Criminals are Disguising as Financial Institution Employees
Produced by Ann Davidson, Vice President of Risk Consulting | November 20, 2019
Financial intuitions around the country are reporting phishing attacks on accountholders where criminals are posing as a fraud team representative from the institution. These attacks have resulted in as much as $10,000 in losses from a single attack. Thus far, three types of attacks have been occurring:
The fraudster calls, texts, or emails the accountholder to “verify” multiple pieces of private information, so they can then pop into the account and drain it of funds. In many instances, criminals “spoof” the financial institution’s phone number so it shows up as such on the accountholder’s caller IDs. Information requested from the accountholder includes, but is not limited to:
- Online banking user name and password
- PIN number
- Security codes
- Account number
- Card number
After stealing the authentication layers from the accountholder, the fraudster contacts the financial institution, call center, or a third-party call center vendor to place a “travel alert” and then travels to other states to commit the fraud.
After stealing the authentication layers from the accountholder, the fraudster resets their user name and password to get into their online banking account. Once in, they change the listed phone number and email address to their own contact information to re-route micro deposits and verification codes.
Sign-up for our Fraud & Security Risk Alerts and receive ongoing education about top-of-mind fraud & security risks.
What Can You Do?
Because these accountholders are under the assumption their financial institution is contacting them, many are willingly giving out private information.
Here is what you can do NOW to mitigate exposure to these crimes:
- Educate your entire staff and call center about these attacks so they are aware fraudsters are posing as fraud team members, and they stay on high alert for the tell-tale signs noted above.
- If an accountholder requests an email or number change via online or mobile banking, instruct staff to call the accountholder at another known phone number on record to validate and confirm the request's validity.
- Consider turning off email changes and phone number changes via online/mobile banking platforms.
- Let accountholders know about phone number “spoofing” so they understand these calls are not legitimate and know not to answer.
- Before placing a travel alert, call and speak with the accountholder to confirm they requested it.
- Let all accountholders know about these crimes, informing them to hang up/ not respond to any incoming call/text/email claiming to be from your financial institution, and to call the financial institution’s listed phone number to report any such incident right away.
- Consider sending out a communication to accountholders about these scams and/or adding a warning when accountholders log in to your online and mobile banking platforms.
- Advise members to monitor the news and Federal Trade Commission (FTC) website or to signup for the FTC alerts so they remain aware of other common scams.
- Connect with your vendors to make sure they know about these attacks and to ensure they are educating their staff and clients about them.
With the upcoming holiday season around the corner, it is critical your accountholders know about these crimes, so they keep their private information protected.
Click Here to Download the Risk Checklist: Holiday Scam Prevention for Financial Institutions and Consumers
It is critical that we work together and collaborate to share this information with our financial institution team and accountholders to prevent fraudsters from infiltrating your financial institution or misappropriating your accountholders' funds. Learn more about how Allied Solutions is helping our clients prevent and manage fraud.
About Allied Solutions
For over 20 years, Allied Solutions has been selling and underwriting customizable solutions to keep credit unions protected from unexpected risks. Allied is now the industry's largest independent producer of credit union bond and insurance business with more than 800 clients nationwide and a staff that has extensive technical experience and know-how. It is this commitment and expertise that has helped Allied save clients millions in insurance premiums, and has resulted us in being granted 'Preferred Partner' status by NAFCU Services.Content in the blog posts are the opinion and views of the writer, and don't necessarily reflect the opinions or views of Allied Solutions.