What would you do if your bank called to tell you your card had been compromised? There was a time when most of us would have believed the caller and done what we could to protect our accounts while getting a new card. Unfortunately, that is no longer the best approach because all too often, the bank isn’t calling you.
In Eastern Ontario, Mississippi Mills recently reported that there has been an increase in fraudsters posing as investigators working for banks, law enforcement or merchants. Believing they are helping, the victim is convinced to send an e-transfer to their own cellphone; on the surface, this appears to mean that the individual is not losing any money. But that’s the catch. The con provides the security question and response for the e-transfer. After initiating the transfer, the “investigator” asks for part of the e-transfer URL link. When the “investigator” receives that information, they intercept the transfer and divert the funds.
What makes this kind of fraud harder to spot is that fraudsters can spoof telephone numbers and use personally identifiable information to convince the victim that the call is legitimate. Personally identifiable information alone is no longer sufficient to prove authenticity. Why? Because there is a lot of information publicly available, and fraudsters are willing to look for it.
Personally identifiable information is easier to find than you think.
For instance, what comes up when you search for your name? If you haven’t already done this, you should make it a practice to periodically search your name using Google, Bing or even AI. The amount of information that is available to bad actors is outstanding. Even if someone believes they are safe from this type of fraud because they don’t use the internet, they are wrong.
AI can provide multiple searches in seconds, providing insight into our lives through any public source on the internet. Additionally, AI gives fraudsters new information, allowing them to make educated guesses about their victim’s age, address, family, and interests. That information may be used to convince you that you are talking to someone trustworthy.
So, if you can’t trust a call that appears to come from the bank because the phone number may have been spoofed and the caller may be a fraud, what can you use to authenticate a call? There are a few steps you can take. One, if you receive a call like this, do not give any information until after you have verified the caller, using the number on the back of your card or by using the publically available number through an online search engine. Two, ask for a case number to be referenced when you verify the caller; if you cannot get one, hang up. Third, do not give any personally identifiable information to the caller.
Is what the “bank investigator” is asking me to do reasonable?
- -Why would they need you to send an e-transfer to yourself? There are other ways of testing e-transfer systems.
-Why would they need to set up the security question and response? If the money is coming from your account to your account, the only person who would need this information is you.
-Why do they need the transfer URL? Only the recipient of the e-transfer needs that information.
-What does your online banking tell you about your card usage? Hang up the phone and check your account yourself. If you want to talk to someone at the bank, call the number on your card, not the number that contacted you.
Report all frauds, including attempted frauds. File reports with your local police, including all phone numbers used by the fraudster and all communications received. Report the fraud to the Canadian Anti-Fraud Centre and tell those you know about it. The more fraud is reported, the more awareness of fraud there is, and the fewer victims of fraud there are.
Kathleen O’Donoghue, CFE
Leave a Reply