New Phishing Attacks Target Institutions in Four States

CA., NY, PA and WI Customers Victimized by Text, Phone Messages
New Phishing Attacks Target Institutions in Four States
A fresh string of phishing attacks have struck financial institutions nationwide over the past two weeks, with customers of 10 banks and credit unions in California, New York, Pennsylvania and Wisconsin receiving fraudulent text messages or automated phone calls.

These incidents are concurrent with a new report from the Anti-Phishing Working Group, which says such attacks are up nearly 600 percent this year.

Text Messaging Scams

Members 1st Federal Credit Union of central Pennsylvania reported on Sept. 28 that it received calls from customers about text messages claiming that their cards were blocked. The calls were purportedly from Members 1st, and the customer phones that were targeted were reportedly AT&T mobile phones.

Members 1st has customer education information on its website about vishing and phishing scams and tells customers what to watch for.

Similar attacks happened on Oct. 2 in Nebraska to Greater Omaha Credit Union customers. Omaha police say the phishers sent text messages to mobile phones in the Omaha area, claiming their bank card had been deactivated and instructing them to call an 877 number to reactivate it. At least one customer fell victim, losing several hundred dollars to phishers located in Huntington Beach, CA. "Once he changed his PIN, somebody went in and withdrew the money," said Richard Patterson, president of Greater Omaha Federal Credit Union.

The credit union's staff fielded from customers and others who received the bogus text. "Basically [they were] asking why they had been getting this text message, and most of them don't even have accounts with us," says a bank representative.

How the scam works: Fraudsters learn the first three digits for certain cell phone providers in an area and just dial in remaining digits for mass texting, hoping to catch customers.

Another Omaha-based credit union, Omaha Federal Credit Union, was hit with the same text messages, and alerted its customers with this message:

"Text Messaging Scam -- OFCU Members, please be aware that Omaha FCU does not use text messaging to contact our members. If you receive a text message that says "from Omaha Federal Credit Union" do not respond to the message. It is not from OFCU."

Listen to the automated vishing call:

At the same time, on Long Island, Suffolk police were investigating scams involving attempts to steal credit card and PINs from customers at two different credit unions, Suffolk Federal Credit Union and Island Federal Credit Union. The scam worked by sending text or voice messages to card holders who were told their debit card had been deactivated. The would-be victims were told to call a phone number and provide account and PIN numbers to reactivate the accounts.

California Bank Hit in Automated Attack

The phishing scam that hit Liberty Bank, Boulder Creek, CA on Oct. 2, is still happening. The bank reports that an automated phone call phishing scam references Liberty Bank by name, making the scam more believable to unsuspecting bank customers.

The Santa Cruz Sheriff's office initially handled the investigation, but the case has been turned over to the FBI, says Jill Hitchman, first vice president of the bank. "We've been told that Bank of America, Wells Fargo Bank, Citibank and some credit unions as far away as Humboldt County have been targeted," Hitchman says.

Residents of San Lorenzo Valley and parts of Santa Cruz reported receiving automated phone calls, purportedly from Liberty Bank, saying, "Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department."

Customers who pressed "1" were asked to enter their credit/debit card number and personal identification number. Once usernames and passwords to a web-based e-mail account are captured from a customer, criminals can access the login information and transfer money out, Hitchman says.

Hitchman explains that the phishers used phone systems that were hijacked in small companies to make the calls. "They used voice over IP technology to get into the back door of these companies," she says. This recording is the actual message that customers heard from the phishers.

The source of one calling point was identified: a web site was hijacked, and calls were made from West Virginia. "That was shut down, but more continue." Hitchman says.

"There will be some losses," Hitchman said. "Charges started showing up almost immediately after our customers gave away their card numbers." The charges were made in Romania on cards that were counterfeited, she says. No amount of fraudulent charges have been released by the bank.

Hitchman warns other financial institutions to be on alert, as her bank is "still being bombarded by calls." Although she didn't know exact numbers of customer affected, "I can say for sure we've received more than 1000 calls from customers. and that they aren't stopping," Hitchman notes. "We're a small community bank, and this has impacted us greatly."

Attacks Ongoing in Wisconsin

On Oct. 9, a small community bank in Madison, WI. was hit by what is being suspected as the same phishing gang preying upon Liberty Bank, says a spokesperson who did not want to name the specific institution.

"How we know that it is the same group: Two of the same numbers used in the Liberty Bank attacks were used in the attacks against our bank," the spokesperson says.

While these types of calls happen on a regular basis, "This one is more troubling because it is specifically naming the bank in the message," says the spokesperson. Only one customer reported giving up a card number, "and we were able to cancel their credit card number before any fraud was committed."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.