Over the past few weeks, we have been getting more and more reports of fraudsters targeting the bank accounts of people in Oregon. Here’s how it usually starts: The bank customer receives a text asking if she approved an unusual transaction. Of course she didn’t — so she clicks on the phone number listed in the text to report the fraud. That number, however, is spoofed. It looks like the real number for the bank, but it is a fake — and the customer gets routed to the scammer.
The person who answers the phone poses as a bank employee, telling the customer that someone has changed the username on the account… which of course generates fear that a bad guy has already accessed the account. While the customer is panicked, the fake bank employee asks the customer to share her real user ID and the password verification code. He offers to send her a new debit card before hanging up.
Even if you realize immediately that something is not right, the scam artists are in your account and transferring money out in a matter of seconds.
Here’s how to protect yourself:
- Be familiar with what fraud alerts from your bank look like and what actions your bank may request from you.
- When in doubt, do not click on a link or dial a phone number directly from a text alert. Look up the customer service number for the bank from an official source — such as the bank’s website or what you find on a statement. Call that number instead.
- Never give out password or PIN information to anyone.
- Set up double authentication on your account if that is an available option. That means you and your bank have an extra set of security questions, PINs or other protocols in place to help ensure your safety.
If you have been victimized by this online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at ic3.gov or call your local FBI office.