Part Three: Scams involving Banks/Financial Institutions + Phishing Email Scams
This is part three of our four-part article series on online scam/fraud prevention and information. In this article we focus on scams involving Banks/Financial Institutions as well as attempts through phishing emails.
Scams involving Banks/Financial Institution are very dangerous because once it is successfully completed; the scammer has full access to the victims’ online banking account and can basically steal all the funds. What the scammer needs, it is just the victims’ phone number or email.
In case of an attempt through phone call, the scam usually starts with the scammer pretending to be a worker of the victims’ bank fraud department (the phone number sometimes can also seem to be the real bank number which nonetheless was disguised through a software) stating that information verification is needed because of some “recent fraudulent activity” was detected on the victims’ account. In this case, the scammer is basically trying to follow the simple password change procedure in the banks’ website using the information and accounts of the unsuspecting victim.
In the case of a scam attempt through email (phishing), the process is much simpler. The victim receives an email from seemingly his bank, which gives a reason for account information verification. The email usually includes a link which diverts the victim to a fake website disguised as the victims’ bank and requires the login information to be placed. Once this is done, the scammer basically has the information to casually log in the victims’ account and steal the funds through untraceable software.
Important note: Banks and financial institutions will never ask you for such information. Please read below a real text message I received from my bank recently.
“FRAUD ALLERT: If you receive calls, sms or emails asking you to provide online banking credentials and card details, you must not reply as this is a fraud attempt. The Bank will never ask you to provide such information”
This is essentially an attempt to receive the personal information such as phone numbers, credit card information, ID information and social security number of the victim through diverting him to a fake website disguised as a legitimate one.
Tips: How to recognise a phishing email.
1) Look at the email address. Very rarely a legitimate organization will have @gmail.com in their email address. Additionally, the email address could include some very subtle characters which are not clearly visible without a more in-depth examination of the link, such as “www.pazarakii.com” instead of the real website of “www.bazaraki.com”.
2) Because illegitimate websites are cleverly disguised and often come across as real/legitimate ones, check for spelling/grammar errors and the general typing style of the website. If the tone is not professional enough and something seems off, it is better not to continue and instead search the company/organization through their official website.