New financial scams pose a growing threat in 2024
Financial “mobile abuse” is pegged by many tech experts to grow exponentially in 2024.
Right now, financial service smishing – a type of phishing attack that uses text messages (SMS) to deceive individuals into revealing personal information or clicking on malicious links – is in third place behind business/brand impersonators and delivery service message scams, but that could change.
Cybersecurity firm Proofpoint recently shared several recently-developed financial text message scams with ConsumerAffairs that indicate how professional these financial scams are.
Curiosity kills the cat
Smishers send messages that are designed to pique the recipient’s interest or concern. In the first example, a legitimate-sounding company – FinancialUp – does that by sending the target an innocent-looking text message designed to catch the target’s curiosity with a “We thought you might find this interesting” hook.
Of course, the only thing interesting that the target will find when they click on that link is that there’s an attempt to get their personal information, bank account log-in info, or malware that will be downloaded to their phone, allowing the scammer to take all the information they want.
The reverse fake-out
Another new twist is that scammers are pretending that they’re actually trying to protect the target from a scam. Just like you’d get a message from Apple or Microsoft when their systems detect “unauthorized” activity like someone in Kuala Lumpur trying log in using your email address, scammers are pretending to be a financial institution.
In this instance, “USAA” is being used as the impersonated company, informing the target that their account is being accessed by someone named “rsodusta.” Of course, the target doesn’t know anyone by that name and clicks on the link to try and block them from accessing their account.
You know what happens next…
Down on your luck?
The third leg of the new smishing scams plays on the financial condition of so many Americans who are having a hard time living day to day because of inflation, job loss, or any other financial downturn in their life.
This smish rides on the back of the “National Financial Hardship Loan Center.” There were earlier variations of this using “Financial Hardship Department” as the company, but Jones says the “loan center” version is the latest attempt.
“Threat actors are crafty, and the specific lures change often. The themes or categories of lures change less frequently. Regardless of whether a message is financial or something else, if you receive an unwanted or unexpected message on your phone, you should be highly skeptical.”
The ‘Blocked Number’ text scam
Malwaretips is alerting consumers to another bank impersonation phishing scam where scammers send text messages claiming that the target’s debit card or account has been blocked.
Then, it follows up with a phone number they can call for assistance. Of course, that phone number goes directly to you know where — a fake fraudulent call center run by scammers.
Malwaretips’ Thomas Orsolya explains that the message uses sophisticated spoofing techniques to replicate a legitimate email address like ‘mobile.online.banking-XXXXXXX@msgonline.com’.
So if you get anything thatlooks like this, stay away.
Financial scams will rise in 2024
When ConsumerAffairs asked Blair Cohen, founder and president of AuthenticID, what his biggest scam concerns were for 2024, nearly every single one had to do with some sort of finance-related nonsense: check fraud, account takeover, authorized push payment fraud, etc.
Thank you, AI.
“Spoofing – where fraudsters impersonate someone’s identity to gain trust – will continue to be a top concern in 2024, Cohen said. “By leveraging AI, attackers can create more convincing and targeted scams, making it easier to gain unauthorized access to sensitive information and personal data.”
In other words, you — or none of us — can be too careful. The ConsumerAffairs Identity Theft team monitors this situation and developed an “identity theft quiz” that will provide possible companies that can protect against such attacks. If you’re interested, you can find out more here.