You may have heard of or use mobile payment apps like Venmo, Cash App, or Zelle that let you send and receive money through your smartphone. FMFCU also has it’s own product called SendMoney. Fraudsters are using these apps to fool you into giving up your cash*. Scammers want you to pay in a way that’s quick and makes it hard for you to get your money back. That’s why they’ll tell you to wire money or pay them with reload cards or gift cards.
For years, scammers have been making up all kinds of stories to trick people into sending them money. They may lie to you and say
- you won a prize or a sweepstakes and need to pay some fees to collect it
- a loved one is in trouble and they need you to send money
- you owe taxes to the IRS
- they’re from tech support and need money to fix a problem with your computer
- they’re someone who is romantically interested in you and needs some money
How the scam works:
- It starts with fraudsters sending account alerts to members via text message – appearing to come from the credit union – warning them of suspicious debit card transactions on their accounts.
- The fraudsters call the members who respond to the text spoofing the credit union’s phone number claiming to be from the credit union’s fraud department and are calling to verify suspicious transactions on the member’s account.
- To verify the identity of the member, the fraudster asks for their username and tells them they will receive a passcode via text message and the member must provide the passcode over the phone.
- The fraudsters actually attempt a transaction that triggers a 2-factor authentication passcode, such as using the “forgot password” feature, and the passcode is sent to the member via text or email who, in turn, provides it to the fraudster.
- The fraudster immediately uses the passcode to login to the member’s account, changes the online banking password, and uses Zelle/P2P to transfer funds to others.
In a few cases where the members refused to provide the passcode to the fraudsters, the fraudsters impersonated the members and social engineered the members’ mobile phone carrier and were successful in porting the members’ mobile phones to a different carrier. Other credit unions reported that fraudsters successfully social engineered the credit union’s call center employees into changing mobile phone numbers on member accounts allowing the fraudsters to receive the passcodes. In some cases, the fraudsters hacked member email accounts to intercept passcodes sent via email. These tactics allowed fraudsters to intercept the passcodes needed to login to member accounts.
If you sent money to a scammer, report the scam to the mobile payment app and ask them to reverse the transaction right away. Then, report it to the Federal Trade Commission. When you report a scam, the FTC can use the information to build cases against scammers.
*Mobile Payment Apps: How to Avoid a Scam When You Use One, Federal Trade Commission.