Sadly, creativity is one of the primary skills a scammer needs to succeed ⁠— and a new type of identity fraud making the rounds shows just how dastardly these criminals can be. If you’ve been getting a high volume of robocalls recently, here’s why answering the phone might be a bad idea.

Scammers can now fake 2FA text messages from your bank

According to reports from CBS News, a new phishing scam is spreading rapidly that uses high-tech trickery to mask the phone numbers of the criminals behind it. By posing as legitimate banks, scammers are deceiving victims into giving up critical private information like bank accounts, credit card numbers, social security numbers and PINs. This new scheme uses advanced level spoofing techniques so the caller and text messages look and sound authentic. Phone spoofing is nothing new; scammers have relied on it for some time now to get past call block filters from carriers. Click or tap to see how robocallers use spoofing to harass you. The latest scheme was brought to the public’s attention thanks to a Twitter thread by technology lawyer Pieter Gunst. When he received the initial call, the scammer claimed to be a rep from Pieter’s bank and had detected a suspicious withdrawal in Florida. To “verify his identity,” the caller asked for his login ID number and sent a text message to confirm. They then read several transactions back to Pieter, who confirmed they were accurate.  

  1. “Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?” Me: no. — Pieter Gunst (@DigitalLawyer) October 7, 2019 It was only when the caller asked for Pieter’s PIN that alarm bells went off. He immediately hung up the call and checked his bank to find out what happened. Apparently, the scammers had used the “password reset” feature on the bank’s website to send a real code to Pieter’s phone. By reading the code back, the scammer successfully phished his account and read back his transaction history to seem more authentic. Without the PIN, though, the scammers couldn’t make use of his payment card. To keep his information safe, Pieter requested his bank put a freeze on all transactions and reset his password. He then filed a police report and reset his other passwords to be safe. Meanwhile, Pieter’s Twitter thread gained exposure thanks to other victims who had been attacked by the scammers and wanted to spread awareness. As of now, the perpetrators and origin of the scam remain unknown.

How can I protect my accounts from this scam?

As with any phishing scam, the dangers it poses depend on how much information you give up ⁠— and whether you even encounter the scammers, for that matter. Using caution when answering the phone is one of the best ways to stay safe. NEVER answer calls from numbers you don’t recognize. Scammers specialize in spoofing numbers as part of their confidence games. If you do happen to pick up, keep in mind banks will always identify themselves when calling customers. If the caller says something like, “this is your bank” without elaborating further, that’s a major red flag. If you have any doubts at all, disconnect the call and contact your bank using the number on the back of your debit or credit card. If you happened to fall victim to the scam, your first course of action should be to call your bank. Additionally, calling a credit reporting agency and asking for a credit freeze may be in your best interest. Click or tap here to learn how to freeze your credit and protect your identity.