Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

FBI Warns of ‘Reverse’ Instant Payments Phishing Schemes

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

As part of these attacks, the cybercriminals target users of digital payment applications with fake text messages pretending to be from legitimate financial institutions, asking customers to verify they has initiated instant money transfers.

“Cybercriminals are targeting victims with a sophisticated phishing and social engineering scam which results in victims unwittingly sending funds to the actors using digital payment apps. The actors take advantage of payment apps connected to bank accounts,” according to the FBI advisory.

If the recipient responds to the automated text message, the criminals – “who typically speak English without a discernable accent,” according to the FBI – call the victim from a number that appears to match the legitimate 1-800 support number for the financial institution.

[ READ: FBI Warns of BEC Scams Abusing Virtual Meeting Platforms ]

Claiming to represent the organization’s fraud department, the cybercriminals seek to establish credibility, after which they walk the victim through a process supposedly meant to “reverse” the fake instant payment transaction, the FBI warned

The threat actors engaging in these attacks appear to have extensive knowledge of the victim’s background information, including past addresses, Social Security numbers, the financial institution they are clients to, and the last four digits of their bank account numbers.

Using this information, customers are tricked into believing they are being walked through a legitimate process for retrieving stolen funds. The victim is asked to remove their email address from their digital payment app and to share it with the cybercriminals, who add it to a bank account controlled by the threat actor.

Advertisement. Scroll to continue reading.

[READ: FBI Warns of Phishing Attacks Targeting US Election Officials ]

“After the email address has been changed, the actor tells the victim to start another instant payment transaction to themselves that will cancel or reverse the original fraudulent payment attempt. Believing they are sending the transaction to themselves, the victims are in fact sending instant payment transactions from their bank account to the actor-controlled bank account,” the Bureau explained.

The FBI is warning individuals of all types to be wary of unsolicited requests to verify account information, to contact their financial institution when such a request has arrived, to use multi-factor authentication (MFA) for all accounts, and to be skeptical of callers providing personally identifiable information as means of proving their legitimacy.

Related: FBI Warns of Phishing Attacks Targeting US Election Officials

Related: FBI Received 1,600 SIM Swapping Complaints in 2021

Related: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.