Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Application Security

FBI Warns of ‘Reverse’ Instant Payments Phishing Schemes

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.

As part of these attacks, the cybercriminals target users of digital payment applications with fake text messages pretending to be from legitimate financial institutions, asking customers to verify they has initiated instant money transfers.

“Cybercriminals are targeting victims with a sophisticated phishing and social engineering scam which results in victims unwittingly sending funds to the actors using digital payment apps. The actors take advantage of payment apps connected to bank accounts,” according to the FBI advisory.

If the recipient responds to the automated text message, the criminals – “who typically speak English without a discernable accent,” according to the FBI – call the victim from a number that appears to match the legitimate 1-800 support number for the financial institution.

[ READ: FBI Warns of BEC Scams Abusing Virtual Meeting Platforms ]

Claiming to represent the organization’s fraud department, the cybercriminals seek to establish credibility, after which they walk the victim through a process supposedly meant to “reverse” the fake instant payment transaction, the FBI warned

The threat actors engaging in these attacks appear to have extensive knowledge of the victim’s background information, including past addresses, Social Security numbers, the financial institution they are clients to, and the last four digits of their bank account numbers.

Advertisement. Scroll to continue reading.

Using this information, customers are tricked into believing they are being walked through a legitimate process for retrieving stolen funds. The victim is asked to remove their email address from their digital payment app and to share it with the cybercriminals, who add it to a bank account controlled by the threat actor.

[READ: FBI Warns of Phishing Attacks Targeting US Election Officials ]

“After the email address has been changed, the actor tells the victim to start another instant payment transaction to themselves that will cancel or reverse the original fraudulent payment attempt. Believing they are sending the transaction to themselves, the victims are in fact sending instant payment transactions from their bank account to the actor-controlled bank account,” the Bureau explained.

The FBI is warning individuals of all types to be wary of unsolicited requests to verify account information, to contact their financial institution when such a request has arrived, to use multi-factor authentication (MFA) for all accounts, and to be skeptical of callers providing personally identifiable information as means of proving their legitimacy.

Related: FBI Warns of Phishing Attacks Targeting US Election Officials

Related: FBI Received 1,600 SIM Swapping Complaints in 2021

Related: Scams Involving Cryptocurrency ATMs and QR Codes on the Rise

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...