According to the ABA, phishing schemes that aim to gather credit and debit details from consumers are on the rise. The crux of most scams: Misinforming consumers about closure of or trouble with their bank accounts, a lure to consumer replies from the socially engineered scam.
Last week's smishing attack, which targeted thousands of Wells Fargo customers by sending out a flood of phony text messages to mobile numbers in Oregon, is a prime example. The scam, feigning to come from Wells, attempted to get mobile recipients to respond with bank details related to their Wells accounts [See Smishing Scam Targets Wells Fargo].
Earlier this month, Police in Pima County, Ariz., issued a similar warning about smishing, phishing attacks, targeting mobile users in the Tucson region.
Authorities say consumers were receiving phishy text message that asked accountholder to call specified numbers to resolve possible compromises of their bank accounts. The smishing attacks included the last four digits of the user's debit card, which made the text messages appear legitimate.
The ABA says these types of schemes are common. In some cases, consumers are even asked to text or e-mail card expiration dates and CV security codes.
"Those who respond to these inquiries run the potential risk of having their information used to fraudulently purchase goods and services, or to obtain credit," the ABA says.
"Phishing is fairly cyclical," says Doug Johnson, vice president of risk management policy for the ABA. "Based on a recent uptick in activity, we decided to remind customers how to protect themselves from phishing, which is something we do periodically."
Tips for Institutions and Consumers
The ABA suggests financial institutions share tips and remind consumers that socially engineered schemes rely on methods financial institution would never employ.
To avoid fraud, banks and credit unions should remind consumers to:
- Never give out personal or financial information in response to an unsolicited phone call, fax, e-mail or text.
- Contact the bank to confirm the legitimacy of any e-mail that asks for the submission of personal or banking account information.
- Check credit card and bank account statements regularly for unauthorized transactions, even small ones.
- Make sure websites are secure when submitting financial information online. Check for padlocks or key icons at the bottoms of Internet browsers. Most secure Web addresses also use "https."
- Report suspicious activity to the Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center.
- Contact your bank immediately if a phishy link may have been clicked or a suspicious communication responded to.
- For information about identity theft, visit the ABA's Consumer Connection.
Jeffrey Roman contributed to this article.