Do Not Click Links in Texts From “your Bank”
If you receive a message from someone claiming to be your bank, please do not follow the link. A new mobile phishing scam is sending text messages to people in the US and Canada claiming to be your bank. When you click on the included link, you will be taken to a website that may look like your bank’s website, but is actually a way to steal your credentials.
In general, you should never click on a link that claims to come from your bank, postal service, or anywhere else where you might store personal or financial information. If you do receive a message that you think may be legitimate, sign in instead by typing in this website in your browser in person, or, in the case of banking, using the bank’s mobile app.
The current phishing campaign was discovered by researchers at mobile security company Lookout, according to ZDNet . Lookout was able to identify at least 4,000 different IP addresses visiting phishing websites, suggesting that at least 4,000 people received these scam messages, followed links, and potentially passed their website credentials in the process.
The links these people clicked on are in the text that says the bank has detected unusual activity on this account and asks them to follow the link to verify the correctness of this activity. Even scammers can consider the text valid and click on it.
In addition to stealing user account information, some versions of the scam also asked additional “secret” questions to presumably verify a user’s identity, often prompting users to verify their account number or enter an expiration date for their card.
Lookout has already contacted the targeted banks and all phishing sites have been blocked. However, this is a good reminder: never follow these links. Whenever you send text messages, emails, or call you, you are much better off just contacting your bank directly than following links or transferring personal information on a call that you did not initiate.