• en

    • 3 Common Bank Scams Targeting NFCU, Bank of America, and M&T Bank

    Scam Alerts
    #Phishing & Identity Theft
    Header

    Author: Trend Micro

    August 12, 2022

    This article is from Trend Micro.

    One thing we can all agree on is the fact that merely the thought of being scammed is scary. However, if there is perhaps one type of scam that, above all others, nobody wants to fall for, it’s a bank scam. If you were to fall victim to one, you could lose access to your bank account along with all the money linked to it.

    Keep on reading to learn about three clever bank scams that have been circulating recently so you can avoid getting scammed.

    NFCU Alert Scam

    Although Navy Federal Credit Union is a credit union rather than a bank, we thought we’d include it in this post because this scam has been spreading like wildfire.

    The NFCU text scam is a type of smishing (SMS phishing) scam. Scammers have been impersonating Navy Federal Credit Union and sending out text messages telling people that a large payment has been made from their account.

    Source: Reddit


    The messages are clever because they provide people with a link to cancel/resolve the payment issue, preempting the fact that they will be shocked to learn of it and have a strong desire to fix it.

    However, if you were to click on the link, you wouldn’t be taken to the legitimate NFCU website, you would be taken to a copycat version of the real site designed to steal your login and personal information.

    Known NFCU alert scam URLs:

    • navydvfedcu[.]org
    • navycu1fed[.]org


     Bank of America Phishing Scam

    Just like the NFCU alert scam, this Bank of America scam is also a smishing scam. We’ve detected it spreading across a lot of the US, with most activity in California, Florida, and Texas.

    In their malicious text messages, the scammers try to scare potential victims with various fictional issues. Below are two examples of the messages.

    • bofa alerts and security : due to irregular activities your bofa debit cards has been disabled. please log in and review recent transactions at {URL} failure to verify recent activities may result in account closure. reply stop to opt-out of all bofa alerts.
    • bankofamericaonline: alerts: due to new online updates your online banking has been temporarily blocked to stop fraudulent use. please visit at {URL} to opt out of message alerts reply stop messages & data rates may apply
       
      The two messages use different scare tactics, but with the same end goal: to get people to click on the embedded links. When clicked on, the links lead to the page in the screenshot below.

    As you can see, there are fields for all kinds of personal information including card number, its expiration date and CVV code, and even Social Security number! Armed with this information, scammers could steal all your money and commit any number of other crimes!

    Known Bank of America phishing scam URLs:

    • alertsandprofilesca[.]com
    • prepaidboaonlineservices[.]com


    M&T Bank Phishing Scam

    Although its goal is the same as the other two scams mentioned in this post, this M&T Bank phishing scam has been spreading via email.

    Claiming there have been “suspicious transactions”, the scammers try to get potential victims to click on the green “View account activity” button. Of course, as you no doubt will be able to guess, when clicked on, the button leads to a malicious page designed to steal personal information.

    If you’ve received this email, don’t interact with it in any way. Just delete it.

    Known M&T Bank phishing scam URLs:

    • www[.]romsdeals[.]com/wp-content/wp-contacto/h0k3ts/redir/?m=victim@domain.tld
    • readi[.]com/wp-content/wp-contacto/h0k3ts/redir/?m=victim@domain.tld


    How to Protect Yourself

    • Be highly suspicious of messages that claim to be from your bank.
    • Double-check the sender’s mobile number/email address.
    • Always go to your bank’s official website directly instead of using links from unknown sources.
    • Use Trend Micro Check to detect scams with ease — for FREE!
       
      Trend Micro Check — our 100% FREE browser extension and mobile app — can protect you against scams, malicious websites, dangerous emails, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.

    As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.

    Source: pexels.com

    Report a Scam!

    Have you fallen for a hoax, bought a fake product? Report the site and warn others!

    Report a Scam!

    Scam Categories

    Help & Info

    Scam AlertsLearn about ScamsReliable SitesAdvice for CompaniesResearch & ReportsGlobal Scam Country Guide
    See all

    Popular Stories

    How to Recognize a Scam Website

    As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu

    Read more

    How Do I Get Money Back From a Scammer?

    So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking.  If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller.  The condition of the item was misrepresented on the product page. This could be the

    Read more