I noted on TV the latest scam the Cybernasties have in their arsenal.
The assumption is that they have already compromised the bank customer’s login or bank card. Usually that is enough to get into the victims accounts, however, now many have 2 factor authentication (2FA). This means the bank website will recognize that the person trying to log in is doing it from an unknown location. This will cause it to enact 2FA.
In most cases, the 2FA will send a code to an assigned phone number. In some cases the cybernasties can clone the victim’s phone, but some have reverted to a more low tech scamming technique. They call the victim, claiming to be the bank. They mention some bogus transaction, and say they need to verify who they are calling.
This is where the 2FA is subverted. They will tell the victim on the phone that the bank will send them a code, and then have the victim read it, out loud. This means the culprits have broken into the bank account, but needed the 2FA code, which the victim has now given to them. The accounts are now compromised.
How to Fight This Scam
First, if someone calls from the Bank, make them identify themselves to your satisfaction. Ask them questions and worse come to worse, tell them you will call them back. Tell them you don’t do business over the phone if they say they don’t do that. You will go into a branch and deal with the problem there.
Change your login password right now. Assume you are already compromised, which is the case. Given the daily identification breaches that are happening, it is a safe assumption. Change your password more than, never, as well.
Add 2 Factor Authorization to your accounts now. Never, give anyone the code sent to you from Two Factor Authentication. The scam folks are out there and they want your money (or loyalty points).
Resources
- Canadian Cyber Safe web site, from the Government of Canada.
- Watch the Bee Keeper, a violent movie, but it starts with a similar scam to watch out for.
When you build better security, you build better criminals. We no longer pickup the phone for unknown #s. Have a great day.