Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

FBI Warns of ‘Reverse’ Instant Payments Phishing Schemes

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

As part of these attacks, the cybercriminals target users of digital payment applications with fake text messages pretending to be from legitimate financial institutions, asking customers to verify they has initiated instant money transfers.

“Cybercriminals are targeting victims with a sophisticated phishing and social engineering scam which results in victims unwittingly sending funds to the actors using digital payment apps. The actors take advantage of payment apps connected to bank accounts,” according to the FBI advisory.

If the recipient responds to the automated text message, the criminals – “who typically speak English without a discernable accent,” according to the FBI – call the victim from a number that appears to match the legitimate 1-800 support number for the financial institution.

[ READ: FBI Warns of BEC Scams Abusing Virtual Meeting Platforms ]

Claiming to represent the organization’s fraud department, the cybercriminals seek to establish credibility, after which they walk the victim through a process supposedly meant to “reverse” the fake instant payment transaction, the FBI warned

The threat actors engaging in these attacks appear to have extensive knowledge of the victim’s background information, including past addresses, Social Security numbers, the financial institution they are clients to, and the last four digits of their bank account numbers.

Using this information, customers are tricked into believing they are being walked through a legitimate process for retrieving stolen funds. The victim is asked to remove their email address from their digital payment app and to share it with the cybercriminals, who add it to a bank account controlled by the threat actor.

[READ: FBI Warns of Phishing Attacks Targeting US Election Officials ]

“After the email address has been changed, the actor tells the victim to start another instant payment transaction to themselves that will cancel or reverse the original fraudulent payment attempt. Believing they are sending the transaction to themselves, the victims are in fact sending instant payment transactions from their bank account to the actor-controlled bank account,” the Bureau explained.

The FBI is warning individuals of all types to be wary of unsolicited requests to verify account information, to contact their financial institution when such a request has arrived, to use multi-factor authentication (MFA) for all accounts, and to be skeptical of callers providing personally identifiable information as means of proving their legitimacy.

Related: FBI Warns of Phishing Attacks Targeting US Election Officials

Related: FBI Received 1,600 SIM Swapping Complaints in 2021

Related: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.