Do not accept any of these calls.
Anadolu Agency via Getty Images
It was updated on November 29 with new warnings about an increase in dangerous calls to citizens and additional advice on what to look out for.
You have been warned. The FBI just released a harsh statement new warning As cybercriminals gain access to customers’ bank accounts, the bureau says those attackers have already stolen $262 million this year, with the threat likely to worsen over the holidays.
Some of these attacks come at you via text message or email, tricking you into sharing one-time passwords or even your real password. “The cybercriminal then uses the login credentials to log into the legitimate financial institution’s website and initiate a password reset, ultimately gaining full control of the accounts.”
But the new advice singled out phone calls as the most serious risk. “Be suspicious of unknown ‘bank’ or ‘company’ employees who call you,” warns the FBI. “Don’t trust caller ID. Hang up, verify the correct number and call it yourself. Companies generally don’t contact you to ask for your username, password or OTP.”
There are several other ways one of these attacks can target you — including manipulating search engine results to display a fake login page in front of the real pages in the results. That way, even if you hang up a call and look for a legitimate website, you might be tricked and gain access by mistake.
User lures for attacks can vary, but are likely to include a sense of urgency to force you to act before you can think. Fraudulent transactions, compromised accounts or stolen passwords are always good entry points for an attack.
“Once the impersonators gain access and control of the accounts,” the bureau says, “cybercriminals quickly transfer funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets.” An attacker can also “change the online account password, locking the owner out of their financial accounts.”
If you have been the victim of any such attack, or if you have shared information or logged into an account using a website that you now believe may have been fraudulent, contact your bank and explain the situation. And change your online passwords.
“Contact your financial institution as soon as the fraud is identified to request a revocation or reversal as well as a Hold Harmless Letter or Indemnification Letter,” the FBI says.
“Requesting a revocation and obtaining a Holdless Letter/indemnification documents as soon as possible can reduce or eliminate your financial losses.” Citizens are also urged to “immediately report fraudulent wire transfers to both your financial institution and the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.”
While this FBI warning focuses on financial institutions, we’re also seeing new attacks pretending to be tech support — impersonating Apple or Google or others. The same rules apply. Don’t bother. Hang up. Contact the company using their usual means, or ideally log into your account through an app and check for any messages.
In response to the FBI’s account takeover alert, Bitdefender has published findings from user surveys in several countries, including the U.S. “1 in 7 consumers (~14 %) reported being a victim of fraud in the past year,” it says. “The most common scams encountered are delivery, shipping and mail fraud (21%), followed by credential phishing and account takeover (19%) – the type highlighted by the FBI.”
Bitdefender says that while “social media has overtaken email as the primary vehicle,” it found that “25% of fraud is now done over the phone.”
While the FBI’s latest alert focuses on cybercriminals impersonating financial institutions to trick customers into giving up their account information, there’s another dangerous impersonation scam the bureau has flagged that’s now on the rise again.
Many local police forces in the US are warning again (1,2,3) that citizens are being called by people pretending to be officers. Many of these calls even spoof real police numbers to make the lures even more convincing. These scams are not limited to state and local police. Federal agencies – including the FBI — have also been forged.
THE FTC explains “the call is from someone claiming to be a sheriff or deputy at your local police department.” They say “you will be arrested unless you pay a fine. To avoid arrest, you may be told to send cash, deposit money at a Bitcoin ATM, buy gift cards and give them the numbers, or send money.”
“There are many versions of impersonation fraud,” says the FBI, and all of them take advantage of intimidation tactics. Typically, scammers use an urgent and aggressive tone, refusing to speak or leave a message with anyone other than their target victim. and will urge victims not to tell anyone else, including family, friends or financial institutions, about what is happening.”
The FTC’s advice on this is clear — again, don’t answer the calls, hang up, call back using a publicly available number that’s verifiable.
“Even if the caller uses the name of a real officer, has a real number displayed on caller ID, or has information about you (like your address), that’s not a real officer calling. It’s a scammer trying to steal your money. Here’s what you need to know:
- Real law enforcement officers will not call to say you are going to be arrested (or threaten to arrest you if you hang up).
- Real law enforcement officers will not call you to insist that you pay fines with cash, a gift card, cryptocurrency, a payment app, or a wire transfer service — and never as a way to get away with a ‘crime.’
