Text Message Scammers Quietly Prey on Regional Banks
You get a text message from your bank telling you there's been suspicious activity on your account. You call the number on your phone to see what's going on, and before you know it, you're a victim.
Antiphishing Group Develops E-Crime Reporting Tool
Getting Clueful: Five Things You Should Know About Fighting Spam
Welcome to the next big thing in phishing.
Law enforcement and security experts say that for more than a year now, scammers have been using scam text messages to prey on small regional banks and their customers. And according to a report set to be released next Tuesday by Cisco Systems, the problem has only been getting worse in recent months.
"It's a serious problem," said Pat Peterson, a security researcher with Cisco.
Here's how the scam works. The criminals pick a bank -- say a credit union in Medford, Oregon -- then they bombard every phone in Medford's 541 area code with a phishing message sent by SMS (Short Message Service) telling the victims to call a fake 800 number that looks like it's from a local credit union. Because they're targeting a bank in the region, the bad guys have a pretty good chance of hitting real customers who may not have heard about the scam.
They use the open-source asterisk software to set up a fake voice-operated system and steal information when people enter their account numbers, passwords and other sensitive information to authenticate themselves on the system. When the criminals use this information to transfer money overseas, the banks take the loss.
By targeting regional banks, they scam has managed to stay somewhat under the radar and not attract a lot of attention, said Nick Newman, a computer crimes specialist with the National White Collar Crime Center. Big banks have large security teams set up to tackle this type of fraud, but with a regional institution such as a credit union, "their entire IT team for the bank might be only five people," he said.
Another problem for the banks is that the scam subverts one of the main techniques that banks and security experts have been trying to drill into their customer's heads for years now, Newman said. "We always say, 'If you have any questions, call your bank, or they'll call you.' Well SMS is pretty close to calling your bank. It gets to the point where it's like, 'What do we tell people to do now?'"
This past weekend, the scam hit southern California, where Wescom Credit Union and Farmer's & Merchants Bank were targeted. But they're just the latest of many.
Cisco Systems
Everything BlackBerry with tips, news and reviews from our mobility expert Al Sacco.
