According to recent Federal Trade Commission reporting, Americans lost nearly $667 million to imposter scams and $1.9 billion overall to fraud in 2019 (a 28% increase from 2018)—and early reports indicate those numbers will be much higher for 2020. Unfortunately, whether businesses or consumers, no one is fully immune to criminal imposters or other attempted fraud (e.g., email phishing, scams targeting elderly adults). This is primarily because fraudsters are adept at getting people to provide them with sensitive information about their consumer or business accounts.
According to Kathryn Albright, Umpqua Bank’s head of global payments & deposits, “Two of the most important ways to avoid becoming a victim of fraud are knowing the red flags of being targeted and understanding the kinds of information your bank will never call and ask you to provide.”
Around the world, criminals actively target customers at all income levels to access and drain financial accounts. One of the easiest ways for them to get that access from you is by posing as your bank or an employee at your bank and exploiting the trust between both parties.
Specifically, fraudsters are increasingly posing as bankers with a seemingly legitimate, often urgent, reason for reaching out to customers and requesting sensitive information. When successful, these scams often result in identity theft, business disruptions, and monetary losses for victims.
The following are examples of things fraudsters want but a bank will never ask you to provide unexpectedly via email, text message, or phone call:
- Online banking login credentials
- Account numbers
- Payment card details (e.g., full card number, PIN)
- Contact information (e.g., phone numbers, home addresses, email addresses)
- Personally identifiable information (e.g., Social Security number, driver’s license number)
- Secure access codes (one-time passcode)
Fraudsters continue to refine their tactics to increase their success rates and to avoid detection. After all, getting ahold of sensitive information could lead to a virtual gold mine. But in each attempt, they’ll do their best to make you think it’s actually your bank contacting you.
Here’s an example of a common process fraudsters follow when impersonating your bank:
Step 1: The fraudster posing as a bank employee contacts you via email, text message, or phone call, claiming it’s an urgent situation (e.g., your account is unexpectedly locked, there’s an IT issue with your account).
Step 2: The fraudster urgently requests that you reply with sensitive information to verify your account so that the situation can be resolved.
Step 3: The fraudster then uses that information to withdraw funds from your now-compromised account(s). (Never, ever give this type of information to a person claiming to be from your bank who is unexpectedly contacting you.)
“If you receive what you believe is a suspicious email, text message, or phone call from somebody claiming to be with your bank and who requests sensitive information, don’t respond,” said Albright. “Instead, contact your bank directly using known, trusted contact information and alert your banker of the situation.”