FBI: Payment app users targeted in social engineering attacks


Level 85
Thread author
Honorary Member
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts.

The warning, published by the Federal Bureau of Investigation as a public service announcement on Thursday, says the attackers will call victims who respond to their phishing messages from phone numbers spoofing the banks' legitimate 1-800 support number.

"Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors," the FBI said.
The FBI also shared a list of precautions Americans using digital payment apps should be aware of to avoid falling victims to one of these scams:
  • Be wary of unsolicited requests to verify account information. Cyber actors can use email addresses and phone numbers which may then appear to come from a legitimate financial institution. If a call or text is received regarding possible fraud or unauthorized transfers, do not respond directly.
  • If an unsolicited request to verify account information is received, contact the financial institution's fraud department through verified telephone numbers and email addresses on official bank websites or documentation, not through those provided in texts or emails.
  • Enable Multi Factor Authentication (MFA) for all financial accounts, and do not provide MFA codes or passwords to anyone over the phone.
  • Understand financial institutions will not ask customers to transfer funds between accounts in order to help prevent fraud.
  • Be skeptical of callers that provide personally identifiable information, such as social security numbers and past addresses, as proof of their legitimacy. The proliferation of large-scale data breaches over the last decade has supplied criminals with enormous amounts of personal data, which may be used repeatedly in a variety of scams and frauds.