There is a very popular scam on the rise, where fraudsters are using to gain access to sensitive financial information. These social engineers will send 1000’s of texts to random or targeted phone numbers, asking if the recipients recognize a fabricated charge that the fraudster claims appeared on their card. If a user responds, these malicious individuals will attempt to gain access to private and personal information over the phone by pretending to be a fraud department from a bank or credit union. From there, they will ask the bank’s customer for sensitive information to ‘verify their identity’, such as name, account number, and last four of the victim’s social security number.
We’ve seen this in growing numbers around the Greater Boston Area, and even had a few cases of this in our home town of Braintree, Massachusetts. Unfortunately, the best way to combat this scam is education and security awareness training. No vulnerability assessment, penetration test, or IT general controls review will help steer a potential victim away from compromise.
Best Practices:
- Avoid using debit cards linked to personal bank accounts, such as checking or savings accounts. When in doubt, go credit.
- Never give information to an inbound caller. Always receive the call, hang up, find the phone number to the bank’s fraud department either on the back of the card which is supposedly compromised or on the bank’s website.
