A vishing (voice phishing) scam is targeting many individuals using security features to provide cyber-criminals with access to a customer’s account. Threat actors are spoofing phone numbers, masquerading as the potential victim’s bank, and claim that there are suspicious withdrawals on their account. After the customer verifies that the withdrawal is fraudulent, the threat actor asks for the banking customer’s member identification. This information is then used by the threat actor to generate a one-time verification code text message from the legitimate banking institute. The threat actor prompts the customer for this code and uses it to reset the victim’s password, granting them access to the account. The Cumberland County Department of Information Technology recommends individuals who receive similar calls to hang up and contact their bank via the contact information found on their banking website or the customer service number found on the back of their payment card to verify the call’s authenticity and report the fraud, if applicable. Users are urged to regularly monitor their banking statements for fraudulent activity. For further information, please review the CBS News article. |