Scam risks to your bank accounts

I have been reading past threads on a huge variety of scams within the country - and on that subject it would be possible to write a very large book!

I am writing more on banking-type scams and I think almost everyone is now aware of phishing emails - but I was surprised recently to read of crooks taking over sims. So, for those not aware, I decided to write this and also to recap on some of the (probably more well known) scams. Perhaps everyone is aware but if only one member learns something new then it will have been worth me again interrupting my very busy schedule ( ) to write about the subject. I am sure I have not covered everything so hope others might chip in.

Sim Card Swaps:
Basically, crooks use the fact that mobile phone service companies will move (port) a phone number to a new sim card if the original card is lost or there is an upgrade. The crooks gather personal details about the victim, by phishing, buying them from other criminals, collecting information foolishly posted on social media* or by directly socially engineering the victim (the psychological manipulation of the victim into performing actions or divulging confidential information). *I knew someone who put clothes into her washing machine with all her bank/store cards in the pockets. She told everyone about her mistake by posting on FB and included photos of all the cards!

The crooks then uses these details when contacting the victim's mobile telephone provider. They use social engineering techniques to convince the phone company to port the victim's phone number to the crook's OWN sim. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. BUT, in many cases SIM numbers are changed directly by telecom company employees bribed by the crooks.

Once this happens the victim's phone will lose connection to the network and the crook will now receive all the SMS and voice calls intended for the victim, thus allowing the crook to receive OTPs sent via text or telephone calls supposedly to the victim. This enables crooks to access victims' bank accounts, social media accounts, etc. that rely on text messages or telephone calls. Once they have access to accounts they can also change passwords and thus totally isolate a victims from their accounts, whilst removing all the cash.

So, apart from the essential awareness not to disclose information, if a sim appears not working then suspect a sim-swap as a possibility and contact banks and the sim provider asap.

Just a few more points for those not fully aware:
Phishing/Smishing/Vishing is where an email/text/phone call is received (perhaps all three to appear really genuine) and as it seems to come from the victim's bank, it looks valid. It may warn that the bank account has been compromised and gives a phone number or link to follow. The phone call or link will actually be going to a crook who then asks details of passwords/pins and so gains access to the victim's accounts. What some people do not realise is that if a crook randomly sends out 10,000 phishing emails from Bank X, those who do not use Bank X will ignore them as a scam or mistake BUT those who use Bank X will assume it must be legit ('or how else would they KNOW I use that bank?'). Email addresses can be stolen, generated or given out by the victim innocently (so if chatting online to that beautiful Russian lady - who in reality has a beard (two ways to look at that statement!) - then don't give her an email address used for banking).

SO:
1. NEVER follow a link in an email if it has any risk (e.g. is to do with banking). INSTEAD, input your bank online address in your browser from information you know is valid OR visit the bank in person.
2. If you do follow what seems an innocent link, do not give any information (even name and dob). This does not apply, of course, to things you are very familiar with and secure about - but still use extreme caution.
3. The same applies to texts or phone calls but in the case of replying to a phone call DO NOT call the person back on any number they give you and do not call them back IMMEDIATELY (even if using a phone number you know is valid) as they can keep their line open and when you phone back it is the crooks you will be connected to and not Bank X (or whatever).

In summary: Disregard any information provided to you and GO BACK TO SOURCE - using the phone numbers you 100% know are your bank's or make a personal visit to the bank.

Even if this does not apply to you (because you are already aware), please think about helping your SO become aware as, unfortunately and with no disrespect, Filipinos are very gullible.

This site gives more information: https://www.scamproof.ph/

 

Recently I received a scam text from "my bank" asking me to go to a website.
From my desktop I decided to follow the link which lead to a site that wanted me to verify my Gmail account. It looked like a Microsoft site but the www. Address was some funky name. I could imagine someone people getting sucked in.
An older friend had someone from her "credit card company" call. The call ended abruptly when they asked for here card number. She said you tell me the number and I'll tell you if it's correct.
So many scammers out there.

 

This is particularly true for people who participate in crypto currency. As you can read in the referenced post the scam is quite elaborate and requires work. Furthermore tracing money transferred from a bank is relatively easy for banks to do after the fact. Then the banking accounts the scammers use get frozen until the matter is resolved. So the scammer looses account resources almost every time they do a scam.

On the other hand getting away with stealing cryptocurrency is easy. The crypto currencies are designed for anonymity. Be very careful when interacting with discussions regarding cryptocurrency. Once a scammer realizes you are into crypto you become a target.

Even the North Koreans are into this in a big way.

1.3 Billion
https://www.washingtonpost.com/nati...ccf0dc-7129-11eb-93be-c10813e358a2_story.html

100 Million
https://www.coindesk.com/doj-charges-3-north-korean-hackers-with-stealing-100m-from-crypto-exchanges

Recently there were some posts on this forum regarding crypto mining. Beware and avoid.

 

Your bank has a land-line number. Ask the caller for it. Not as easy to change as cellular. I give this advice to people about employment-abroad recruiters. Maybe the bad player's corporate name is not on the gov't black list, but you can search the land-line number.

 

For a surprisingly ‘orderly n law abiding’ country where I work I probably get 2-3 telephone calls a month from ‘my bank’/credit card company, even “the government central bank sir” (said in a thick Keralese or Nigerian accent).

The game player that I am, a variety of responses are invoked. I’m going through a Liam Neeson in Taken phase atm. If I don’t know the number it’s like auto-pilot on and membership of a prohibited para military organisation from Northern Ireland full on persona adopted. I actually got away with that when a driving instructor failed to deliver even one lesson after I had paid for ten for the daughter in Singapore. Money returned within 24 hours.

Anyway, thanks NMRN, very informative. Hazards of modernity file updated.

 

This is the reason why the word "trust" gets forgotten. Btw, thanks for sharing this one.

 

Thanks for posting.

Lot more scams than usual since Covid.