Phishing refers to the attempt to steal a person’s personal information, mainly login credentials and card information. Scammers will then use this information to conduct fraudulent transactions. Here’s an example of a phishing attack and how you can prevent your cardholders from becoming victims:
The fraudster gathers information from social media to get to know the victim. They’ll use this to make the scam more believable. Then, the cardholder receives a phone call from the fraudster posing as a financial institution employee. Fraudsters often spoof phone numbers from financial institutions when contacting the victim to make it seem legitimate.
The fraudster informs the cardholder that they have fraud attempts on their card and that they will receive a text with a case number. While on the phone, they will perform a transaction they know will generate a fraud alert. When the cardholder receives the case number, the fraudster asks for it, claiming it’s so the card can be permanently blocked. Instead, they’ll use the case number to call into the SecurLOCK IVR and validate the activity, so they can continue to use the card fraudulently.
The fraudster may also suggest the cardholder transfer money into their checking account from their savings to make it “safer,” thereby giving the fraudster access to more money. The cardholder thinks the fraud was caught and stopped, while the fraudster is busy committing more fraudulent transactions and stealing more money.
As a reminder, SecurLOCK will never ask for the following information:
- Account number/card number
- CVV
- PIN
- Passwords
- Social security number
- Online banking credentials
Also, SecurLOCK will never suggest transferring money from one account to another. If any information concerning suspicious activity is texted to the cardholder, SecurLOCK will not call and ask the cardholder for the information. When cardholders call into SecurLOCK to validate suspicious transactions, SecurLOCK will request the case number to authenticate them. The cardholder should always reply NO if they are unaware of the transactions in question received via a text or email, no matter what direction has been given to them.
If you have any questions, please contact us.