We often receive text alerts from our banks about potential fraudulent transactions. While these notifications are meant to protect us, they can sometimes be exploited by savvy thieves. Here’s a real-life example shared by Kevin from Dandridge, TN, who wanted to let others know about these sneaky tactics so that they could protect themselves against these heartless scammers.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
The incident
Kevin shared a troubling experience where his wife received a text from their debit card bank questioning a potential fraudulent charge. This wasn’t unusual, as they had received similar notifications before and had to replace their cards. She responded with “NO,” indicating that the transaction wasn’t theirs.
Shortly after, she received a phone call from what she thought was the bank. However, the call was from the thieves, who cleverly posed as bank representatives. They didn’t ask for account numbers or passwords but instead requested the answer to a “secret question” that was legitimately set up when the account was created.
Once the thieves had this information, they shut off notifications, transferred funds between accounts, set up an ACH transfer, and withdrew most of the funds. Fortunately, Kevin’s wife checked their accounts daily and quickly noticed the suspicious activity.
They filed a C3 report with the Internet Crime Complaint Center (IC3) and a local police report. The IC3 is a partnership between the FBI and the National White Collar Crime Center, providing a way for individuals to report cyber crimes, including online fraud and identity theft. The bank’s fraud department was able to retrieve the funds from the receiving bank. However, the experience was time-consuming and stressful.
BEWARE OF THIS NEW ANDROID MALWARE THAT EMPTIES YOUR BANK ACCOUNT AND CLEARS YOUR DEVICE COMPLETELY
Why scammers specifically ask for secret questions
Scammers often ask for the answers to secret questions because these answers can provide them with a crucial piece of information needed to access your accounts. Secret questions are typically used as an additional layer of security for account recovery or verification processes. By obtaining this information, scammers can bypass other security measures and gain unauthorized access to your accounts. Kevin’s experience highlights why scammers target secret questions:
Exploiting trust: Scammers often pose as legitimate representatives from your bank or other trusted institutions. By asking for the answer to a secret question, they exploit your trust and the perceived legitimacy of the request. Kevin’s wife thought she was speaking with the bank when, in reality, she was talking to the thieves who had cleverly mimicked the bank’s procedures.
Bypassing security measures: Once scammers have the answer to a secret question, they can use it to reset your password or verify your identity, effectively bypassing other security measures that are in place to protect your account. This is exactly what happened to Kevin’s wife; the scammers used the answer to the secret question to shut off notifications, transfer funds, and set up an ACH transfer.
Easier to guess or find: Unlike passwords, which are often complex and unique, the answers to secret questions can sometimes be easily guessed or found through social engineering. For example, common questions like “What is your mother’s maiden name?” or “What was the name of your first pet?” might be discoverable through social media or public records. In Kevin’s case, the scammers cleverly posed as bank representatives and asked for the answer to a secret question that was legitimately set up when the account was created.
Understanding why scammers ask for secret questions can help you be more cautious and protect your sensitive information. Always be wary of unsolicited requests for personal information, and verify the legitimacy of the request through official channels. Kevin’s story serves as a powerful reminder to stay vigilant and protect your financial security.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Tips to protect yourself
Protecting yourself from fraud requires vigilance and proactive measures. Here are 12 essential tips to help you stay safe:
1) Verify text notifications: Use your bank’s official app or website to verify any text notifications you receive. This ensures that you’re interacting with a legitimate source and not a scammer. If in doubt, contact your bank directly using the phone number listed on their official website. If you can, it would be ideal to have a trusted contact at your bank whom you can call to confirm any text notifications you receive. This ensures that you’re speaking with a legitimate representative.
2) Never share secret answers: Never give out the answer to your secret question over the phone in a call you didn’t initiate, even if the caller seems legitimate. If you contact a bank call center, these questions are needed to authenticate your identity.
3) Hang up the phone and call the number of your bank from the back of your debit card or get your bank’s number from the bank’s official website. If you’re thinking of Googling the phone number you’re seeing on your phone display, think twice as scammers easily spoof the legitimate phone numbers of banks.
4) Turn on notifications on your bank app. Most banks will send a notice when any alerts are turned off or information is changed.
5) Regular account monitoring: Make it a habit to check your bank accounts daily. Early detection of suspicious activity can prevent significant losses.
6) Report suspicious activity: If you suspect fraud, report it immediately to your bank and local authorities. Quick action can help mitigate the damage.
7) Enable two-factor authentication (2FA): Whenever possible, enable 2FA on your bank accounts and other sensitive online accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone.
8) Use strong, unique passwords: Ensure that your passwords are strong and unique for each account. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to keep track of your passwords securely.
9) Be cautious with public Wi-Fi: Avoid accessing your bank accounts or conducting sensitive transactions over public Wi-Fi networks. These networks can be less secure and more susceptible to hacking.
10) Regularly update your software: Keep your devices and apps updated with the latest security patches. This helps protect against vulnerabilities that could be exploited by cybercriminals.
11) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
12) Remove your personal information from the internet: To reduce your online presence, consider using a data removal service. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap – and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.
It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
HOW TO PROTECT YOUR CREDIT AND BANK CARDS FROM GETTING HACKED
Kurt’s key takeaways
Kevin’s story is a reminder of how vigilant we need to be in protecting our financial information. Thieves are becoming increasingly sophisticated, and it’s crucial to stay one step ahead. By following the tips outlined above, you can significantly reduce your risk of falling victim to these banking scams. Remember, staying informed and proactive is your best defense against this kind of fraud.
Have you ever experienced a close call with a scam? What did you learn from that experience? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
3 comments
Always give false answers to these questions when setting up your accounts (keep track of these false answers in a safe place elsewhere).
Scammers tried that one on me, too! They had me fooled — for a minute. But then they asked for the last 4 digits of my card that the fraud charge had (supposedly) been charged to, I said, “You already have that information.” “Yeah, but we need to verify.” I hung up. (Later I realized that they had spoofed my credit union’s regular number, not the CU’s fraud alert number.) I also logged into my account, to check, and as I suspected, no such charges were pending. I also let my credit union know about the scam call, via the secure messaging from my account. They assured me that they do not call or ask to verify account info. The scammer tried calling me back several times over that week and then again a month later. But when I saw it was supposedly from my credit union’s phone number, I just didn’t answer.
I received a docusign email that was fake. I emailed the only company who could have sent it to me and it wasn’t them. I did not do it and deleted the email.