This case involves a scam that occurred in July 2024. The victim, named John received a fraudulent SMS message on his mobile sent from the same number he usually receives messages from his Bank.
Given that John felt that this was a genuine message from his Bank, he clicked on the link contained in the SMS and disclosed the confidential information, in the process granting third parties access to his account.
Shortly after, John received a message on the same Bank’s SMS channel warning him that a card verification transaction had been initiated with an overseas delivery company, and for him to contact the Bank as the card verification was not authorised. A further attempt to make another payment was done by the fraudsters but the victim managed to contact the Bank’s helpline in time to deactivate his online banking and stop the payment.
During his call with the Bank’s representative, John admitted disclosing his secret codes after he pressed the fraudulent link received in the SMS. He was informed to visit a branch of the bank in order to reactivate his online banking.
After his online banking was restored following in-person visits to the Bank’s branch office, he received a call from somebody pretending to be from the Bank informing him that, for security purposes, his USER ID (which had already been changed when he visited the branch) needed to change. This call was followed up by other calls supposedly to start the process to change the USER ID. The victim admitted that, in hindsight, it was clear that these calls were fraudulent as the scammers were persisting in their attempts, which had failed the previous day.
Believing that he was speaking to the Bank, the victim ultimately proceeded to follow the instructions given by the fraudsters to change his USER ID, where he ended up losing access to his online banking.
Warning signs and red flags:
- An SMS which includes a link which the customer is requested to press.
- A request for disclosure of secret access codes after clicking a link included in an SMS.
- Unsolicited and persistent calls to change your bank’s USER ID.
Disclaimer: This account is based on a real-life case investigated by the authorities. While the events and figures described are factual, names have been changed to protect the privacy of the individuals involved.