We have seen an increase in phishing events during the COVID-19 pandemic. It is important that you understand phishing events that target debit and credit cardholders. Phishing events are when a fraudster attempts to steal a person’s data, mainly login credentials and card information. The fraudster then uses this information to process fraudulent card transactions, online banking transactions or ATM withdrawals.
Here is an example of what a Phishing Scam might look like:
- The fraudster gathers information from social media so they can personalize the attack and make the scam more believable.
- A cardholder receives a phone call from the fraudster posing as a financial institution employee.
- The fraudster spoofs the phone number from the financial institution (making it look like it’s coming from the bank) when contacting the victim, making the call seem legitimate.
- The fraudster advises the cardholder that they have fraud attempts on their card and they will receive a text with a case number.
- While on the phone, the fraudster performs a transaction they know will generate a fraud alert.
- When the cardholder receives the case number, the fraudster asks for the case number over the phone so the card can be permanently blocked- at least that’s what they tell the cardholder.
- The fraudster uses the case number to instead validate the activity as valid, so they can continue to use the card fraudulently.
- The fraudster may even suggest the cardholder transfer money into their checking account from savings to make it “safer,” thereby giving the fraudster access to more of the account.
- The cardholder thinks the fraud was caught and stopped, while the fraudster is busy committing more fraudulent transactions and stealing even more money.
Since education is the best line of defense in preventing phishing attacks, you should know how Firstrust will interact with you. You will NOT be contacted by us ever asking for the following information:
- Account Number/Card Number
- Social Security Number
- Online Banking Login Credentials
In addition, you will never be advised to transfer money or withdraw money. If any information concerning suspicious activity is texted to you, Firstrust does NOT call and ask the cardholder for the information. When cardholders call Firstrust to validate suspicious transactions, Firstrust will request the case number to authenticate them. You should always reply NO if you are unaware of the transactions in question received via a text or email, no matter what direction you have been given.
As always, please be vigilant of any calls you receive requesting personal information. We are here to assist you with any questions you may have.
Stay safe. Stay vigilent.