Text messages & spoofed websites used to lure members into scam
Fraudulent text messages appearing to come from the credit union are being sent to members. The links lead to spoofed websites that are made to look like the credit unions’ legitimate websites and members are enticed to click on the link and share confidential information such as username, passwords, as well as 2-factor authentication passcodes. These fraud attempts have resulted in losses from account takeovers.
SMiShing (SMS text message phishing) is quickly becoming a preferred choice of fraudsters to lure members into giving up their credentials or sensitive information. The text messages have the following themes:
• Member’s account has been locked or suspended due to suspicious or fraudulent transactions.
• Unusual/suspicious transactions at Walmart.
• Unusual/suspicious transactions at cryptocurrency exchanges.
• Suspicious Zelle transfer.
The fraudsters immediately use the credentials to login to the member’s accounts. Since the fraudsters used unregistered devices to login to the accounts, a 2-factor authentication passcode is generated and delivered to the member who, in turn, enters the passcode on the spoofed website. The fraudsters immediately use the passcodes to complete the login to the member accounts.
Once logged into the members’ accounts, the fraudsters change the member’s contact information and then remove funds using Zelle/P2P or ACH transfers. In other instances, the fraudster calls or texts the member in which they claim to be from the credit union and need the one-time passcode.
The primary institutions that have been used to move funds to have included Metabank; Green Dot; Bancorp Bank; or Coastal Community Bank. However, there may be more financial institutions being used.
Members should consider these risk mitigation tips:
• Don’t reply to suspicious text messages and refrain from calling the number
• Don’t click on links or open attachments contained in suspicious text messages and emails
• Report suspicious credit union-themed text messages and emails to the credit union
This blog is brought to you by TruStage
Disclaimer: This article is for informational purposes only. For advice regarding your specific financial situation, please consult a financial planner or a trusted financial professional