Sending a text or email with a link. A legitimate organization will never send you a link to follow. Clicking this could unleash harmful malware onto your device.
- Asking for account and personal information. A financial institution should already have any account and personal information they need on file. APGFCU will never call, text or email you asking you for your personal information such as your online banking password, debit card PIN number, expiration date or CVV code on your card(s).
- Urgency and threats. A financial institution is there to help you through every situation, not scare you into taking action. If you feel pressured, it is likely a scam.
- Odd behavior. A major indicator of fraud is experiencing out-of-the-ordinary behavior from a financial institution, including the scammer saying, “I’m using your financial institution’s phone number.”
If you think you are being scammed, hang up immediately, call your financial institution at their published number and ask about any fraudulent charges on your account. Visit our Security page for more information on keeping your finances and information safe.