Consumers that utilized easy payment applications online are being warned to be extra cautious when paying for products or services on the Internet. In a recently reported social engineering hack utilizing bogus bank fraud alerts, cyber criminal hackers have been seen busy trying to enrich themselves off online consumers. The latest hacks are seeking to deceive, especially American buyers, which are the largest group of Internet shoppers associated with online payment.
With applications making rapid money transfers, according to the warning, a public service announcement through the Federal Bureau of Investigation (FBI) revealed the payment Apps targeted phishing scams. The warning revealed that dark web hackers have been using telemarketing tactics to target mostly US consumers, who have oftentimes reacted to hacking groups’ phishing communications.
Mostly dark web hackers call from phone numbers that spoof the banks’ official 1-800 support number. After which, they will dupe their victims into making payments with the hack disguise of a false money transfer that has been reversed. However, the phony fraud notifications will provide the financial institution’s name along with a mention of the amount of money being transferred. Then with the total payment and a notable financial institution name, the threat actors would urge the recipients to confirm if they had recently attempted to make quick payments through the payment App.
If somehow the respondents reply to the fraudulent SMS by denying that the message was sent by them. they would be targeted at a future date. The potential victims will get subsequent SMS messages suggesting they must make a payment. The scammers always follow up with victims, usually speaking English and pretending to be bank employees from the wire fraud department.
Now, with the victims being duped by the dark web hackers, they will request that they work with them to retract fraudulent payments. However, the hackers’ ultimate goal is to deceive the victims into “reversing” the false instant payment transaction. Thus, victims are then led to delete their email addresses from the payment platform, but unaware that they are actually on a fake website theme controlled by the criminal hackers.
And once the threat actors have obtained the victim’s email account credentials; it is deposited into a bank account managed by the hacking group. After changing the email address, the threat actor instructs the victim to initiate a new payment transaction to the hackers’ account, thus reversing the initial phony transaction activity.
FBI Fake App Payments Warning
According to the FBI, victims of the Apps payment scam are making immediate money transfers via their financial institution, however, it is to the hackers’ controlled savings account, with the belief that the transaction is being sent to their accounts. The reviewed conversations between the hackers and their victims demonstrate the criminal hackers’ persistence in their social engineering phishing scam.
The FBI has released a list of measures for mainly US consumers, who use digital payment applications. Internet shoppers must at all times avoid being a victim of one of these fraudulent phishing scams. They must try to prevent being duped into sending money to fake accounts set up and managed by deep web hackers.
According to the FBI, do not respond instantly to a phone or text indicating probable fraud or unlawful transfers. If you get an unexpected inquiry to authenticate account information, notify your financial institutions. Report all offenses using the phone number and email contacts listed on actual bank web pages or documents. Also, stay clear of the contact information of financial institutions offered in text messages and emails.
Multi Factor Authentication (MFA) should be enabled for all bank accounts, and MFA codes or passwords should never be given out over the phone. To assist in avoiding fraud, consumers must be aware that banking institutions will not force their clients to move funds between accounts.
As confirmation of their legitimacy, hackers will also provide previous addresses. Callers who disclose private data, which includes social security cards and credit card details, should be avoided at all costs. Cyber security analysts have been warning the general public of large-scale data breaches that have proliferated among many companies and consumers in recent years. They have also been cautioned about providing cyber criminals with vast amounts of personal information, which may be utilized in a plethora of future fraud and identity theft scams.