The U.S. Internet Crime Complaint Center, also known as IC3, is warning the public about a cybersecurity scam that tricks people into transferring funds in order to “reverse” instant payments, according to an FBI press release.
Cybercriminals are targeting victims by sending text messages with what appear to be bank fraud alerts asking if the customer initiated an instant money transfer using digital payment apps.
“Once the victim responds to the alert, the cybercriminal then calls from a number which appears to match the financial institution’s legitimate 1-800 support number. Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors,” according to the release.
See also: 5 Takeaways on Pandemic Fraud From the FBI 2021 Internet Crimes Report
The sophisticated phishing and social engineering scam result in victims unwittingly using payment apps connected to their bank accounts to send funds to fraudsters. The apps facilitate the quick transfer of funds between registered users. Just the recipient’s email or mobile number can initiate an instant payment transaction.
In addition to knowing the victim’s bank and related data, the criminals often had access to further information such as past addresses, the person’s Social Security number and the last four digits of their bank accounts. This information was used to convince customers that the steps being requested of them were the financial institution’s legitimate process for retrieving stolen funds, according to the IC3 release.
Read more: SIM Swap Fraud Spotlights Biometrics, Behavioral Analytics as Defense
The scam often leads people to believe they are sending the transaction to themselves, when in fact the victims are sending instant payment transactions from their bank account to another account that is controlled by the thief. Often, the fraudsters engaged with people for several days, with victims only realizing they were scammed after having checked their bank records.
IC3 warns that the proliferation of major data breaches over the past 10 years has given cybercriminals a wealth of personal data that can be used repeatedly in a variety of scams and frauds.