Best Posts in Thread: Scam risks to your bank accounts

I have been reading past threads on a huge variety of scams within the country - and on that subject it would be possible to write a very large book!

I am writing more on banking-type scams and I think almost everyone is now aware of phishing emails - but I was surprised recently to read of crooks taking over sims. So, for those not aware, I decided to write this and also to recap on some of the (probably more well known) scams. Perhaps everyone is aware but if only one member learns something new then it will have been worth me again interrupting my very busy schedule ( ) to write about the subject. I am sure I have not covered everything so hope others might chip in.

Sim Card Swaps:
Basically, crooks use the fact that mobile phone service companies will move (port) a phone number to a new sim card if the original card is lost or there is an upgrade. The crooks gather personal details about the victim, by phishing, buying them from other criminals, collecting information foolishly posted on social media* or by directly socially engineering the victim (the psychological manipulation of the victim into performing actions or divulging confidential information). *I knew someone who put clothes into her washing machine with all her bank/store cards in the pockets. She told everyone about her mistake by posting on FB and included photos of all the cards!

The crooks then uses these details when contacting the victim's mobile telephone provider. They use social engineering techniques to convince the phone company to port the victim's phone number to the crook's OWN sim. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. BUT, in many cases SIM numbers are changed directly by telecom company employees bribed by the crooks.

Once this happens the victim's phone will lose connection to the network and the crook will now receive all the SMS and voice calls intended for the victim, thus allowing the crook to receive OTPs sent via text or telephone calls supposedly to the victim. This enables crooks to access victims' bank accounts, social media accounts, etc. that rely on text messages or telephone calls. Once they have access to accounts they can also change passwords and thus totally isolate a victims from their accounts, whilst removing all the cash.

So, apart from the essential awareness not to disclose information, if a sim appears not working then suspect a sim-swap as a possibility and contact banks and the sim provider asap.

Just a few more points for those not fully aware:
Phishing/Smishing/Vishing is where an email/text/phone call is received (perhaps all three to appear really genuine) and as it seems to come from the victim's bank, it looks valid. It may warn that the bank account has been compromised and gives a phone number or link to follow. The phone call or link will actually be going to a crook who then asks details of passwords/pins and so gains access to the victim's accounts. What some people do not realise is that if a crook randomly sends out 10,000 phishing emails from Bank X, those who do not use Bank X will ignore them as a scam or mistake BUT those who use Bank X will assume it must be legit ('or how else would they KNOW I use that bank?'). Email addresses can be stolen, generated or given out by the victim innocently (so if chatting online to that beautiful Russian lady - who in reality has a beard (two ways to look at that statement!) - then don't give her an email address used for banking).

SO:
1. NEVER follow a link in an email if it has any risk (e.g. is to do with banking). INSTEAD, input your bank online address in your browser from information you know is valid OR visit the bank in person.
2. If you do follow what seems an innocent link, do not give any information (even name and dob). This does not apply, of course, to things you are very familiar with and secure about - but still use extreme caution.
3. The same applies to texts or phone calls but in the case of replying to a phone call DO NOT call the person back on any number they give you and do not call them back IMMEDIATELY (even if using a phone number you know is valid) as they can keep their line open and when you phone back it is the crooks you will be connected to and not Bank X (or whatever).

In summary: Disregard any information provided to you and GO BACK TO SOURCE - using the phone numbers you 100% know are your bank's or make a personal visit to the bank.

Even if this does not apply to you (because you are already aware), please think about helping your SO become aware as, unfortunately and with no disrespect, Filipinos are very gullible.

This site gives more information: https://www.scamproof.ph/