Recently, bakery owner Susan Limb of Maryland was disturbed when she received what appeared to be a call from her bank informing her that multiple fraudulent withdrawals had been made from her business account and that immediate action needed to be taken in order to stop the theft. Limb noticed that the phone number shown on her Caller ID confirmed that the call was coming from her bank and the caller even told her that she could confirm that this was really the bank calling by going to the bank’s website to confirm that the phone number she was being called from was indeed from the bank which Limb did. Unfortunately, Limb was not aware that through a very simple technique called “spoofing,” a scammer can make their call appear to come from whatever phone number they wish.
The scammer then told her that to confirm Limb’s identity a security code would be sent to her which she should, in turn, provide to the scammer posing as the bank official. Limb complied with the request which unfortunately turned over to the scammer the numbers sent to Limb through dual factor authentication of her account. The scammers had somehow been able to steal her password, but would not have been able to access her account without the numbers sent to Limb’s phone by text message as her dual factor authentication. Once she turned that number over to the scammers they were able to empty her account. In order to keep the scam going, the phony bank official told her not to log into her account while the bank was investigating the matter and to ignore any automated alerts she might receive from the bank, telling her that the were redundant to the investigation. When Limb did finally check her account, she saw that the money had been withdrawn by the scammers.
TIPS
Like many scams, this one relies initially on appealing to the part of our brain called the amygdala which prompts us to make quick decisions in emergency situations without necessarily taking the time to carefully evaluate the situation. As I often tell you, due to spoofing, anytime you get a phone call, you can never be sure who actually is calling you. Most importantly, you will never legitimately be asked for a security code sent to your phone as part of dual factor authentication by a phone call. Only scammers do this when they try to trick people in order to nullify the protections provided by dual factor authentication. Such security codes are only to be used by you when you access your account on your phone or computer. Only scammers ask for these numbers in a phone call.
If you get such a phone call and think it may possibly be legitimate, merely hang up and call the bank at a phone number you know is legitimate.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”