As apps that do all of the heavy lifting for you become more widespread, the threats to your accounts become more pronounced. This software allows even amateurs to get into the cybercrime business. The software and the scams are becoming ever more sophisticated, with some of them catching even the most wary people.
As one business owner found out when he lost more than $120k, these guys are getting pretty good at suckering people in. Thinking that you are smarter or that you can’t possibly be fooled is a mistake.
He received a call from a person claiming to be from the Chase fraud department and asking to verify a suspicious transaction.
The 800-number matched Chase customer service so Mullenaux didn’t think it was suspicious when the person asked him to log into his account via a secured link sent by text message for identification purposes. The link looked legitimate and the website that opened appeared identical to his Chase banking app, so he logged in.
Thinking about this now and preparing a security plan is the best way to defend yourself. In this case, a password manager would have known the site wasn’t legit, and would not have filled in his credentials. That may have been the red flag he needed to realize he was being suckered. Most of us know that we shouldn’t give our credentials to someone who contacts us, but this new breed of con man is using a combination of misdirection and deceit to trick us into letting our guards down. Using computer tools to aid us in spotting fake login sites is the way to go, IMO.
7 Comments
Anonymous · February 9, 2023 at 8:48 am
I stopped clicking links in emails at least 10 years ago and I have never used a link received via text. I also refuse to install apps on my phone for anything, right down to the grocery store bullshit.
Waldgangers · February 9, 2023 at 9:26 am
Fam has to enter a code from an automated call to access Chase account.
Some people are so far gone they still consider it their money when the banks don’t see it that way.
Comrade commissar FDR disabused any notions regarding this with gold back in an earlier time of the Long March to burn America down by any means necessary in order to merge it with the global Soviet.
Toastrider · February 9, 2023 at 9:37 am
“The 800-number matched Chase customer service…”
And yet he didn’t try to contact Chase, but instead happily clicked on a blind link sent my text.
it's just Boris · February 9, 2023 at 11:38 am
Some people still think caller ID equals identity. Understandable, but hasn’t been necessarily the case for some years now. (Well, never, really, but spoofing has become much more widespread.)
Toastrider · February 9, 2023 at 9:03 pm
Spoofing is -definitely- more widespread.
But if ‘your bank’ is sending you unexpected texts out of the blue and telling you ‘plz click this link’ you should immediately be on your guard.
We lecture people about being in Condition White, what’s the difference here?
it's just Boris · February 9, 2023 at 11:50 am
A couple of guidelines I try to always use in case of a fraud alert.
0. Most important – don’t do ANYTHING in haste. There is no credit card fraud emergency that has to be dealt with right now in seconds or the world will collapse (a). Don’t let anyone rush you to do something out of your pre-thought-through process. Same with a bank account; if they’ve held a transaction, by definition, it’s been halted so you have time to work the issue properly. If it wasn’t held, it’s not like there is a seconds-count time limit on disputing it.
1. Do not call any number, or follow any link, provided by SMS or email. Call the bank using the number on your card, or their website that you have bookmarked and know is valid.
2. If cold-called, ask how to get to them via the main number, e.g. their extension or dial code. If they can’t or won’t provide it, ask them to make a note in your file so the person you reach knows what it’s about. If the caller tries to rush you, or say don’t call the main number, that’s an indicator something is fishy. (There is no “I am the only one that can help you” by design in bank fraud department processes.)
3. Call the bank, ask for the fraud department, and ask the first person you talk to, whether there has been any activity on your account. If not, then you can let them know you were just targeted.
(a) if your teen daughter bought tickets to Cancun for her and her three boyfriends, for instance, yes, that might be an emergency; but it has to do with the family, not the card as such. The card can wait.
D · February 9, 2023 at 11:21 pm
I don’t bank with the big banks.
My bank is local.
It doesn’t matter what the Caller ID says. I know their voices.
I always answer and say “This is D” and they reply “Hey, it’s Susie from the bank”, and I say “Hey Susie, how’s Bill?”. The reply is “*Brian* is good?”. I now know I’m really talking to Susie, because her husband is Brian. They then tell me whatever, and I say “Ok–I’ll see you in 5 minutes” and I go drive to the bank to do stuff in person.
I have two accounts with them. One has no access. No debit cards, no online service, no nothing. The only way to get money out is by going into the bank. I will either withdrawal from that account, or transfer it into my account that *does* have online access.
That “online” account routing number is only known by privacy.com, and I use privacy.com to create virtual cards with limits for all my online purchases. When some online service gets breached, I know who it was immediately because the virtual card (which either has a monthly amount set or a one-time-only flag set) alerts me.
Most of my bills (internet, PUD, insurance, fuel for the car, etc…) all get paid in cash over the counter. My wife drives into town once a month and pays everything while shopping.
I had a credit card number stolen and abused once in my life, but I’ve never had my identity stolen.
Comments are closed.