This case involves a scam that occurred in 2023. The victim, Josephine received a fraudulent SMS message on her mobile, sent from the same SMS number that she normally receives messages from her bank. The fraudulent message stated: ‘we are about to impose a hold on your account and remove your device, to avoid this pass security here at https://….’.
As Josephine, who was on holiday overseas, believed it was a genuine message from her Bank, she clicked the link in the SMS. The link took her to a website with a mirrored near-identical format to her bank’s real online domain, where she was prompted to input her login credentials and confirm some personal information. The victim believed this was a routine security check relating to another service about which she was at the time in communication with her bank.
Using the credentials (name, mobile number, account number, ID number, and username) obtained fraudulently, along with a one-time password used for a new device registration, the fraudsters made a series of material payments to third parties from the victim’s account without her further involvement. The victim lost close to €20,000.
Warning signs and red flags:
- An SMS which includes a link which the customer is requested to press.
- A request for disclosure of credentials and secret access codes after clicking a link included in an SMS.
Disclaimer: This account is based on a real-life case investigated by the authorities. While the events and figures described are factual, names have been changed to protect the privacy of the individuals involved.