Fraudulent calls posing as bank phone calls.

The authorities have recently warned of an increase in phone scam calls, where scammers pretend to be from a bank and ask the recipient to share their personal details. Rather than viewing this as a new trend in phishing, we should understand this as another iteration of the social engineering technique that has been around for decades.

Phone spoofing

Phone spoofing is a common phishing tactic that follows an increasing trend. Spoof calls have the intent to trick and compromise bank customers into transferring or disclosing financial information to these “phantom” scam artists who steal information and use this confidential data for unauthorised purchases on their own accounts.

The attackers not only can engage in “fake bank support” but also threaten to access personal data and account details if needed. The impersonation technique gains easy trust from the target, making them believe that they are conversing with their trusted bank.

Common sense precautions are urged by experts to protect yourself, such as: 

• Never disclose your full banking information, 
• Do not rely on verbal recognition.

In what way is this happening?

1. Scammers like to use a specific type of software that generates fake caller ID information, so remember to be cautious.
2. Criminals may use social engineering tactics to get a victim to part with sensitive information such as bank account details or access.
3. In many cases, attackers pretend to be from a bank’s centre and claim that they’ve detected unauthorised access to the recipient’s account. To sound more plausible, they use scripts and dialogue much like those used by bank call centres. For complex topics, they use fear to get people to act.

Scammers usually do one of the following when they call:

If you receive a phone call that appears to be coming from your bank and it’s using a similar phone number, there are some simple tips to help you make sure it’s not fraudulent.

With a bank scam call, the scammer will usually do one of the following:

• Ask you to download remote access software. As an example, they can say: “We want to help you solve your problem even if it requires us remotely access your desktop.”
• Send an SMS code to your phone. The code is either a code to either gain access or authorise a transfer, but the attacker may claim it’s a ‘cancellation code’ and ask the recipient to read out the code.
• Ask to provide the following information: recipient’s bank account, login information, and full credit card number.
• One strategy scammers use fear and urgency tactics to try and keep recipients on the phone. They may do this by telling them that they need to talk with them because they have important information or they’ll get an important request in the mail if they don’t answer now.

Protect yourself and your bank accounts from scam calls

• Enable two-factor Authentication (2FA) on your bank account. Two-Factor Authentication (2FA) works by adding an additional layer of security to your online accounts. Gaining account access requires access to something that belongs to you beyond just the username and password. Do not share these codes with anyone. Your bank will never ask you for a 2FA code.
• If you have clicked on a suspicious link or received a call where you’ve provided a 2FA code, contact your bank immediately. 
• Never give out account information, credit card details or remote access to your devices. Your bank will never ask for this information.

News report

There have been news reports of cybercriminals who stole money from unsuspecting bank customers. One common method practised on victims is spoofing phone calls to mimic the call originating from their own bank’s phone number. Armed with highly believable social engineering tactics, it is not a difficult task for them to mimic the caller’s voice, employ fake American accents to pose as a customer