The COVID-19 pandemic has led consumers to increasingly turn to digital payments, enabling fraudsters to hide among the larger volume. Fraudsters are also taking advantage of the pandemic, using fear and uncertainty to victimize consumers.
We've become aware of a scheme being used to gain access to online banking and then using Zelle to transfer money out. Here's the scenario:
The consumer receives a text from a fraudster to alert about a suspicious transaction. Upon receiving a response text declining the transaction from the consumer, the fraudster calls the consumer, pretending to be the fraud department of the financial institution. The fraudster gains access to the consumer's online banking account by requesting the username and one-time password, which it then used to reset the password. Upon gaining access to the online account, the fraudster registers for Zelle and attempts to send payments.
In a majority of these cases, risk models detect the fraud activity and the transaction as high risk. The user then receives a stepped-up authentication request via SMS (text) to authorize the payment. Through social engineering and direct calls, some users are still falling victim to these fraud scams. In these cases, the fraudster calls to convince the consumer to authorize the stepped-up authentication request, so that the consumer can receive a refund from the previously fraudulent transaction. In reality, the consumer is not getting a refund, but is sending the payment to the fraudster.
While we as a bank do as much as we can to prevent fraudulent activity from happening on your account, ultimately, we rely on you to monitor your accounts and not share personal account information that could lead to someone harming you financially.
Things to keep in mind:
- Citizens National Bank will never call you to request information you received via text (SMS) or pressure you to reset your online banking log in password.
- Don't trust caller ID. Caller ID may be modified to show your financial institution's name.
- Don't provide your online banking log in credentials, one-time password, account number, or personal information by email, text, or phone call. Reach out to CNB by phone to confirm that the request is legitimate.
- Don't give information over the phone if you receive a call stating that a transaction is canceled, even if the caller claims to be from CNB. Once again, contact us using a published phone number to inquire about the transaction.
- Don't click on links in unsolicited emails or texts.
- Don't give an unsolicited caller remote access to your computer.