The voice on the other end of the line informs you they're a "security officer" at your credit union, and they want you to confirm some suspicious transactions on your account.
Sounds fishy? It's not just fishy, it's a form of vishing (or sometimes called vhishing, short for voice-based phishing) and we've been informed that fraudsters are using this phone scam to steal money from members and customers of other financial institutions. Here's how the scam plays out, what you should watch out for, and what you should do if one of these scammers gets your personal information.how the scam works
Once you've confirmed with the fraudster that the so-called suspicious transactions are not reflected in your account, they'll ask you to verify yourself with your login ID to your account.
When they have your login ID, they'll work around two-factor authentication by asking you for the secure access code that you'll get on your cell phone when they initiate a lost password request on their end. They'll also ask you for your debit card and PIN information.
Now that they have your sensitive financial information, they'll quickly act to conduct a peer-to-peer transaction that drains money out of your account.
Here's How to Bust the Scam
Your phone rings and you find yourself listening to a "security officer" at a financial institution with whom you conduct business. What should you do?
Your first line of defense is knowledge. "If we noticed a suspicious transaction on your account, we might call you to inquire if it was legitimate, but we would never ask you for your passwords or pin numbers," said Denise Bouchard, Hanscom FCU's Information Security Officer. Keep in mind that financial institutions can access your accounts without your login ID or passwords so it makes no sense that a legitimate employee would call you asking for them.
Hanscom Federal Credit Union will never call you and ask you to confirm your password or pin numbers.
Also, Hanscom FCU's peer-to-peer platform does not currently permit debit card transactions, which limits our members' exposure to fraudulent activity with this particular vishing scam.
Your next line of defense is to simply hang up on these calls. The longer you stay on the phone, the more likely you are to drop some information these crooks can use for their benefit.
Once you hang up, you can report the call to your financial institution so they can be aware of the fraudulent calls and step up any additional security measures they have in place to prevent other members from losses. You can call our Remote Support team at 800-656-4328 to let them know about the call.
Help! I gave Out my personal Information!
If you were lured into this vishing scam, please contact your financial institution immediately so they can investigate and prevent any further damage to your accounts. Use the phone number on the back of your debit card or the number for the financial institution you've saved in your phone. Never call back a number given to you by the person on the other end of the line.
If you feel you have been a victim of this scam with your Hanscom FCU account, please report the incident to our Remote Support team at 800-656-4328.
Others are reading: